• Are You Putting the “P” in DLP? 2019-08-29

    Guest blogger: Derek Brink, Aberdeen Group Data loss prevention (DLP) solutions are designed...well, to prevent the loss of enterprise data. Said a bit more formally: by “loss,” we mean the confirmed disclosure of an organization’s data assets to an unauthorized party—i.e., a data breach. Said still another way, DLP solutions are designed to reduce the risk of a data breach. This begs an obvious question, which unfortunately doesn’t often get a crisp response: just what is the risk of a data breach? To answer this question in a way that’s useful to an organization’s senior leadership team, security professionals and solution providers have to consider both the likelihood that a data breach may happen in a specified period of time, as well as the resulting business impact if it actually does occur. That’s just the proper definition of risk.

    Read more: Are You Putting the “P” in DLP?

  • Encryption, Tokenization, Masking, and Redaction: Choosing the Right Approach 2019-04-18

    What's the best way to protect sensitive data? The answer, of course, is "it depends." Organizations have too many different types of sensitive information, and too many ways to store and share it, to allow for a one-size-fits-all approach. Each of the common methods of protecting data—encryption, tokenization, masking, and redaction—might be the right solution for a given use case.

    Read more: Encryption, Tokenization,...

  • Evanta: What We’ve Heard, and What We’re Looking Forward To 2019-09-10

    Throughout 2019, PKWARE has sponsored and moderated boardroom discussions at Evanta CISO Executive Summits in North America and Europe. These engaging, productive conversations have focused on key data security issues including compliance, data governance, data ownership, data retention, risk management, discovery classification, and information lifecycle management.

    Read more: Evanta: What We’ve Heard, and...

  • For Data Protection, Easy Does It 2019-08-15

    Guest blogger: Derek Brink, Aberdeen Group In the realm of information security, the traditional trade-offs security professionals seek to balance, such as effectiveness of security, total cost of ownership, and convenience for users have been the relentless targets for continuous improvement by innovative solution providers. Anyone who has been working in this field for a length of time would have to admit that today’s security solutions are more capable, cost-effective, and much easier to use than the security solutions of 20, 10, or even five years ago. But there were over 3,200 publicly disclosed data breaches from 2017-2018, which averages to between four and five data breaches daily. Although the median number of records disclosed to unauthorized parties was relatively small (about 1,300 records per breach), there were 114 data breaches of 1M records or greater during this two-year period – or, about one mega-breach weekly. How can these two observations be...

    Read more: For Data Protection, Easy Does It

  • Infographic: Fixing DLP Workflows 2019-09-19

    Data loss prevention (DLP) and encryption are two of the most important data security technologies in use today, but they don't always play well together. Encryption often prevents DLP from inspecting data as it leaves the organization, while DLP often lacks the ability to encrypt unprotected data according to organizational policy. That's why global banks, retailers, and other organizations rely on PKWARE DLP Enhancement.

    Read more: Infographic: Fixing DLP Workflows

  • Managing the Convergence of Global Data Regulations 2019-11-20

    With so many new regulations and policies to manage, how are organizations creating a unified data protection and compliance strategy that meets conflicting requirements? This was the topic of discussion in an executive boardroom session moderated by PKWARE CEO Miller Newton at last week’s Evanta CISO Executive Summit in Milwaukee.

    Read more: Managing the Convergence of...

  • Meeting TISAX Standards with PKWARE, Part 1 2019-12-03

    If you’re an automotive supplier or service provider, TISAX compliance has become a prerequisite for doing business with any major German automobile company. However, like many other data security mandates, TISAX is only a few years old, and many organizations are still searching for the right approach to it. In our TISAX blog series, we’ll explore the specific requirements that auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements. But first, we’ll take on a more general question: What is TISAX and why does it matter?

    Read more: Meeting TISAX Standards with...

  • Meeting TISAX Standards with PKWARE, Part 2: Classification 2019-12-03

    Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements. Today's topic: data classification, and why automation makes all the difference.

    Read more: Meeting TISAX Standards with...

  • Meeting TISAX Standards with PKWARE, Part 3: Mobile Storage 2019-12-03

    Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements. Today's topic: sensitive data saved on mobile storage devices.

    Read more: Meeting TISAX Standards with...

  • Meeting TISAX Standards with PKWARE, Part 4: Access to Data 2019-12-03

    Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements. Today's topic: controlling access to sensitive information.

    Read more: Meeting TISAX Standards with...

  • Meeting TISAX Standards with PKWARE, Part 5: Cryptography 2019-12-11

    Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements. Today's topic: encryption, and how to implement it.

    Read more: Meeting TISAX Standards with...

  • Meeting TISAX Standards with PKWARE, Part 6: Event Logging 2019-12-11

    Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements. Today's topic: event logging.

    Read more: Meeting TISAX Standards with...

  • New Mortgage Data Breach Illustrates Familiar Risks 2019-02-12

    Not that anyone needed another reminder, but a financial services vendor has provided an illustration of the fact that sensitive data should never be left unencrypted. As first reported by TechCrunch and security researcher Bob Diachenko, millions of records containing Social Security numbers, tax information, credit scores, and other mortgage data were discovered, unencrypted, on a publicly-available server in early January. The company directly responsible for the breach has already taken its website offline and stopped responding to questions, but the repercussions may only be beginning.

    Read more: New Mortgage Data Breach...

  • PKWARE at PCI: A Recap of the 2019 North America Meeting 2019-09-30

    Having recently joined the PCI Security Standards Council, PKWARE was proud to participate as a Technology Sponsor at the Council’s 2019 North America Community Meeting in Vancouver. The event was well attended, with more than 1,000 individuals from all over the North America coming together to discuss the future of payment card data and security.

    Read more: PKWARE at PCI: A Recap of the...

  • PKWARE at PCI: What We Heard in Dublin 2019-10-31

    As a new member of the PCI Security Standards Council, PKWARE has taken the opportunity to sponsor and participate in the Council’s Community Meetings in North America and Europe this fall. Most recently, we joined more than 600 participants at the 2019 Europe Community Meeting in Dublin. As with previous events, the European meeting delivered plenty of fresh cybersecurity and payment security insights from industry experts.

    Read more: PKWARE at PCI: What We Heard in...

  • The California Consumer Privacy Act - What You Need to Know 2019-12-04

    Updated November 2019 In one of the most significant cybersecurity developments of recent years, the California Consumer Privacy Act (CCPA) is bringing the key concepts of Europe’s GDPR onto American shores.

    Read more: The California Consumer Privacy...

  • The State of Security, as Seen at RSA 2019-03-14

    Every year, we look forward to the RSA Conference, the cybersecurity industry’s biggest event. No other conference lets us meet as many security professionals, or get as many different viewpoints on what’s happening in security and where the industry is heading. Here’s a summary of the top storylines we heard as we talked with customers, industry analysts, and other folks in the security world this year.

    Read more: The State of Security, as Seen at...

  • Unstructured Data and PCI Compliance 2019-06-11

    In the 15 years since its introduction, the Payment Card Industry Data Security Standard (PCI DSS) has redefined data protection for banks, merchants, and every other organization that handles credit card data. Companies around the world design their networks, build their applications, and assign user permissions with PCI requirements in mind. One data security risk, however, often goes unaddressed, even by organizations that take an aggressive approach to PCI compliance: credit card numbers in unstructured data.

    Read more: Unstructured Data and PCI...

  • Wait, Why Are We Still Talking About PCI? 2019-07-17

    Guest blogger: Derek Brink, Aberdeen Group It’s hard to believe, but security professionals and solution providers have been talking about the need to protect cardholder data (i.e., payment card account numbers, cardholder names, expiration dates, and security-related information used to authenticate cardholders or authorize transactions)—wherever that data is stored, processed, and transmitted—since the 1990s. Starting with the independently developed data protection initiatives of the major card brands (i.e., Visa, Mastercard, American Express, Discover, JCB), the industry standards and best practices for this nearly universal issue have continued to mature and evolve. From the version 1.0 release of the Payment Card Industry Data Security Standard (PCI DSS) in December 2004, to the now-current version 3.2.1 release in May 2018, one would think that everyone would have this problem fully solved by now, right?

    Read more: Wait, Why Are We Still Talking...

  • What's the Real Cost of a Data Breach? 2019-09-05

    Updated September 2019 Data breaches are simply a fact of life. Businesses in every industry, in every country, are attacked by data thieves and malicious insiders on a daily basis. As pervasive as they are today, cyber threats will only grow more severe as time goes on—each newly-developed way to communicate or do business online creates new forms of sensitive data that hackers, industrial spies, and state-sponsored operatives are ready to exploit.

    Read more: What's the Real Cost of a Data...

  • Where Are the Keys? Managing Encryption In the Cloud 2019-12-20

    Data security has become synonymous with cloud security. Now that more than 90% of companies have adopted cloud services, and (according to some projections) more than half of all IT workloads are being handled in the cloud, protecting data requires a "cloud first" mentality. The need to exploit cloud capabilities while keeping data safe has security professionals, industry analysts, and even cloud providers trying to answer the same question: How should data be encrypted in the cloud, and who should hold the keys?

    Read more: Where Are the Keys? Managing...