Twitter Security Pro: Encryption Isn't Enough - InformationWeek
Twitter Security Pro: Encryption Isn't Enough
Newest First  |  Oldest First  |  Threaded View
Ulf Mattsson
Ulf Mattsson,
User Rank: Strategist
7/24/2015 | 8:07:20 AM
Common issues across recent data breaches
I agree that "Encryption Isn't Enough." We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric. The large credit card breaches at Target, Home Depot, etc. - would not have amounted to anything if the data had been tokenized or encrypted. I think that we urgently need data neutralized to reduce its value to hackers.

Aberdeen Group reported in a very interesting study with the title "Tokenization Gets Traction" that tokenization users had 50% fewer security-related incidents than non-users and 47% of respondents are using tokenization for something other than cardholder data. Aberdeen also has seen a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data.

Tokenization and improved authentication can be the game changers we urgently need in fighting data breaches. The payment industry is now adopting tokenization as a way to limit fraud.

Ulf Mattsson, CTO Protegrity
User Rank: Ninja
7/23/2015 | 2:34:44 PM
2 Great points here
Talking to many security folks at companies across North America this is exactly the same type of thing I am hearing.  Firstly, you nailed it with "The challenge is what do you say to the industry at large, to the companies in the Midwest that have one security person. ... They can't hire all these people and build custom solutions."

As much as we would love to simply say "get more layers of security in your environment", it's simply not a realistic message, since they often just don't have the resources to manage it.  We need to simplify.

Focusing on Web Applications, or applications in general, is a key security tactic that I think is often glanced over in favor of more traditional "We'll put in endpoint, and that should protect us".  Even as noted, encryption helps, but it's by no means a be-all-end-all form of security to protect data any longer.  We need to better understand application access and how data can be extracted through that application.  Putting a Web Application Firewall can absolutely help, but we also need to go back and look at internal applications and those external connects and better figure out how to make it easier to secure them, especially for smaller organizations who might be limited in security expertise.

How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll