SafeNet

Featured Post

 

We’re Moving!Featured

Andrew GertzMay 9, 2016, 11:19 am UTC

SafeNet is Now GemaltoGemalto is happy to announce that The Art of Data Protection blog is moving.

Beginning on May 16th, 2016, our content covering data security news, trends, best practices, tips, and more will be available in the Enterprise Security section of the Gemalto Digital Security blog.

Moving forward, you’ll find new security posts as well the best content from our archives at blog.gemalto.com/security/.

Here are some of the things I love about the Gemalto Digital Security blog, and I think you will, too:

  • User experience: All posts are optimized for a great reading experience no matter what device you’re using
  • Comprehensive content: Not only does the Gemalto blog have a section dedicated to enterprise security, but you’ll also find entire sections dedicated to the IoT, financial services, government, and mobile
  • Frequency: Because of the extensive roster of industry experts contributing to the Gemalto blog, timely content, in-depth industry analysis, and posts offering helpful advice are published almost daily

Avoid missing out on our must-read security posts by bookmarking blog.gemalto.com/security/ and subscribing to the Gemalto blog on Feedly or your favorite news reader.

We’ll also continue to share our posts as well as industry news, breach trends, enterprise security updates and more on Twitter via @GemaltoSecurity.

On behalf of all of our bloggers, thank you for following The Art of Data Protection. I hope you’ll enjoy reading all the content we have to offer on the Gemalto Digital Security blog.

Enterprise Mobile Security - a Proactive Approach to Protecting Dataaodp-export-05-16, Authentication, multi-factor authentication, SafeNet Data Protection

Jennifer DeanApril 18, 2016, 09:24 am UTC

For many people, the line between work and Data protectionpersonal life is blurred. When it comes to mobile devices, 80 percent of the workforce admits to using their devices for both business and private use which means personal data and company data will naturally converge onto a single device.  What’s becoming increasingly important, is how to protect the data stored on and being accessed from these devices to ensure mobile workforce security.

So how much are those corporate emails or family photos worth to the average person? A recent study, How Much Is the Data on Your Mobile Device Worth?, conducted by the Ponemon Institute, took a look at the value of our mobile devices and the risks involved with bringing personal devices onto the corporate network.  The study asked participants to estimate the value of their devices, including replacement costs and/or value of the data.  The average value assessed by participants was $14,000, with photos being the highest valued asset at $3,074. Next on the list was contact lists (personal and business) at $2,654 and personal apps at $2,096.

But how safe is this data we deem so valuable?  The research found an increasing amount of sensitive and confidential information stored on mobile devices, yet both personal and enterprise security practices are not providing adequate protection.  Fifty-five percent of respondents said they are concerned about the work-related data they access and store on their mobile devices, yet 50 percent do nothing to secure it.  Plus, a shocking 68 percent of respondents admitted to sharing passwords across personal and work accounts.

The discrepancy between corporate IT and the employees’ idea of the level of access using personal devices was also concerning. While the IT department believed only 19 percent of employees have access to customer records, 43 percent of polled employees said they have access.

The bottom line is that corporate IT should take a long hard look at mobile security before it’s too late.  A proactive approach is always preferred, and adding a 2nd layer of authentication will help ensure users are fully identified and authenticated before they are granted access to your most valuable assets.

The most common two-factor authentication solutions used today are one-time passwords (OTP) and PKI authentication.  With OTP authentication, the user is only granted access if a passcode is simultaneously generated in two places: on the authentication server and one the hardware or software token (OTP app) in the user’s possession.  Digital identity certificates – or PKI – further raise the mobile security bar and enables other applications such as digital signature and file encryption.

But because most mobile devices don’t have USB slots or embedded smart card readers, it can be challenging to use smart cards on the go.  Bluetooth – a connectivity channel implemented across different endpoints can tackle this problem, making authentication compatible with any mobile device.  For example, Gemalto MobilePKI solutions enables providers to choose either a Bluetooth-enabled badge holder or USB token. See how it works in the video Enterprise Mobile Security.

Whatever solution best fits your organization’s needs, two-factor authentication is imperative to secure any enterprise that supports an on-the-go mobile workforce.

The Ultimate Cheat Sheet on Strong Authentication – Part 2aodp-export-05-16, Authentication, multi-factor authentication, SafeNet Data Protection

Mor AhuviaApril 14, 2016, 10:00 am UTC

As promised, here are a few more quickstrong-authentication facts on the subject of strong authentication for those new to the topic, or those looking to introduce the topic to the uninitiated. How are one-time passwords generated? What is the difference between an Assurance Level and a FIPS Security Level? And what is OATH authentication?

 How is a one-time password generated?

In OTP authentication, one-time passwords, or OTPs, are generated using four main inputs:

  • A secret token seed, consisting of a randomly-generated string usually 256 bits or 512 bits long
  • A time-synched or event-based parameter, such as a timestamp for time-based OTPs, or a counter for event-based OTPs
  • Other variables, which add entropy
  • A hashing algorithm, which combines the above inputs to produce a single OTP value

OTP = [HASHING ALGORITHM] [TOKEN SEED] [TIME OR EVENT-BASED VALUE] [OTHER VARIABLES]

What is a Level of Assurance?

In terms of authentication, a level of assurance denotes the level of certainty that a user is who they claim to be. Different authentication methods provide different levels of assurance, for example, a static password provides a low level of assurance, whereas two-factor or multi-factor authentication provide a higher level of assurance.

When determining the level of assurance required to secure access to a specific resource, IT and security professionals take into consideration the risk and value of the ‘information asset’ in question—for example, the enterprise VPN vs. an attendance web application. As well, higher privilege accounts, such as those belonging to network administrators or C-level personnel, generally require a higher level of assurance than a standard account (since unauthorized access to these accounts could result in much greater losses or damage).

What is a NIST Assurance Level?

In its Electronic Authentication Guideline, the US National Institute of Standards and Technology, aka NIST, has laid out a system that anyone can use to calibrate the level of assurance provided by a specific authentication method or a combination of methods, represented in ascending order of security from Assurance Level 1 to Assurance Level 4. (For details, see pages 51 thru 55 of.) Here are some examples:

  • Assurance Level 1 – A password or PIN
  • Assurance Level 2 – An OTP, generated by a soft token
  • Assurance Level 3 – A PIN-protected OTP, generated by a soft token
  • Assurance Level 4 – A PIN-protected OTP, generated by a hardware token

Note that Assurance levels 2 and higher require that the cryptographic module be FIPS validated. More on this below.

What is a FIPS Security Level?

Not to be confused with NIST Assurance Levels, the FIPS 140-2 is a series of US Federal Information Processing Standards (FIPS) that rate the security of a cryptographic module, in ascending order of security from Security Level 1 to Security Level 4:

  • FIPS 140-2 Security Level 1 – Applies to the cryptographic module, or software component, of a cryptographic system. An OTP app, for example, can be FIPS 140-2 Level 1 validated when it incorporates FIPS-validated crypto libraries.
  • FIPS 140-2 Security Level 2 – Applies to the physical casing of a cryptographic module (e.g. a token) and requires that it be tamper evident, meaning that visible signs of manipulation appear in the event of physical access in order protect the plaintext encryption keys from manipulation or duplication.
  • FIPS 140-2 Security Level 3 – Stipulates the zeroing (‘self-destruction’) of encryption keys in the event of tampering or physical access to a token.
  • FIPS 140-2 Security Level 4 – Requires complete protection of the encryption keys from extreme physical or environment conditions (e.g. Space, lab settings, etc.), so that even manipulation of such conditions do not reveal the encryption keys.

In the EU and APAC regions, the Evaluation Assurance Levels (EAL) of the Common Criteria  (CC) standard are more widely referenced, comparable to the FIPS 140-2 standard used in the US and Canada.

Cloud use case - Identity Federation
What is Identity Federation?

Identity federation means using an identity from one security domain to access another security domain. An example would be using the identity Jill@abc.org to not only access the abc.org network, but to access 3rd party applications, as well, such as Office 365, Salesforce.com or AWS. When Jill’s enterprise identity is extended to the cloud, or ‘federated,’ she can access all her cloud-applications with her familiar enterprise identity.

Identity federation can help eliminate the help desk overhead and password fatigue that results from having 10 or 20 disparate username-and-password sets for different cloud applications.

Federation is achieved using different protocols, for example Kerberos for on-premises applications, and SAML for cloud-based applications. (For more on SAML-based federation, watch this webinar on Securing access with SafeNet Authentication Service.)

What is OATH Authentication?

OATH Authentication is an open standard for implementing strong authentication. Produced by an industry-wide collaboration of security vendors, the OATH architecture can be used by IT and security professionals as a template for integrating strong authentication into their organization’s current infrastructure.  OATH’s open standards create more freedom for enterprises by preventing ‘vendor lock-in’ and thereby offering a broader choice of vendors, and enables using an OATH-based token across different vendors’ platforms. Token seeds can be exported from one OATH platform, and imported into another OATH platform.

Proprietary vs. Open Authentication Standards

Authentication technology, like other technologies, may be either open source or proprietary. SAML 2.0, OATH, and OpenID Connect are all open standards that are available to the public and developers free of charge. WS Federation Services, conversely, is a proprietary identity federation protocol created by Microsoft, who also supports SAML.  Similarly encryption algorithms used in 2FA may be either be proprietary or open source, with examples of the latter being TOTP and HOTP (both OATH 2FA protocols). Proprietary methods are often more lucrative for vendors, whereas open standards that have undergone peer reviews and public scrutiny tend to enjoy greater industry-wide support.

Discover more about strong authentication in part 1 of the series and read A Security Survey of Strong Authentication Technologies – Whitepaper.

 

Utilities Under Siege: Debunking Smart Grid Cyber Security Mythsaodp-export-05-16, Crypto, SafeNet Data Protection, Smart Grid Security

Stephen HelmApril 7, 2016, 12:33 pm UTC

This is the first in a series of blogs on the topic of smart grid cyber security issues and how to overcome them. Stay tuned for future posts on security objectives, strategies, and tools for building a more secure grid.

Smart Grid Cyber Security IconCyber threats to our critical infrastructure are nothing new. Since the early 1980’s hackers, vandals and government agencies have exploited the sensitive systems at the heart of oil pipelines, power plants, dams, etc., and done so with varying degrees of success.

Although these attacks were rare, they were highly targeted and exposed serious flaws in the security of the Industrial Control Systems (ICS) on which the utilities rely.

Revealed in 2010, Stuxnet was one of the most devastating cyber-attacks in history, and is considered a game changer in how the world viewed the security of industrial systems.

A highly sophisticated, state-sponsored cyber weapon designed to attack industrial control systems, Stuxnet made headlines as it wreaked havoc on the Iranian nuclear program, leading to serious accidents and even loss of life at an Iranian nuclear power plant.

In the years following Stuxnet, utilities have come under attack more frequently, with some public power providers indicating that they were under a “constant state of ‘attack’ from malware and entities seeking to gain access to internal systems,” as documented in the Electric Grid Vulnerability report created by U.S. Congressmen Edward J. Markey and Henry A. Waxman.

In one extreme example a “utility reported that it was the target of approximately 10,000 attempted cyberattacks each month.”

On December 23, 2015, the Ukrainian Kyivoblenergo, an electricity distribution company in Ukraine experienced a power outage as the result of a sophisticated cyber-attack. The attack was notable, because it was the first attack against a public utility that was designed to disrupt the distribution of electricity.

The attack highlighted the flaw in five commonly held smart grid cyber security myths, namely:

Industrial Control Systems are isolated. The electricity industry is comprised of a highly complex ecosystem of players, from generation, transmission, distribution operations, and markets. All of these different links in the chain must be connected to some degree. Further, modern industrial control systems rely on more connectivity than ever before. “Isolation” is often achieved with a series of firewalls designed to prevent outside intrusion into sensitive systems. These systems can be bypassed, as was the case of the 2003 Davis-Besse4 power plant attack in which an attacker penetrated the network of an unnamed Davis-Besse contractor, and navigating its way to the Davis-Besse network to introduce malware that would have otherwise been caught by their firewall.

Isolation in a utility environment involves more than just connectivity to the larger internet. Removable media, USB tokens, and even laptops are relied on for maintenance at different points of the infrastructure. All of these tools could be used to introduce malware and other security vulnerabilities.

Nobody will want to attack us. To be sure, the majority of hackers choose targets that present some opportunity for monetary gain, and very few of these adversaries would wish to cause physical harm to people or property.  However, we live in a time where vandals, disgruntled employees, terrorist organizations, and even nation states have interest in attacking our critical infrastructure. These attacks occur all too frequently, and threaten to increase as our adversaries become more skilled and our systems more open.

Utilities only use obscure protocols/systems. In the past this may have been true, but today utilities rely on a multitude of commercial technologies. From communication protocols, operating systems like Microsoft and Linux, to common databases, utilities have turned to common software and hardware tools to save money and create efficiencies.  Unfortunately these systems are often well understood by hackers, and provide an easier target of entry than a truly proprietary system.

Social engineering is not an issue. People are more aware of social engineering than in the past, and utilities certainly train their personnel to spot such threats, but the threat is still significant. All it takes is one employee to click on the wrong link, or open an attachment in an absence of judgement to introduce malware. Such was the case in the Ukrainian Kyivoblenergo attack.

It’s Encrypted: It’s protected. Encryption and cryptography are essential tools of protection for utilities, and used for data security, integrity, and non-repudiation. Cryptography essentially removes risk from the data and systems and places it on the sensitive cryptographic keys used to sign, encrypt, decrypt, etc. This means the security of cryptographic keys is of utmost importance. Failure to secure these keys means they could be used against the utility, either to decrypt sensitive data, or to sign malware to make it look as if it should be trusted.

In the next blog, we will talk about how utilities can establish security objectives around availability, integrity, confidentiality, and accountability to build trust into their smart grid deployments.

Want to learn more? Check out our on demand webinar, Building the Trusted Smart Grid: Threats, Challenges, and Compliance!

High Speed Encryption: Approved for NATO Restricted Classificationaodp-export-05-16, Encryption, SafeNet Data Protection

Chris OwenMarch 23, 2016, 10:30 am UTC

NATO LogoSenetas and Gemalto announced NATO approval for the latest SafeNet High Speed Encryptors for NATO Restricted use by all 28 NATO member states, further extending our high-assurance capabilities to provide maximum data protection for security-conscious organizations.The NATO approval – and subsequent inclusion of the company’s products in the NATO Information Assurance Product Catalogue  – allows the encryptors to be supplied to agencies of up to all 28 NATO member states for government and defence use.

Access the NIAPC site to see a list of approved encryptors, listed under Senetas. Senetas and Gemalto partner to deliver the world’s best High Speed Encryption appliances. Gemalto and Senetas have an extended global distribution agreement in which Gemalto distributes Senetas’ high speed network encryption solutions across the globe.

NATO Approval? Why?

Simply put, the NATO approval further extends Gemalto’s SafeNet High Speed Encryptors’ high-assurance capabilities to provide maximum data protection for security-conscious organizations.  In addition to the NATO approval, SafeNet High Speed Encrytors also hold certifications by leading organizations such as FIPS (USA), Common Criteria (International) and CAPS (UK).

Security hardware certification by the various international independent and government certification organisations is a strict requirement of many government agencies and defence organisations for the protection of sensitive data around the world.

These security product certifications involve intensive and rigorous testing procedures, which often take years to be completed. It is not a ‘one-time’ process; rather, an on-going process where any minute change to the product requires a process of ‘recertification’.

In simple terms, the approval states that the products are ‘…certified as suitable for government and defence use…” The specific certification classification determines the level of data sensitivity for which the product is suitable – e.g. ‘up to secret’ classification.

Why encrypt data in motion?

We all know that sensitive data needs to be protected, especially in the public sector where citizen information is extremely sensitive.  But what happens to data in motion when it’s transmitted to other locations? Once it’s in motion, you’re no longer in control of it, and, if unencrypted, it can be ‘tapped’ with relative ease by cyber-criminals, or misdirected unintentionally either by human or machine error.

Why SafeNet High Speed Encryption?

Gemalto provides the world’s leading certified Layer 2 high speed encryptors that are fully assured by UK public sector and CAPS certified. These encryptors ensure the most secure data-in-motion protection, maximum performance, near-zero overhead with “set and forget” management, and lowest total cost of ownership.

Strongest Protection

SafeNet High Speed Encryptors mitigate the risk of communication interception (Sniffing), traffic analysis and fibre tapping.  Among the solutions Gemalto offers are triple-certified CAPS, FIPS 140-2 Level 3, Common Criteria certified appliances that are listed in the NATO Information Assurance Product Catalogue for the protection of restricted information.

Maximum Performance & Efficiency

SafeNet High Speed Encryptors enable public sector to make the most out of their expensive 10 Gbps pipes by encrypting sensitive data (often compliance bound).  Encrypt 10 Gbps pipes at line speed with almost zero latency and zero impact on network bandwidth or other network assets.

Lowest Total Cost of Ownership

SafeNet High Speed Encryptors provide best-in-class enterprise high speed encryption that can reduce network costs by as much as 50 percent, compared to solutions such as IPSEC that encrypt at Layer 3 for example.

To secure your data in motion, you need to encrypt it. By encrypting the data, you can be assured that however accessed by an unauthorized party, it is protected. The simplest and best approach is to provide protection that stays with the data, wherever it is being sent. High speed encryption does exactly that.

For more information on high speed encryption download our high speed encryption overview.

A Channel Revolution: An Interview with 5-Time Channel Chief Laurie UsewiczChannel, Cloud, Data Breach

Jennifer LewisFebruary 26, 2014, 09:39 am UTC

Laurie Usewicz, VP Channel SalesWith a little over a year under her belt at SafeNet, VP of Channel Sales Laurie Usewicz has been hard at work revolutionizing the SafeNet Channel Partner Program.  She’s also recently gained recognition for the 5th consecutive year as a CRN Channel Chief.  As a follow up to an interview with Laurie in early 2013 not long after joining the SafeNet team, I was interested to hear Laurie’s insight into why the channel market is exploding, how SafeNet is growing to meet these challenges, and what’s next for SafeNet’s channel program in 2014 and beyond.

Channel leverage & utilization has continued to be a hot sales growth strategy for so many global companies.  What trends are you seeing today that are changing the game and taking this tactic into a new direction?

Data breaches are so prevalent in today’s market, and SafeNet is uniquely positioned with a market demand that commands leveraging the channel to seize the market opportunity.  The channel brings a unique and valuable perspective to the data protection opportunity since many are also delivering the infrastructure where data resides such as storage and virtualized environments.  The channel is an integral piece of SafeNet’s success!

 

It didn’t take long for you to start showing a positive impact on SafeNet Channel performance, but as the channel landscape continues to grow, how is SafeNet adapting?

SafeNet’s complete portfolio is attracting the next generation of solution providers.  The reality of the market today from a CIO perspective is that a security breach will occur (it’s no longer “if”.)  SafeNet solutions protect the critical data when the breach occurs, regardless of where the data resides.  In addition, SafeNet has made great progress in delivering our data protection solutions in the cloud which furthers the excitement from the next generation partner community.

 

What are the core areas you’re focusing on for the SafeNet Channel Partner Program in 2014, and where do you see the program heading from there?

In 2013, SafeNet demonstrated its commitment to the channel by tripling the size of the channel team.  2014 is another exciting year for SafeNet as demonstration of our channel commitment is emphasized in the redesign of our channel program.   We are revamping our channel program to ensure it is aligned to our partners needs and affords great profitability for the value they are delivering. Look out for more details on the launch of SafeNet’s Cipher Partner Program!!

Join SafeNet at RSA Conference 2014Events, Secure the Breach

Andrew GertzFebruary 7, 2014, 12:49 pm UTC

Secure the Breach LogoIn 2013, there were over 595 million data records lost or stolen, demonstrating that conventional breach prevention and perimeter-based security are not sufficient for protecting modern data. It’s not a matter of if a data breach will occur, but when.

SafeNet is dedicated to helping companies adopt a Secure the Breach mindset, accepting that a data breach may happen and taking the steps necessary to protect the data itself. Join us at RSA Conference 2014 in Booth #2729 in the North Expo Hall to learn why strong authentication, encryption, and crypto management are the three essentials for addressing today’s data security risks.

Plus, after watching our demos and speaking with SafeNet team members, test your knowledge by playing our data protection trivia game for a chance to win a smart watch or Amazon gift card.

SafeNet Sessions at RSA:

 

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Presented by David Etue, VP, Corporate Development Strategy, SafeNet

Forget the geeky analysis of cloud security; risk is driven by people involved and the approach to adoption. This discussion will tackle the complex issues around data ownership and control. If data is destiny, then too many people are in charge of your fate. It’s time to get it back.
Time & Place: February 26, 1:40 p.m. | Expo Briefing Center

Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome
Presented by David Etue, VP, Corporate Development Strategy, SafeNet and Josh Corman, CTO, Sonatype

Nearly every aspect of our job as defenders has gotten more difficult and more complex—escalating threat, massive IT change, burdensome compliance reporting, all with stagnant security budgets and headcount. Rather than surrender, it’s now time to fight back. This session will provide new approaches to finding financial and operational support for information security across the organization.
Time & Place: February 27, 8:00 a.m. | Room 2020

[Infographic] Unlock the Potential of Data Center ConsolidationCloud, Encryption, Infographics

SafeNet February 10, 2014, 05:56 pm UTC

Many organizations recognize that a data center consolidation via cloud offerings and virtualization could have a variety of benefits, including an improvement to management efficiency and cost savings. However, there are a number of issues that can prevent companies from unlocking the full potential of a consolidation.

In a recent survey of IT and security professionals, SafeNet explored the obstacles and security concerns surrounding data center consolidation and virtualization. Check out the results in our new infographic.

SafeNet Data Center Consolidation Infographic

Stats of Note from This Infographic:

  • Only one-fifth of survey respondents are currently encrypting data in virtualized environments.
  • Three-quarters of respondents store encryption keys in software, essentially leaving the house keys under the mats.
  • 58.2% of participants indicated that globally they have less than five people involved with encryption management.
  • 74% of IT and security professionals are looking for solutions that support compliance and security. Of those, 59% are struggling with auditing their current data center estates.

Share This Infographic on Your Site:

Copy and paste the following code into the HTML editor for your blog post or web page of choice and enjoy!

<a title=”SafeNet Infographic – Data Center Consolidation via Cloud Offerings and Virtualization” href=”http://data-protection.safenet-inc.com/files/2014/01/safenet-data-center-consolidation-infographic-large.jpg”><img alt=”SafeNet Data Center Consolidation Infographic” src=”http://data-protection.safenet-inc.com/files/2014/01/safenet-data-center-consolidation-infographic.jpg” /></a><a href=”http://www.safenet-inc.com/” title=”SafeNet, Inc., a leading global provider of data protection”>From SafeNet, Inc., a Leading Global Data Protection Provider</a>

[Infographic] The Alarming Rate of Data BreachesData Breach, Infographics, SafeNet Data Protection

Andrew GertzFebruary 18, 2014, 06:00 am UTC

While versions of the saying have become cliche, George Santayana’s warning  ”Those who cannot remember the past are condemned to repeat it” is still worth heeding, especially in the information security industry. With 2013 in the rear view mirror, the Target data breach and others of similar size and severity are still part of the mainstream media conversation and are necessitating that businesses adopt better, modern data protection strategies to avoid making headlines.

In the amount of time it took you to read the above paragraph, approximately 320 data records were lost or stolen, based on information about the rate of 2013 data breaches available from the new Breach Level Index.

This new infographic takes a look back at the quantity and disbursement of the data records lost or stolen last year in the hope that, when it comes to data security, everyone can learn from the past.

Breach Level Index Infographic

Securing the Breach, Part 1 – Accept It, Then Protect ItData Breach, Featured, SafeNet Data Protection, Secure the Breach

Kristin ManogueMarch 18, 2014, 02:19 pm UTC

Secure the Breach LogoA data breach has just occurred, but no one knows it yet. Where it’s taking place and to whom is presently unclear. What I can tell you is that it’s happening.

In our six-part series, ‘Securing the Breach’, we will take you on a journey – starting with the current state of data security, how we got here, and what you can do to avoid falling victim to a breach.  It’s a logical 3-step process.  The hardest part will be trying to alter your organization’s perception that what has worked in the past no longer addresses the current problem.  Getting you to accept the breach and realize it’s just around the corner may take some convincing, but we’ll try.

Less than five years ago, IT professionals could click a compliance check box and be done. They could confidently implement a multi-million dollar IT infrastructure and call it a day—securing the perimeter with a firewall was adequate.  Everything resided within the organization. Weren’t those the days?

Enter Big Data, Software-as-a-Service (SaaS), and virtualization, and this party just got interesting.  The data sprawl epidemic is here and it is sloppy; it’s falling over everything and the guest list on who can access it is spreading like wildfire.  Customer data, confidential files, and proprietary secrets have now made their way across the perimeter of organizations everywhere.

A pivotal moment; the dynamics of what we were protecting changed, yet how we were protecting them didn’t. We chose the path of least resistance and simply built fiercer firewalls.  According to IDC, of the $32 billion enterprises spent on security technology in 2013, more than 26% ($8.4 billion) was invested in network perimeter security.  Additionally, they project a 7.1% growth rate through 2017 of organizations investing in methods to prevent the breach.

The 2013 Verizon Data Breach Investigations Report further substantiates this prediction.  In just the past two years, it uncovered 1476 global data breaches and 218 million compromised records.  Clearly all of that money invested in 2013 toward breach prevention was in vain.

These statistics confirm that you cannot prevent the breach.  You must accept that the breach is coming, and then put a strategy in place. Protect the data that resides within the infrastructure, secure the network traffic flowing from branch offices to headquarters to disaster recovery sites, and control access to it. We call this Securing the Breach, and it is the only way to truly protect your company from detrimental loss.

Don’t be naïve- even the largest organizations have fallen victim to breaches and data loss. I strongly urge you to perform your own risk assessment and stay up-to-date on data breaches, especially within your industry. Visit www.breachlevelindex.com and learn how to reduce your risk score.

By properly securing the data, you can mitigate the overall cost and adverse consequences that result from a breach. Still not convinced? In the next blog post in this series, we will reveal SafeNet’s Secure the Breach Three Step Program, a strategy that will protect your data even after a breach has occurred.

For now, check out these related posts to learn more about the realities of today’s data breaches:

How To Participate in a Twitter Chat: Definition and Steps to Join #securechat#SecureChat

SafeNet October 4, 2011, 03:03 pm UTC

SafeNet holds a Twitter chat focused on technology and security every Thursday at 2pm EST/ 11am PST. The biggest question we get is not about the technology or ideas we discuss, but “What is a Twitter chat and how do I participate?”

What is a Twitter chat?
A Twitter chat (or tweet chat) is an online discussion using twitter, so every post is a tweet. Because it’s on Twitter, its open to everyone with a Twitter account. Anyone can participate, or just listen in to learn more about the topic.

How Do I Participate?
Step 1: If you don’t already have a Twitter account, sign up at www.twitter.com. Make sure you change your picture from the default egg so you don’t look like too much of a newbie.

Step 2: You can search for “#securechat” on Twitter and follow the chat there, but there are other web sites that make it much, much easier. Our favorite is TweetChat. Go to www.TweetChat.com and sign in using your twitter name and password, then click Authorize App.Sign in to TweetChat

Step 3: Search for “securechat” and click Go. This will take you to a page with every tweet including the #securechat hashtag. Here you can “listen in” on the chat or participate with your own tweets. When you tweet, TweetChat has a bonus feature that it automatically adds the #securechat hashtag to the end of your tweet.

TweetChat

Step 4: Start chatting!

For more information on Twitter chats and other tools you can use, you may want to read this post from TwitTip. To see all updates from SafeNet, follow @SafeNetInc.

 

 

TechEd Demo – ADFS an integration with SafeNet Authentication ServiceAuthentication, Cloud, SafeNet Data Protection

Motty AlonJune 6, 2013, 01:21 pm UTC

The key to a successful IT product depends in most cases on the product’s ease of deployment and management. That’s why the next version of Microsoft’s AD FS is good news to the strong authentication market. Yesterday at TechEd 2013 New Orleans, Microsoft announced new options for ADFS to be deployed with multi-factor authentication solutions, in a far simpler way than before.

Looking at recent SaaS vendors’ announcements, it is easy to notice a shift in market perception about strong authentication. More and more SaaS application vendors – and several on-premise vendors too – are adding multi-factor authentication functionality to their feature sets. Twitter and Dropbox are just two examples from the last month of two vendors that added such a capability. Yesterday’s announcement was an indication that Microsoft is also heading in this direction.

In its current version of Windows Server 2012  Active Directory Federation Services (ADFS), Microsoft’s Web Single Sign On (Web-SSO) solution, can be deployed with strong authentication only by using Windows smartcard authentication, a custom solution,  or a third party identity provider (such as SAML IdP).

This limits the deployment of ADFS with multi-factor authentication solutions, and makes it a bit more complex than necessary. Kudus to Microsoft for addressing this challenge by announcing that the next Windows Server release, Windows Server 2012 R2, will include enhancements to ADFS which will allow multi-factor authentication providers to implement strong authentication through an adapter framework.

At SafeNet, we worked closely with the Microsoft ADFS team to link this new capability with SafeNet Authentication Service.  The result of this effort was demonstrated yesterday in a TechEd North America 2013 session (you can watch the full session or download slides). Sam Devasahayam from Microsoft showed a preview version of ADFS using a SafeNet adapter to authenticate a user by connecting to SafeNet Authentication Cloud Service. The demo showed just how simple it will be to deploy Microsoft’s solution with third part multi-factor authentication solutions.

The integration with SafeNet Authentication Service offers ADFS users a fully automated versatile strong authentication as-a-service solution that supports a variety of authentication methods and is fully integrated with Active Directory. The Microsoft ADFS – SafeNet integration provides an easy to deploy and easy to manage, cloud-based multi-factor authentication solution to services such as Office 365 and SharePoint.

I started out this post with the view that the key to a successful solution depends on ease of deployment and management. The preview version of ADFS is undoubtedly a step in the right direction on the part of Microsoft in its efforts to simplify and extend multi-factor capabilities in ADFS.  We’re now waiting in anticipation to see what Microsoft has in store at the end of the year when it plans to release its new version of Windows Server.

[Infographic] Unlock the Potential of Data Center ConsolidationCloud, Encryption, Infographics

SafeNet February 10, 2014, 05:56 pm UTC

Many organizations recognize that a data center consolidation via cloud offerings and virtualization could have a variety of benefits, including an improvement to management efficiency and cost savings. However, there are a number of issues that can prevent companies from unlocking the full potential of a consolidation.

In a recent survey of IT and security professionals, SafeNet explored the obstacles and security concerns surrounding data center consolidation and virtualization. Check out the results in our new infographic.

SafeNet Data Center Consolidation Infographic

Stats of Note from This Infographic:

  • Only one-fifth of survey respondents are currently encrypting data in virtualized environments.
  • Three-quarters of respondents store encryption keys in software, essentially leaving the house keys under the mats.
  • 58.2% of participants indicated that globally they have less than five people involved with encryption management.
  • 74% of IT and security professionals are looking for solutions that support compliance and security. Of those, 59% are struggling with auditing their current data center estates.

Share This Infographic on Your Site:

Copy and paste the following code into the HTML editor for your blog post or web page of choice and enjoy!

<a title=”SafeNet Infographic – Data Center Consolidation via Cloud Offerings and Virtualization” href=”http://data-protection.safenet-inc.com/files/2014/01/safenet-data-center-consolidation-infographic-large.jpg”><img alt=”SafeNet Data Center Consolidation Infographic” src=”http://data-protection.safenet-inc.com/files/2014/01/safenet-data-center-consolidation-infographic.jpg” /></a><a href=”http://www.safenet-inc.com/” title=”SafeNet, Inc., a leading global provider of data protection”>From SafeNet, Inc., a Leading Global Data Protection Provider</a>

[Infographic] The Alarming Rate of Data BreachesData Breach, Infographics, SafeNet Data Protection

Andrew GertzFebruary 18, 2014, 06:00 am UTC

While versions of the saying have become cliche, George Santayana’s warning  ”Those who cannot remember the past are condemned to repeat it” is still worth heeding, especially in the information security industry. With 2013 in the rear view mirror, the Target data breach and others of similar size and severity are still part of the mainstream media conversation and are necessitating that businesses adopt better, modern data protection strategies to avoid making headlines.

In the amount of time it took you to read the above paragraph, approximately 320 data records were lost or stolen, based on information about the rate of 2013 data breaches available from the new Breach Level Index.

This new infographic takes a look back at the quantity and disbursement of the data records lost or stolen last year in the hope that, when it comes to data security, everyone can learn from the past.

Breach Level Index Infographic

2015 Authentication Trends and PredictionsAuthentication, Featured, Internet of Things, multi-factor authentication

Doron CohenDecember 5, 2014, 03:05 pm UTC

2015

I’ve just come back from Gartner’s annual Identity and Access Management (IAM) Summit in Las Vegas where the conversation touched on the most pressing issues facing IAM professionals: maintaining security and implementing Authentication, Single Sign On and Access management solutions in a highly mobile and dynamic cloud-based environment.

As we look forward to 2015, I’ve put together some key trends and predictions around these and other themes, which I believe will shape the Identity and Strong Authentication market in the coming years.

2015 Trends and Mega Forces to Watch

  • Mobile device adoption is growing exponentially and this growth is further fueled by the introduction of wearable computing and smart devices everywhere.
  • User authentication is getting better than it is used to be. Many cloud providers are already offering two-step authentication to allow users to protect their identity with a onetime pass code received through SMS or generated via a mobile application. Recently released specifications and the collaboration of industry leaders is further propelling this development: The Fast Identity Online (FIDO) Alliance, with broad industry support, is finalizing specifications for strong authentication with the goal of changing the way we authenticate.
  • o At the same time, the re-imaging of the mobile industry, emerging Internet of Things (IoT) and the introduction of new categories of smart devices is resulting in a large rise in the number of devices that are being deployed to market without having security properly built in from the ground up. New use cases for smart devices – from door lock systems and vehicle computing systems to wearables – are introducing new threat surfaces as they are being deployed with limited resiliency to cyber-attacks.
  • o The bad guys are getting smarter around mobile and embedded systems. This is leading to a rise in targeted and advanced malware against a variety of connected systems and smart devices. IoT Nightmares: Prison Break illustrates some of the possibilities that lie in the road ahead.

 

2015 Predictions

  • The adoption of better security practices will struggle to keep pace with the rapid adoption of cloud computing. In the first half of 2014 alone, more than 375 million customer records were stolen, an increase of 31 percent compared to the same period last year, according to SafeNet’s Breach Level Index (BLI). And given that the cloud computing market is expected to grow at an average rate of 29% by 2018 according to 451 Research, more cloud providers will be hacked and customer data exposed.
  • The adoption of cloud based identity and access solutions will continue to grow. The accelerated adoption of Identity and Access delivered as a Service will in turn drive innovation in the IAM market, specifically around strong authentication and federated SSO and increase demand for frictionless authentication. Over 35% of enterprise multi-factor authentication (MFA) purchases will be cloud based. A third (33%) of organizations surveyed in SafeNet’s 2014 Annual Authentication Survey indicated they preferred cloud-based authentication over on-premises deployment, up from 21% last year – a sizable 50% increase.
  • Authentication methods continue to diversify with the introduction of additional technologies which are more mobile-friendly and reduce friction for end users. These include push messaging to the mobile to approve authentication to online services, embedded biometric sensors, Bluetooth Smart-based authentication, and uptake in contactless and NFC-based methods.
  • Enterprises and consumers will have a greater choice of secure authentication than ever before. Beyond the One-Time Passcode prevalent today, we will see a variety of stronger authentication methods being deployed and providing unprecedented choice and vastly improved security over existing password-based authentication schemes.

To get more insight into the Authentication market, download a copy of Gartner’s Magic Quadrant for User Authentication.

Cloud