How financial institutions can overcome the cloud security barrier
by Mark Bower - Vice President, Product Management at Voltage - Thursday, 18 April 2013.
How to overcome the security barrier

Ask for the proofs. Ensure independent validation of the approach is available. If it isn’t, don’t trust it. These have to also be relevant and from trusted sources. Incomplete tests, or claims which don’t really have full transparency don’t cut it. For instance, solutions which claim to enable protection using new encryption techniques without security proofs and relevant independent validation by experts are worthless in the event of a breach. Even worse, they may not offer any security in the first place. Independent verification is critical.

That’s why new data security standards such as NIST Format Preserving Encryption and FFX mode AES are so important. They have the founation of security proof and standards body.

Data risk and compliance barriers can be solved by leveraging a “data-centric” approach in the enterprise cloud stack to enable data protection, de-identification and data masking in tandem with Identity, Authentication and Authorization service layers. This enables the CISO and CIO to enable business adoption of new competitive applications by aggregating business services and data sources rapidly without exposing live data to new threats or insider attack.

The spotlight is now on CISO’s to determine the architecture and strategy to make it happen, not to say no to the business. Otherwise the business will adopt it anyway – the train’s already rolling.


Why vulnerability disclosure shouldn’t be a marketing tool

Brian Honan, CEO at BH Consulting, talks about a recent vulnerability disclosure trend – a trend that he believes may ultimately cause more harm than good: security vendors using vulnerability disclosure as a marketing tool with the goal of enhancing their company’s bottom line.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Jul 2nd