Key Management and Payments Security Blog - Thales e-Security

Data Security and Key Management - Thales e-Security

  • EU Regulators Take Another Step Forward with eIDAS Standards

    By | March 20, 2017

    A new protection profile has been introduced, giving manufacturers a standard by which to certify Hardware Security Modules (HSMs). The new protection profile, which is expected to be accepted under eIDAS (EU regulation 910/2014), provides a common EU standard for HSMs. Thales e-Security HSMs that are certified to this standard will meet EU governmental requirements for HSM procurement across the whole of the EU, where in many cases the American FIPS 140 standard has not been acceptable.

    Continue Reading
  • Using Cloud, IoT, Big Data and Containers Sensitive Data - Without Data Security

    By | March 16, 2017

    93_percent-using-sensitive-data_wo_DSReleasing today is our 2017 Thales Data Threat Report - Advanced Technology Edition. In this edition of the report, we extend the findings from our "Global" edition with the details of how enterprises are adopting and using Cloud, Big Data, IoT and Containers (like Docker) with an emphasis on their use of sensitive data within these environments.

    Continue Reading
  • Proactively protecting the public sector

    By | March 14, 2017

    Initiatives to digitally transform the UK government are happening across the board. The NHS, for example, is preparing to become paperless by 2020 and Her Majesty’s Revenue and Customs (HMRC) has been granted £1.3 billion in funding to initiate digital transformation. Meanwhile, the Department for Work and Pensions is investing heavily in big data technologies to drive automation, identify errors and tackle fraud.

    Continue Reading
  • Hardware Security Modules for more than UK Government PKI

    By | March 13, 2017

    Our recent blog (UK Government PKI) reflected on enterprise cryptographic products being used successfully to protect UK Government IT Systems, with a particular focus on public key infrastructures. Indeed, the application of hardware security modules (HSMs) to protect keys in a certified hardware environment is now broadening to support the demand for higher assurance security in other areas of IT.

    Continue Reading
  • 10 Years of Technology Advances: Who Were the Winners?

    By | March 07, 2017

    If you can believe it, it’s been 10 years since Steve Jobs introduced the first iPhone. It was sold only by Cingular Wireless (AT&T), and used GPRS and EDGE for data transfer. Needless to say, much has changed since then. And mobile computing isn’t the only technology that has captured attention and taken hold in the enterprise. As we look at how recent technology advancements have impacted the industry, we should also note that it has greatly affected every organization’s ability to secure their data.

    Continue Reading
  • Test Driving Vormetric Transparent Encryption on Google Cloud Platform

    By | March 06, 2017

    You can read every review about a car, but you won’t begin to appreciate it until you go to a dealer and drive it. So it goes with nearly any product.

    For information technology buyers, it’s a big challenge: IT product vendors layer additional capabilities and features on core products. You read about them on data sheets, watch demonstration videos, even start to touch products at trade show demos (often with a member of staff standing a bit too close). But like a car, you need to take a product out for a spin if you want to love it enough to buy it.

    Continue Reading
  • Apprentices are critical to keeping critical infrastructure safe

    By | March 06, 2017

    Earlier this year, it was reported that Britain is worryingly ‘highly vulnerable’ to a powerful cyber-attack. One of the main factors behind statement? A shortage in skilled security staff.

    As cyber-criminals become more targeted, and successful, in their efforts to hack organisations across all industries, the number of cyber security job vacancies in Britain has indeed risen by 30 percent between 2014 and 2016. However, candidate numbers are failing to keep pace. In fact, a study from the Centre for Cyber Safety and Education revealed that over 50 percent of UK businesses have insufficient cyber security workers to handle cyber-attacks. What’s more, a recent Global Information Security Workforce Study estimated that, by 2022, there will be a global cyber security skills shortage of 1.8 million.

    Continue Reading
  • How could digital ‘birth certificates’ solve healthcare security concerns?

    By | February 28, 2017

    As ‘digital’ extends further into the realms of the healthcare industry, thanks to the rise of mobile products and the Internet of Things (IoT), it is no longer just consumer PCs, enterprise networks and government agencies that are targets for highly sophisticated cyber-attacks – it is medical devices too.

    With personally identifiable information (PII) of patients being the prize, hackers are increasingly honing their skills to get their hands on this valuable data. And unfortunately, they’re getting good at it – putting patient data, and even patients themselves, at risk. Last November, for example, a virus was injected into a number of NHS Trusts’ computer systems, consequently resulting in the cancellation of appointments, operations and diagnostic procedures for two days. In the US, need we not forget the hack on health insurer Anthem in which up to 80 million patient records, containing client names, dates of birth, medical IDs and Social Security numbers, were exposed on the dark web.

    Continue Reading
  • Quantum Resistance – An Addition, Not a Replacement

    By | February 27, 2017

    In order to protect our data in the medium term the algorithms and protocols used must be resistant to developments in Quantum Computing that could result in many conventional public key algorithms becoming breakable – that is, reversible from the public key.

    As new algorithms and mechanisms are proposed how should they be safely included in systems without ultimately undermining security because of their immaturity?

    Continue Reading
  • HIMSS 2017: Data Security Highlights

    By | February 23, 2017

    With our Healthcare Data Threat Report announced just this week, I was not surprised to see that one of our key findings aligned with the topics being discussed at the HIMSS conference. Based on my observations on the exhibit floor as well as my conversations with healthcare IT professionals and security consultants, one key theme from the report bears out: When it comes to protecting electronic personal health information (ePHI), the focus for many healthcare IT teams is still on traditional security measures.

    Continue Reading
View more

About this blog

Welcome to our new merged blog site, featuring key management and payments security focused content previously hosted on www.keymanagementinsights.com and www.paymentssecurity.com.

As companies look to protect their customer data and other sensitive information, encryption is being deployed more widely. Yet if an encryption key is lost then that data cannot be recovered. Avoiding this problem demands formalized processes and robust technologies for key management making the protection, management and secure use of cryptographic keys a fundamental component of modern IT security.

Thales has been applying data protection and key management expertise to the worldwide payments industry for over 25 years. Our solutions secure retail and corporate banking, integrate with all widely used credit/debit applications, and include the world's best-selling EMV data preparation system and complete PIN management for card issuers.