Key Management and Payments Security Blog - Thales e-Security

Data Security and Key Management - Thales e-Security

  • Code signing failures: Don’t fall into the same trap

    By | May 30, 2017

    The security community has long recognized the importance of code signing as a method to establish trust and integrity. It is now, however, becoming inescapable for independent software vendors (ISVs) and even ordinary users.

    These days, businesses need provably reliable ways to validate the authenticity and integrity of the electronic assets and, perhaps even more importantly in today’s threat landscape, prove that these items have not been tampered with or changed maliciously since they were created.

    Continue Reading
  • CipherTrust Monitor 2.0

    By | May 24, 2017

    Bringing Convenience, Cost Reduction & Increased Uptime for Thales e-Security Customers

    According to our 2017 Thales Global Data Threat Report, 68% of respondents have experienced a breach at some point, with more than one in four reporting breaches in the last year alone, up by 22% from the previous year. In this environment of ever-present threats, securing sensitive data has become a top priority for organizations. It’s thus no wonder that advanced techniques, such as encryption with strong key management, are required to ensure organizations can maintain data security. And as much as organizations need to secure their data, they must also do so with as much operational efficiency as possible.

    Continue Reading
  • Teaching old dogs new (data security) tricks

    By | May 24, 2017

    In light of the numerous recent hacks on high-profile companies, it would appear more UK organisations are waking up and taking action to ensure they don’t find themselves in the same situation. According to findings in our 2017 Data Threat Report: European edition, 63 per cent of UK businesses plan to increase IT security spend in 2017 – a huge jump from the 54 per cent we recorded in 2016.

    Continue Reading
  • Meeting GDPR compliance with a year to go

    By | May 19, 2017

    There’s now less than a year until the EU General Data Protection Regulation (GDPR) comes into effect.

    Designed to harmonise data privacy laws across Europe and increase the protection of data privacy for EU citizens, the GDPR has been heralded as a major step forward for consumer protection, and is set to have a significant effect not only on companies within the EU, but also on those exporting data to countries outside the European Union.

    The GDPR requires a greater obligation from businesses to protect the personal information they hold from cyber-attacks, with penalties for leaking customer data larger than ever before.

    Continue Reading
  • What is code signing?

    By | May 16, 2017

    Organizations implement the technology as a best practice to protect businesses, brands, partners, and users from infected software

    Let’s start with a basic definition. Code signing is a method of proving the origin and integrity of a file. The process involves digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed.

    Code singing protects companies – along with their partners and users – from the potential risks associated with software tampering. As part of the code-authentication process, it’s crucial for establishing trust and identity.

    Continue Reading
  • Top 5 Encryption ‘Gotchas’

    By | May 11, 2017

    As encryption adoption increases, more challenges arise

    Nothing worth having comes easy. But good things come to those who encrypt (and do a good job managing the keys).

    According to our Global Encryption Trends Study, cloud adoption and escalating data security threats are accelerating encryption deployments. To be exact, the growth rate of companies with an encryption strategy reached the highest level in the past four years, with a total of 41 percent now reporting they have a consistent encryption strategy.

    Of course, I’m glad to see that organizations are adopting encryption, but there are challenges they will face. Here are the top five “gotchas” we see when organizations start encrypting:

    Continue Reading
  • Is Cloud Computing Secure for your Sensitive Data?

    By | May 08, 2017

    Organizations across all industries leverage the power, agility and cost savings provided by cloud computing. It’s becoming clear that organizations are migrating their data to the cloud at a fast pace, and many organizations are even beginning to use multi-cloud environments.

    Fortunately, we have seen from our recent Global Encryption Trends Study that protecting data in the cloud has become a requirement for most organizations. As you may already know, encryption is a key technology that protects against data breaches, and helps with compliance and privacy concerns. In fact, the growth rate of companies with an encryption strategy reached the highest level in the past four years (now up to a total of 41 percent).

    Continue Reading
  • Multi-Cloud Key Management: Selection and Migration (Third in a Series)

    By | May 03, 2017

    This blog first appeared on Securosis (https://securosis.com/blog/multi-cloud-key-management-selection-and-migration)

    Cloud services are typically described as sharing responsibility for security, but the reality is that you don’t working shoulder to shoulder with the vendor. Instead you implement security with the building blocks they provide you, possibly filling in gaps where they don’t provide solutions. One of the central goals of this research project was to show that it is possible to take control of data security, supplanting embedded encryption and key management services, even when you don’t control the environment. And with key management you can gain as much security as your on-premise solution provides – in some cases even continuing leverage familiar tools – with minimal disruption to existing management processes.

    Continue Reading
  • Global Encryption Trends

    By | May 02, 2017

    global encryption trends

    In today’s digital world, data is the crown jewel, the pièce de résistance. And with the steady pace of major data breaches, securing sensitive data must be a top priority for organizations across the globe. In fact, Verizon’s recently issued 2017 Data Breach Incident Report analyzed 42,068 security incidents – of which 1,935 were data breaches – across 84 countries. The issue of cybersecurity is truly global in scale.

    Here’s what’s encouraging: countries around the world are waking up to the reality of the need for security at the data level. In our recent 2017 Global Encryption Trends Study, issued in conjunction with the Ponemon Institute, we found that enterprises have accelerated their adoption of encryption strategies. In fact, 41 percent of respondents said their organization has an encryption strategy applied consistently across the enterprise compared to less than 15 percent in 2005, the first year of this study.

    Continue Reading
  • Fine-tuning the Festival experience with secure and efficient ticketing

    By | May 01, 2017

    The resale of cancelled and refunded tickets for this year’s Glastonbury Festival took place last weekend, with thousands of eager music fans visiting the website in the hope of securing a place in front of the world famous Pyramid Stage.

    Registration required purchasers to upload a passport photo of themselves, which would then be replicated on the paper ticket itself as a means of identification.  Such a process can be prone to errors, however, with wrongly sized images causing delays in the purchase procedure, and out of date photos leading to problems with authentication at the gates of the Festival itself.

    Continue Reading
  • Federal Governments around the World Struggle to Keep up with Data Security Threats

    By | April 27, 2017

    US federal agenciesTowards the end of 2016, Thales e-Security, in conjunction with 451 Research, conducted a comprehensive global survey of security professionals to get a pulse on the state of the security industry’s level of preparedness to deal with threats to data, both from insiders as well as external threat actors. The results of that study included a Global Threat Report, as well as several regional and vertically-focused reports including one focused on the federal government sector. One of the new aspects in this year’s report was the inclusion of responses from federal government sector participants from other countries: Japan, Mexico, Brazil, Australia, UK and Germany.

    Continue Reading
  • Multi-Cloud Key Management: Service and Deployment Options

    By | April 24, 2017

    By Adrian Lane, (guest author)

    This blog first appeared on Securosis (https://securosis.com/blog/multi-cloud-key-management-deployment-options)

    This post will discuss how to deploy encryption keys into a third-party cloud service. We illustrate the deployment options, along with the components of a solution. We will then walk through the process of getting a key from your on-premise Hardware Security Module (HSM) into a cloud HSM. We will discuss variations on using cloud-based HSM for all encryption operations, as well as cases where you instead delegate encryption operations to the cloud-native encryption service. We’ll close out with a discussion of software-based (non-HSM) key management systems running on IaaS cloud services.

    Continue Reading
  • Encryption Everywhere

    By | April 20, 2017

    There’s something satisfying about having empirical evidence confirm what you see every day. This year’s Global Encryption Trends Study reveals that encryption has come a long way since the days when it was governments and banks that cared most about it. Today, encryption is a core element of the data security strategy for all types of organizations, and the results of this year’s survey bear that out. Encryption – with a sound key management approach underpinning it – can protect your data when the other lines of defense around it break down. And as my colleague Cindy Provin noted in her recent blog post, its importance is appreciated all the way up to corporate boardrooms across the globe.

    Continue Reading
  • Why your business is missing a trick by failing to prepare for the GDPR

    By | April 19, 2017

    Brexit has certainly raised many questions with business leaders, but none more so than around the impending EU General Data Protection Regulation (GDPR). In fact, I recently read that one in four businesses have cancelled all preparations for the GDPR as they mistakenly believe the rules will no longer apply in the wake of the triggering of Article 50 last month. What’s more, and perhaps even more worryingly, nearly half (48%) have not even begun to prepare for the changing regulations, which come into effect next year.

    Continue Reading
  • Encryption becomes a boardroom matter

    By | April 13, 2017

    When it comes to matters of encryption, you wouldn’t be alone in thinking they reside solely within the confines of an organization’s IT team. In fact, for the past 12 years, our Global Encryption Trends Reports have shown that the IT operations function has consistently been the most influential in framing an organization’s encryption strategy.

    Continue Reading
View more

About this blog

Welcome to our new merged blog site, featuring key management and payments security focused content previously hosted on www.keymanagementinsights.com and www.paymentssecurity.com.

As companies look to protect their customer data and other sensitive information, encryption is being deployed more widely. Yet if an encryption key is lost then that data cannot be recovered. Avoiding this problem demands formalized processes and robust technologies for key management making the protection, management and secure use of cryptographic keys a fundamental component of modern IT security.

Thales has been applying data protection and key management expertise to the worldwide payments industry for over 25 years. Our solutions secure retail and corporate banking, integrate with all widely used credit/debit applications, and include the world's best-selling EMV data preparation system and complete PIN management for card issuers.