Key Management and Payments Security Blog - Thales e-Security

Data Security and Key Management - Thales e-Security

  • Federal Governments around the World Struggle to Keep up with Data Security Threats

    By | April 27, 2017

    US federal agenciesTowards the end of 2016, Thales e-Security, in conjunction with 451 Research, conducted a comprehensive global survey of security professionals to get a pulse on the state of the security industry’s level of preparedness to deal with threats to data, both from insiders as well as external threat actors. The results of that study included a Global Threat Report, as well as several regional and vertically-focused reports including one focused on the federal government sector. One of the new aspects in this year’s report was the inclusion of responses from federal government sector participants from other countries: Japan, Mexico, Brazil, Australia, UK and Germany.

    Continue Reading
  • Multi-Cloud Key Management: Service and Deployment Options

    By | April 24, 2017

    By Adrian Lane, (guest author)

    This blog first appeared on Securosis (https://securosis.com/blog/multi-cloud-key-management-deployment-options)

    This post will discuss how to deploy encryption keys into a third-party cloud service. We illustrate the deployment options, along with the components of a solution. We will then walk through the process of getting a key from your on-premise Hardware Security Module (HSM) into a cloud HSM. We will discuss variations on using cloud-based HSM for all encryption operations, as well as cases where you instead delegate encryption operations to the cloud-native encryption service. We’ll close out with a discussion of software-based (non-HSM) key management systems running on IaaS cloud services.

    Continue Reading
  • Encryption Everywhere

    By | April 20, 2017

    There’s something satisfying about having empirical evidence confirm what you see every day. This year’s Global Encryption Trends Study reveals that encryption has come a long way since the days when it was governments and banks that cared most about it. Today, encryption is a core element of the data security strategy for all types of organizations, and the results of this year’s survey bear that out. Encryption – with a sound key management approach underpinning it – can protect your data when the other lines of defense around it break down. And as my colleague Cindy Provin noted in her recent blog post, its importance is appreciated all the way up to corporate boardrooms across the globe.

    Continue Reading
  • Why your business is missing a trick by failing to prepare for the GDPR

    By | April 19, 2017

    Brexit has certainly raised many questions with business leaders, but none more so than around the impending EU General Data Protection Regulation (GDPR). In fact, I recently read that one in four businesses have cancelled all preparations for the GDPR as they mistakenly believe the rules will no longer apply in the wake of the triggering of Article 50 last month. What’s more, and perhaps even more worryingly, nearly half (48%) have not even begun to prepare for the changing regulations, which come into effect next year.

    Continue Reading
  • Encryption becomes a boardroom matter

    By | April 13, 2017

    When it comes to matters of encryption, you wouldn’t be alone in thinking they reside solely within the confines of an organization’s IT team. In fact, for the past 12 years, our Global Encryption Trends Reports have shown that the IT operations function has consistently been the most influential in framing an organization’s encryption strategy.

    Continue Reading
  • All ‘Go’ for Thales’s Open Source project

    By | April 12, 2017

    Thales has recently embarked on its first fully Open Source project, enabling organisations using cloud-related tools to leverage our hardware security modules (HSMs) for protection.

    Continue Reading
  • Multi-Cloud Key Management (New Series)

    By | April 11, 2017

    By Adrian Lane (https://securosis.com/blog/author-posts/239) (guest author)

    This blog first appeared on Securosis (https://securosis.com/blog/multi-cloud-key-management-new-series)

    Running IT systems atop public cloud services is a reality for most companies. Just about every company uses Software-as-a-Service to some degree, with many having already migrated back office systems like email, collaboration, file storage and customer relationship management software. But now we are also witnessing the core of the data center – financial systems, databases, supply chain and enterprise resource planning software – moved to public Platform and Infrastructure ‘as-a-Service’ (PaaS, IaaS) providers. It’s common for medium and large enterprises to run SaaS, PaaS and IaaS from different providers, in parallel with on-premise systems. Some small firms we speak with no longer have a data-center, with all of their applications hosted by third parties.

    Continue Reading
  • The Evolution of Encryption

    By | April 04, 2017

    The roots of encryption go deep into human history. Encryption has been used for centuries to encode messages, usually to keep government secrets, but also to protect business or trade secrets such as the formula to make silk or pottery. Early encryption was fairly simplistic, largely relying on paper and pencil techniques like steganography, transposition and substitution. In the last century, encryption methods have advanced at a rapid clip, first by leveraging automation and the use of machinery and then by employing advanced mathematics and powerful computers.

    Continue Reading
  • Securing the Mobile Payment Revolution

    By | April 04, 2017

    On April 3, 1973, Motorola employee Martin Cooper made the first mobile phone call. Cooper used the opportunity to call Joel Engel, a competitor at AT&T, to tell him he had an operational mobile phone. Without knowing it, Cooper set events into motion that would change the world forever.

    Since the time of Cooper’s first call, there has been an explosion of innovation in mobile technologies. One of the most significant innovations came on Jan. 9, 2007 when Apple announced the first generation of the iPhone. In his address, Steve Jobs very accurately noted that “today, Apple is going to reinvent the phone.”

    Continue Reading
  • Security and Trust Fundamental to Unlocking the Power of Data

    By | March 31, 2017

    The first payments and data event in the UK, Unlocking the Power of Data: The future of smarter payments provided a wealth of new thinking and insight. It explored how trusted third parties could offer consumers a much broader and innovative range of payment and account information services than they have today through their high street bank. You may be surprised to hear that all of this is being actively encouraged by HM Treasury and the financial regulator who were among the presenters and panelists at the event!

    Continue Reading
  • Blockchain: From Cyberpayments to Distributed Ledger

    By | March 30, 2017

    In the short period that blockchain has been around, the distributed ledger technology has spread from cybercurrency to a wide number of applications in the financial industry. Cost savings, faster transactions, and improved data security are just a few of blockchain’s redeeming qualities.

    Today, many top technologists, investors and bankers are appreciating blockchain technology’s ability to transform the way people and businesses transmit value and establish trust. In fact, there isn’t a business or organization these days that doesn’t have highly sensitive information that requires robust security measures. Lucky for us, behind each blockchain is enhanced cryptography used to protect the data from hacker fraud.

    Continue Reading
  • Security in the Multi Cloud Era

    By | March 28, 2017

    As organizations are deciding where best to run their applications and store their data, many are debating whether to work with a single cloud service provider (CSP), or to work with two or more. According to IDC’s Worldwide Cloud 2017 Predictions, by the end of 2018, over half of enterprise-class businesses will subscribe to more than five different public cloud services. ESG research also shows that 75% of current public cloud infrastructure customers use multiple CSPs. Let me be the first to officially welcome you to the multi-cloud era!

    Continue Reading
  • Safety of driverless cars is the prime concern for consumers – and rightly so

    By | March 27, 2017

    A recent report from Deloitte has revealed that only a third of British consumers would be interested in owning a driverless car.

    The report indicates a preference for safety rather than self-driving features, which comes as no real surprise. As self-driving technology is increasingly pushed up the agenda for automakers, the industry as a whole must demonstrate a clear commitment to vehicle safety above all else. Consumers have every right to be concerned about the risks of hacking and the automotive industry must make this their number one priority for the next generation of connected cars to be a success.

    Continue Reading
  • What is blockchain?

    By | March 23, 2017

    Before I answer the question in the headline – What is blockchain? – let me back up and remind you why you’ve heard of blockchain.

    Bitcoin

    Bitcoin calls itself “an innovative payment network and new kind of money.” It can also call itself a media darling. Bitcoin has a way of getting into headlines on a regular basis. President Trump’s Office of Management and Budget Director Mick Mulvaney is a bitcoin proponent. Members of the U.S. Congress – from both major political parties – have taken interest in bitcoin. And it can also be used for nefarious reasons, like demanding a ransom when hacking into an Austrian hotel.

    Continue Reading
  • EU Regulators Take Another Step Forward with eIDAS Standards

    By | March 20, 2017

    A new protection profile has been introduced, giving manufacturers a standard by which to certify Hardware Security Modules (HSMs). The new protection profile, which is expected to be accepted under eIDAS (EU regulation 910/2014), provides a common EU standard for HSMs. Thales e-Security HSMs that are certified to this standard will meet EU governmental requirements for HSM procurement across the whole of the EU, where in many cases the American FIPS 140 standard has not been acceptable.

    Continue Reading
View more

About this blog

Welcome to our new merged blog site, featuring key management and payments security focused content previously hosted on www.keymanagementinsights.com and www.paymentssecurity.com.

As companies look to protect their customer data and other sensitive information, encryption is being deployed more widely. Yet if an encryption key is lost then that data cannot be recovered. Avoiding this problem demands formalized processes and robust technologies for key management making the protection, management and secure use of cryptographic keys a fundamental component of modern IT security.

Thales has been applying data protection and key management expertise to the worldwide payments industry for over 25 years. Our solutions secure retail and corporate banking, integrate with all widely used credit/debit applications, and include the world's best-selling EMV data preparation system and complete PIN management for card issuers.