Cryptographic Management Trends Around the Globe

ADAM CASON | June 24, 2022 | 132 views

Digital transformation has become a mission-critical strategy as organizations are adopting new ways of scaling their business, remaining agile to meet demand, and innovating for the future. Cryptographic management goes hand in hand with digital transformation, as organizations must evolve and future-proof their end-to-end cryptographic environments to ensure they are secure, compliant, and highly available to protect and secure their data, assets, and transactions.

I spoke with members of the global Futurex team — including Mark Howland, EMEA business development; Ruchin Kumar, vice president, South Asia; and Santos Campa, vice president, LAC — for their insights and perspectives on what cryptographic management challenges organizations are facing, implementation trends, and how they are future-proofing their systems.

There are common themes across industries and countries: cryptographic management is challenging, organizations are keenly interested in agility and scalability, cloud migration is happening everywhere, and the compliance checklist is ever important.

1 EMEA: Future-Proofing with Virtualization

When it comes to cryptographic management, the large financial institutions and major high-street banks have significant internal knowledge, best practices and their own ways of working and methodology. Across other organizations, we see the gamut: some are looking at new ways of doing things, such as HSM virtualization and cloud HSMs, while some are struggling with the skillset to configure and manage their existing systems. Throughout Europe, getting into data centers during the pandemic was difficult, resulting in challenges with on-premises cryptographic deployments and remote management.

There are progressive thinkers, many working at startups, who are future-proofing their systems and looking into load balancing, remote management, and virtualization. While others, who have always worked with on-premises cryptographic equipment, are slower to move to the cloud with questions around latency, regulations, and availability. Howland speculates about what’s ahead: “Cryptography-as-a-service and virtualization will be expected.”

Virtualization and the cloud enable organizations to be fluid in their services and abilities, accounting for scalability and growth without taking up rack space and being carbon neutral.

“You have to scale for your worst-case scenario. If you have virtual HSMs, you can literally spin them up and down, so you're not having to manage 20 HSMs when, for 360 days of the year, you only need five. When you then look at the costs, administrative costs, power, it makes a good business case to virtualize rather than use hardware,” states Howland.


Virtualization accounts for the ebb and flow of retailers, such as handling demand for Black Friday, Cyber Monday, and the holiday season.


2 LAC: Compliance and Cloud and Beyond

Overall, organizations are looking to be compliant, secure, scalable, and flexible. “For the financial HSM industry, it seems that, in most cases, everything is moving to the cloud,” says Campa. Moving to the cloud is financially motivating and empowers customers with an agile business case. Campa sees three cryptographic implementation trends across Latin America:

1. The need to implement cryptographic infrastructure as soon as possible.
2. The need to grow the current infrastructure. Organizations want to make sure that they are investing in an infrastructure that is scalable and used for the long term.
3. Security reliability and compliance
In Latin America, every financial customer needs to comply with PCI. In addition to PCI, there are regional compliance requirements to adhere to; for example, Mexico requires compliance with Comisión Nacional Bancaria y de Valores (CNBV) and Asociación de Bancos de Mexico (ABM). As a result, organizations prefer to invest in technologies that will be compliant with the next compliance regulations, including PCI and the next FIPS, to future-proof their cryptographic investments.

Beyond point-to-point encryption and PCI DSS support, we are seeing customers adopting tokenization, remote key loading, and contactless payments on COTS (CPoC) — and increasing features and functionality one at a time. In parallel, some customers have decided to increase the ROI of their HSM investment by using general-purpose features to comply with government and local security requirements and regulations. Futurex is hosting the Futurex Summit: Mexico City 2022, July 19-21, 2022, an opportunity for attendees to learn how to streamline their encryption infrastructures.

3 South Asia: Trends in Multi-Purpose HSM, Cloud

The cryptographic infrastructure has become an important part of the overall deployment of any project in organizations, and Kumar cites the lack of a centralized strategy as the main challenge. In India, he sees silos in most organizations, with overburdened budgets and resources. Data-centric security best practices can help organizations pass various security audits and mitigate unknown risks.

Another pain point is around compliance and mandates from regulators. As with many countries, cryptography is deeply embedded in the information technology laws of India to provide confidentiality and integrity to critical information like personal identifiable information (PII) and financial information. Adhering to these regulations is mandatory for each and every project within enterprises, banking, and government. “India is running quite ahead in HSM and key management. Organizations are well versed in the subject,” acknowledges Kumar.

Kumar sees many organizations interested in a single unified HSM platform that can handle both general purpose and payment functionalities to reduce implementation hassles. Additionally, as is common around the world, Kumar sees an interest in cloud migration and cryptography-as-a-service in South Asia. Many organizations are keen to outsource cryptographic management to a managed service provider or a cloud service provider to bring down the CAPEX cost for the customer, outsource complex cryptography operations to experts, and address regulatory compliance issues such as data localization and key localization.

As we’re seeing in the United States and around the globe post-pandemic, many organizations are looking at digital transformation strategies and future-proofing their cryptographic management investments, including cloud enablement, redundancy and agility, and hybrid deployments — all of which will help to both maintain a strong security posture while adapting and embracing new challenges and opportunities.

Spotlight

Tychon

Tychon is an advanced endpoint management platform that unifies security hygiene and asset management and puts real-time control in the hands of both the operations and security teams. Tychon has you covered, from the endpoint to the cloud, empowering your organization. Tychon drives greater efficiency for your security and systems management teams by giving operators instant visibility and control over all your endpoints, and the speed in response to make that valuable. Simply ask questions in plain english and within seconds, query your entire enterprise for anything from advanced/polymorphic malware and vulnerabilities to server and software license utilization.

OTHER ARTICLES
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | August 12, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More
SOFTWARE SECURITY

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | December 15, 2021

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More
SOFTWARE SECURITY

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | June 6, 2022

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

New Ransomware hitting Industrial Control Systems like a nuclear bomb

Article | February 10, 2020

Researchers at security firms including Sentinel One and Drago’s have been mystified by a piece of code named Ekans or Snake, over the last month. Drago’s publically released its full report on Ekans Ransomware that has recently inflicted Industrial Control Systems and these are some of the most high-value systems that bridge the gap between digital and physical systems. In the history of hacking, only a few times a piece of malicious code has been marked attempting to intrude Industrial Control Systems. Ekans is supposed to be the first Ransomware with real primitive capability against the Industrial Control Systems, software, and hardware used in everything from oil refineries to power grids. Researchers say this ransomware holds the capability to attack ICS by Honeywell and GE as well.

Read More

Spotlight

Tychon

Tychon is an advanced endpoint management platform that unifies security hygiene and asset management and puts real-time control in the hands of both the operations and security teams. Tychon has you covered, from the endpoint to the cloud, empowering your organization. Tychon drives greater efficiency for your security and systems management teams by giving operators instant visibility and control over all your endpoints, and the speed in response to make that valuable. Simply ask questions in plain english and within seconds, query your entire enterprise for anything from advanced/polymorphic malware and vulnerabilities to server and software license utilization.

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Absolute Software to Expand Application Resilience Ecosystem with New Product

Absolute Software | March 14, 2023

Absolute SoftwareTM, the only provider of self-healing, intelligent security solutions, recently announced the continued addition to the Absolute Application Resilience ecosystem with the introduction of the latest product. Joint clients can now utilize Absolute's proprietary Persistence® technology and unbreakable device connection to improve the resiliency and health of over 70 mission-critical security and business solutions, such as eClinicalWorks, HCL BigFix, IMTLazarus, UNOWHY, Forescout® SecureConnector, Pixart® MDM, Plurilock CloudCodes, and XM Cyber HaXy. In today's work-from-anywhere scenarios, the need for resilient security policies able to secure remote devices and sensitive data has never been more critical. Absolute's analysis reveals that non-resilient applications may function effectively on lesser than 80% of the devices on which they have been installed, and in some cases as low as 35%, whereas over 95% of devices with Application Resilience functionalities facilitated reported healthy security applications. As a result of increasing demand, Absolute has witnessed a 26% year-over-year rise in the number of customer devices utilizing Application Resilience to monitor app behavior and health, as well as a 42% increase in the number of devices monitoring application health and autonomously reinstalling and repairing them when required. John Herrema, EVP of Product and Strategy at Absolute Software, said, "It is abundantly clear that in order to deliver both maximum protection and returns on security investments, critical controls must be constantly monitored and maintained." He added, "Our unique intelligence repeatedly shows that complex device environments have put endpoint agents at constant risk of collision, decay, or being disabled by malicious or negligent users. By making the investments to continuously grow our Application Resilience ecosystem, we are enabling our customers to harden their defenses against malicious attackers and strengthen overall security posture." About Absolute Software Headquartered in Vancouver, Canada, Absolute Software is the exclusive provider of intelligent, self-healing security systems. Integrated into over 600 million devices, Absolute is the only platform that provides a permanent digital connection that dynamically and intelligently applies visibility, control, and self-healing capabilities to applications, endpoints, and network connections - enabling companies to improve cyber resilience against the rising danger of ransomware and malicious assaults.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Beyond Identity Launches Zero Trust Series with Security Industry Leaders

Beyond Identity | March 16, 2023

Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023. Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000. Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies. To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security. Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices." (Source – Business Wire) He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities." (Source – Business Wire) About Beyond Identity Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience. The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Absolute Software to Expand Application Resilience Ecosystem with New Product

Absolute Software | March 14, 2023

Absolute SoftwareTM, the only provider of self-healing, intelligent security solutions, recently announced the continued addition to the Absolute Application Resilience ecosystem with the introduction of the latest product. Joint clients can now utilize Absolute's proprietary Persistence® technology and unbreakable device connection to improve the resiliency and health of over 70 mission-critical security and business solutions, such as eClinicalWorks, HCL BigFix, IMTLazarus, UNOWHY, Forescout® SecureConnector, Pixart® MDM, Plurilock CloudCodes, and XM Cyber HaXy. In today's work-from-anywhere scenarios, the need for resilient security policies able to secure remote devices and sensitive data has never been more critical. Absolute's analysis reveals that non-resilient applications may function effectively on lesser than 80% of the devices on which they have been installed, and in some cases as low as 35%, whereas over 95% of devices with Application Resilience functionalities facilitated reported healthy security applications. As a result of increasing demand, Absolute has witnessed a 26% year-over-year rise in the number of customer devices utilizing Application Resilience to monitor app behavior and health, as well as a 42% increase in the number of devices monitoring application health and autonomously reinstalling and repairing them when required. John Herrema, EVP of Product and Strategy at Absolute Software, said, "It is abundantly clear that in order to deliver both maximum protection and returns on security investments, critical controls must be constantly monitored and maintained." He added, "Our unique intelligence repeatedly shows that complex device environments have put endpoint agents at constant risk of collision, decay, or being disabled by malicious or negligent users. By making the investments to continuously grow our Application Resilience ecosystem, we are enabling our customers to harden their defenses against malicious attackers and strengthen overall security posture." About Absolute Software Headquartered in Vancouver, Canada, Absolute Software is the exclusive provider of intelligent, self-healing security systems. Integrated into over 600 million devices, Absolute is the only platform that provides a permanent digital connection that dynamically and intelligently applies visibility, control, and self-healing capabilities to applications, endpoints, and network connections - enabling companies to improve cyber resilience against the rising danger of ransomware and malicious assaults.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Beyond Identity Launches Zero Trust Series with Security Industry Leaders

Beyond Identity | March 16, 2023

Beyond Identity, the industry leader in providing phishing-resistant, passwordless MFA, has announced the official launch of 'Zero Trust Authentication' as a subcategory of zero trust technology, along with the introduction of the Zero Trust Leadership series of events worldwide, which will be held throughout 2023. Combining industry-leading security integrators and technologies, such as Beyond Identity, CrowdStrike, Palo Alto Networks, Optiv, World Wide Technology, BeyondTrust, Climb Channel SolutionsPing Identity, and Guidepoint Security will enable organizations to move toward secure authentication designed to improve the zero-trust strategies of the Fortune 5000. Zero Trust Authentication was created in response to the failure of conventional authentication methods, a problem that has been compounded by the rise of cyberattacks. Implementing Zero Trust Authentication will enable businesses to surpass the constraints of legacy multi-factor authentication (MFA) and passwords and deploy more effective security strategies. To achieve this, the Zero Trust Authentication strategy incorporates components like Beyond Identity's risk scoring and continuous authentication functionalities, which greatly increase the given level of security. Tom Jermoluk, Co-Founder and Chief Executive Officer of Beyond Identity, mentioned, "In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices." (Source – Business Wire) He added, "We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an 'always on' zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities." (Source – Business Wire) About Beyond Identity Beyond Identity is redefining digital access for companies seeking to enhance protection against cyber assaults and provide the greatest levels of security for their customers, employees, and developers. The company's phishing-resistant, passwordless, and Zero Trust Authentication technologies enhance both security and the user experience. The platform provides continuous risk-based authentication that incorporates signals from the zero-trust ecosystem to guarantee that only valid users and secure devices get or keep access to vital resources. Snowflake, Roblox, and Unqork rely on Beyond Identity's highly accessible cloud-native platform to deter assaults and advance their zero-trust strategy.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

BIgID Introduces Secrets Detection Capabilities to Mitigate Risk

BigID | March 17, 2023

BigID, the leading platform for data security, compliance, privacy, and governance, today introduced purpose-built AI and ML-based data discovery and classification capabilities designed to quickly and easily detect secrets across enterprise data and reduce risk from potential data breaches and leaks. Secrets - including as API keys, tokens, usernames and passwords, and security certificates - are commonly shared, cloned, and distributed across enterprise data environments as a means for better collaboration and efficiency. Unfortunately, the proliferation of secrets across these environments increases the attack surface and quickly raises security risks. Data containing secrets can inadvertently get pushed into production, while other secrets can be exposed to internal and external bad actors. With BigID's native secrets detection capabilities, organizations can: Scan for secrets across the entire software development ecosystem including GitLab, GitHub, Jira, Confluence, Powershell scripts, Slack, and hundreds of other data sources across the environment Detect secrets faster and more accurately using patented AI and ML-based data classification techniques Proactively protect secrets with streamlined and automated remediation to continually mitigate the threat of exposure "Secrets-in-code remains one of the most overlooked vulnerabilities in security, despite being a priority target in some of the biggest breaches of late," said Tyler Young, CISO at BigID. "BigID's purpose-built AI and ML-based data discovery and classification give security teams speed and confidence to protect secrets from unwanted exposure so they don't become another headline." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner.

Read More

Events