GDPR Guide for agencies, freelancers & website owners

May 1, 2018 | 200 views

With this free e-book we would like to assist agencies, freelancers, website owners and WooCommerce shop operators to get an easy access to the most important contents of the EU’s upcoming General Data Protection Regulation (EU GDPR). In addition, we will show you some practical case examples such as tracking, email marketing and WordPress plugins. In this guide, you will also find concrete task instructions and a checklist, which will help you to get your business and your WordPress website ready for legal compliance with GDPR right on time.

Spotlight

NETWAR DEFENSE CORPORATION

The NETWAR DEFENSE CORPORATION specializes in National Security and Intelligence, providing mission critical defense utilizing the strategic use of Information Technology for Information Assurance, DIACAP, DITSCAP, Certification and Accreditation-Cyber Security/Network Warfare. We utilize STIGs, and the Evaluated Product List (EPL) for support, analysis, and implementation of the DoD Directive 3020, DoD Directive 4630, DoD Directive 6500, DoD Directive 5200, DoD Directive 8100, DoD Directive 8570, DoD Directive 5200 Continuous Monitoring NIST- 800-53, ICD503, Information Assurance Technical Framework (IATF).

OTHER ARTICLES
PLATFORM SECURITY

Top 5 Tactics for Improving Cloud Security Hygiene for Businesses

Article | August 12, 2022

In the past couple of years, the world has gone through a rapid digital transformation, which has led to a deeper penetration of modern technologies such as cloud computing, artificial intelligence, data analytics, and others. As a result, smart businesses are shifting their digital resources to the cloud to benefit from features such as streamlined operations, centralized data storage, increased operational flexibility, and hassle-free data transition. As per a study conducted in 2022, nearly 94% of businesses around the world are using at least one cloud service. Every enterprise possesses large volumes of sensitive data, including financial statements, business designs, employees’ identity information, and others. As organizations worldwide migrate from on-premises working to a remote working model, more data is being stored in the cloud than ever before, making cloud security one of the most crucial aspects for businesses today. 5 Proven Tips to Strengthen Cloud Security Hygiene for Businesses With the advent of cloudification and the increasing use of cloud-based applications, the prevalence of cybercrime has increased significantly. For instance, in the wake of the COVID-19 outbreak, there has been a significant spike in cybercrime, with reports of a 600% increase in malicious emails. Furthermore, a report from the United Nations says that cybercrime will cost the world economy $10.5 trillion every year by 2025. Even though cloud networks, such as Google Cloud, Microsoft Azure, and Amazon Web Services, have their own data protection measures for securing the cloud services they provide, it does not mean that businesses utilizing these services should rely solely on their security measures and not consider adopting additional measures. So what are the tactics modern businesses should adopt to improve cloud security hygiene? Let’s see: Deploy Multi-Factor Authentication (MFA) When it comes to keeping hackers out of user accounts and protecting sensitive data and applications used to run a business online, the traditional username and password combination is often not enough. Leverage MFA to prevent hackers from accessing your cloud data and ensure only authorized personnel can log in to your cloud applications and critical data in your on- or off-premise environment. MFA is one of the most affordable yet highly effective controls to strengthen your business's cloud security. Manage Your User Access It is crucial for your business to ensure adequate permissions are in place to protect sensitive data stored on cloud platforms. Not all employees need access to certain applications and documents. To improve your cloud security and prevent unauthorized access, you need to establish access rights. This not only helps prevent unauthorized employees from accidentally editing sensitive company data but also protects your company from hackers who have stolen an employee's credentials. Monitor End User Activities Real-time analysis and monitoring of end-user activity can help you detect anomalies that depart from usual usage patterns, such as logging in from a previously unknown IP address or device. Identifying these out-of-the-ordinary events can stop hackers and allow you to rectify security before they cause mayhem. Create a Comprehensive Off-boarding Process After an employee leaves your firm, they should no longer have access to any company resources, including cloud storage, systems, data, customers, or intellectual property. Unfortunately, completing this vital security duty is sometimes put off until several days or weeks after an employee has left. Since every employee is likely to have access to a variety of cloud platforms and applications, a systemized deprovisioning procedure can assist you in ensuring that all access permissions for each departing employee are revoked and prevent information leaks. Provide Regular Anti-Phishing Training to Employees Hackers can acquire access to protected information by stealing employees' login credentials using social engineering techniques such as phishing, internet spoofing, and social media spying. As a result, cybersecurity has now become a collective responsibility, making comprehensive anti-phishing training necessary to educate your employees about these threats. As unscrupulous hackers frequently come up with new phishing scams by the day, regular anti-phishing training is essential for developing formidable cloud security. Bottom Line Cloud security hygiene no longer consists solely of strong passwords and security checks. Instead, it is a series of innovative procedures that organizations use nowadays to leverage cloud networks. With more businesses moving towards the cloud and cyberattacks on the rise, it is the responsibility of your organization to remain vigilant and protect itself from cyberattacks.

Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

A Look at Cryptographic Use Case Trends Around the World

Article | August 20, 2022

Securing data, assets, and transactions is ever critical especially now with increased innovation, customer demand, and the need to navigate a complex regulatory landscape — not to mention staying ahead of evolving cyber threats. As a result, organizations of all sizes and in every country around the world require implementing cryptography solutions to help secure everyday business. This includes managing and securing transactions, managing encryption keys, authenticating identities, providing message integrity, and encrypting data and applications. From the largest global banks and payment processors that process thousands of transactions a second to the micro merchants that are newly accepting payments, cryptography works behind the scenes to ensure payments are secure and sensitive information is protected. Whenever and wherever cryptography is at work, organizations turn to either hardware or cloud options (or a combination of both) to ensure data and transactions are secure and compliant. Common cryptographic themes across industries and across countries: 1. Cloud adoption is happening across the board with payment processing taking the lead 2. Smaller FinTechs are innovating big time 3. Companies are continually seeking help to meet regulations, especially when it comes to data localization Since writing Cryptographic Management Trends Around the Globe, I talked again with Futurex team members from our offices around the world, including Ruchin Kumar, vice president, South Asia; Mark Howland, senior business development, EMEA; and Santos Campa, vice president, LAC, for more cryptographic insights and perspectives, including drilling down on cryptographic use cases to see what’s similar and what’s unique across regions. Let’s take a look at each region: South Asia, EMEA, and LAC. South Asia: Payment Ecosystem Thriving in South Asia Ruchin Kumar emphasized that the payment ecosystem in South Asia, particularly India, is thriving — indicating that financial services are the largest consumers of hardware security modules (HSMs) and cryptography in the entire region. HSMs play an important role in South Asia, securing the root of trust, keeping the private keys secure, managing Public Key Infrastructures (PKIs), and managing digital signing for non-repudiation and message integrity. In fact, he said, India represents almost 95% of HSM use cases in all of South Asia. Payment systems and securing payments go hand-in-hand with the standards and regulations required for payments/financial services. These include regulations set by Unique Identification of India (UIDAI), National Payments Corporation of India (NPCI), Payments Council of India (PCI), Information Technology Act of India, 2000 and its amendments 2008/2011/2016. Kumar sees organizations use general purpose HSMs for digital signing for non-repudiation and message integrity and payment HSMs used for acquiring, switching, card issuance, green PIN, and other payment application security needs (these types of HSMs are required by regulations). What’s on the horizon? From Kumar’s perspective, organizations are doing a lot of testing and evaluation for cryptography inclusion in their infrastructure and many organizations are looking into tokenization for security and agility, especially with Internet of Things (IoT), blockchain, and AI emerging. Additionally, remote key loading is becoming more sought after because every device in the field these days — ATMs, point-of-sale devices, handheld devices — requires key exchange with centralized servers. Companies in South Asia See Cryptography-as-a-Service and Local Data Centers Critical for Data Residency and Localization Over the past two years, most organizations in South Asia have adopted the cloud on a large scale, including using the cloud as a resource to host their critical applications. Security has played a big role in this cloud migration, with organizations wanting to retain ownership and control of their encryption keys. As a result, many organizations have turned to Futurex’s VirtuCrypt cloud HSM and key management service for both security and meeting regulatory compliance. Futurex’s data centers in India West and India Central help to power cryptographic automation, speed, latency, and data residency and data localization. “Local data centers provide customers a lot of assurance in terms of data residency, data localization, and key localization, which earlier was a barrier to move to the cloud. Now that Futurex’s cryptography services are hosted within Indian geography, we have seen a big difference in organizations migrating to HSM-as-a-service,” says Kumar. India is well-known as a FinTech hub for start-ups and innovation, with many unicorns emerging, according to Kumar. Progressive companies look to service-based, OpEx models for their applications as well as for cryptography. OpEx models offer flexibility, money savings, and serve as a resource for those needing help with cryptographic management. EMEA: Cloud and Payments Dominate HSM Use in Europe, Middle East, and Africa Cloud adoption is also rapidly increasing in EMEA, with many organizations looking to HSM virtualization technology, especially for payment applications. According to Mark Howland, “Customers are asking, ‘can we cut down our use of hardware, our reliance on hardware, and have the payment applications that we are heavily invested in, spun up and spun down seasonally?” Howland notes that smaller companies and VC-backed companies are more nimble and lean toward innovation by implementing such things as cryptography-as-a-service to meet PCI regulations. The early adopters are those organizations in the finance and payment industry, as consumer demand and pandemic adjustments have led to innovative payment processing including mobile payments and SoftPOS. Like South Asia, smaller companies including those in financial software and services, see the value of OpEx-based HSM cloud services, such as Futurex’s VirtuCrypt. Organizations across EMEA are deploying HSMs for POS key management, PIN management, and virtualization. What’s ahead? Howland sees that many organizations are, again, moving to a service-based model, looking at application encryption, encrypting data at rest, and the overall protection of data in all industry sectors, not just traditional high-security finance customers. LAC: Trends in Cryptography Use in Latin America and the Caribbean What’s trending in LAC? According to Santos Campa, he is seeing a mixture of both on-premises cryptographic architecture and cloud payment demands. Several banks already have a huge investment in their hardware infrastructure — their own data centers, racks, servers, etc. However, at least 35% of customers are converting from these on-premises architectures to cloud HSMs. Many are opening new branches or are creating new FinTechs inside their organizations. “We’re seeing the majority of organizations moving to the cloud, or at least moving part of their operations to the cloud,” says Campa. “It's very important for many organizations to keep control and management of the key lifecycle.” Again, much like other parts of the world, the financial sector is the big mover and shaker in terms of cryptographic implementations, using cryptography for PIN validation, key management, and tokenization. According to Campa, the cloud continues to be very important and beneficial, especially the ability to integrate cloud payment HSMs with the public cloud including AWS, Azure, and Google. As organizations are adding new models, such as transaction processing models, a must-have is a secure, compliant cryptographic solution — compliant with PCI and local and regional regulations throughout Latin America — that will allow them to scale. A nice-to-have is an OpEx option to give flexibility and cost savings. Pandemic trends have paved the way to make cryptographic management more streamlined — such as visualization and remote key management — and not needing to physically go to the data center. “Organizations are looking to a cryptographic platform that is future-proofed, one that is going to provide the best quality of service and support in the market,” says Campa. All around the globe, organizations are looking to innovate payments and embrace the cloud, keeping security, agility, and cryptography top of mind.

Read More
PLATFORM SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | July 11, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

NETWAR DEFENSE CORPORATION

The NETWAR DEFENSE CORPORATION specializes in National Security and Intelligence, providing mission critical defense utilizing the strategic use of Information Technology for Information Assurance, DIACAP, DITSCAP, Certification and Accreditation-Cyber Security/Network Warfare. We utilize STIGs, and the Evaluated Product List (EPL) for support, analysis, and implementation of the DoD Directive 3020, DoD Directive 4630, DoD Directive 6500, DoD Directive 5200, DoD Directive 8100, DoD Directive 8570, DoD Directive 5200 Continuous Monitoring NIST- 800-53, ICD503, Information Assurance Technical Framework (IATF).

Related News

ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bearer Launches Data-First Security Solution

Bearer | November 15, 2022

Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients. “At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.” said Guillaume Montard, CEO and co-founder of Bearer Why Bearer Data Security Platform Now Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data. Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications. DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer. Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers. The Bearer Data Security Platform Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue. Bearer accomplishes these results through three major innovations: Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored. Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself. Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development. About Bearer Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Qumulo Helps Customers Avoid the Complexity of Protecting Unstructured Data with its Comprehensive Approach to Data Security

Qumulo, Inc. | November 11, 2022

Qumulo, the radically simple way to manage petabyte-scale data anywhere, today announced the launch of the company’s new corporate security initiative “Simply Secure,” a multi-layered approach designed to protect data across multiple points of vulnerability. Qumulo’s “Simply Secure” initiative is meant to help organizations minimize the risk of business disruption and protect their data from theft or loss with a complete suite of security features that continue to harden over time, all-inclusive with their Qumulo® subscription, without additional cost for future releases. The unprecedented rise in cyber threats in recent years is creating dire consequences for businesses: multi-million dollar ransom payments, days or weeks in disruption of operations, and potential loss of valuable data sets. Not only that, cyber attacks which become public often leave behind permanent reputational damage. While most organizations understand and respect the risk of poor security posture, many are strapped for cycles, time, and expertise to build adequate defenses around their unstructured data. Qumulo is meeting its customers anywhere – edge, core, and in the cloud – with a holistic approach to security, making it simple for customers to protect their data from ransomware attacks, data theft, and data destruction. Qumulo not only helps customers ensure lighting-fast recovery but also helps proactively detect and prevent anomalies, so organizations and end users can simply secure their sensitive data. Customers are granted access to each new security feature every two weeks, which is available through non-disruptive software upgrades, increasing the value of Qumulo clusters over time. “Qumulo’s focus on radical simplicity means it's taken an approach to security that makes it as easy as possible for customers to protect their data everywhere it’s stored.” Kiran Bhageshpur, Chief Technology Officer at Qumulo Qumulo is constantly developing new and enhancing existing features to provide the most robust security possible. The most recent releases add five new layers to storage security for greater data protection, including: Multi-tenancy VLAN Isolation: Organizations can now use virtual local area networks (VLANs) to isolate administrative interfaces from their file system clients, such that the general network population cannot reach the interfaces. This adds an additional guarantee of network protection, while helping consolidate multiple use cases on a single cluster, resulting in potential cost savings. Single sign-on & Access Tokens: Cluster administrators can now eliminate the need for sensitive user passwords when logging into the Qumulo administrator UI or API since user credentials are prime targets for theft by cyber attackers. NFSv4.1 Kerberos Authentication & Encryption: All data is encrypted before transmitting across networks, preventing any bad actor that intercepts the data from understanding it in plain text. Federal Information Processing Standards (FIPS) 140-2 certification of Qumulo encryption: Now, customers with FIPS requirements can maintain compliance and independently verify that Qumulo’s data-at-rest encryption meets the standards set by the National Institute of Standards and Technology (NIST). Customers who don’t require FIPS certification can rest assured their data is protected by the highest standards. OpenMetrics API provides telemetry data to 3rd party monitoring and alerting systems, so organizations can proactively detect and quickly respond to anomalies at risk of disrupting operations such as an attack-in-progress. “Trust is mission critical when it comes to security,” said Kathy Ahuja, VP of Information Security at Qumulo. “That’s why we’ve built a security posture with FIPS 140-2 accreditation and enhanced encryption that provides the greatest level of protection for our cryptographic modules. Our customers know they can trust Qumulo with their data. And as cybercriminals continue to advance their own breach strategies, we’re well prepared to continue to improve our security measures to match and defeat the complexities of these attacks.” About Qumulo, Inc. Qumulo is the radically simple way to manage petabyte-scale data anywhere – edge, core or cloud – on the platform of your choice. In a world with trillions of files and objects comprising 100+ Zettabytes worldwide, companies need a solution that combines the ability to run anywhere with simplicity. This is precisely what Qumulo was founded to accomplish.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Varonis Launches Its Flagship Data Security Platform as a SaaS

Varonis | November 01, 2022

Varonis Systems, Inc., a pioneer in data security and analytics, today announced early availability of its flagship Data Security Platform as a SOC® 2-compliant SaaS. Varonis' SaaS Data Security Platform simplifies deployment, delivering quantifiable data security outcomes with minimal manual effort and a low total cost of ownership (TCO). Varonis' new SaaS offering also unlocks faster threat model and policy updates, proactive threat detection and response, and autonomous risk reduction. This new release is a force multiplier for overburdened security teams responsible for protecting complex hybrid data environments with overwhelming levels of data exposure that threat actors are exploiting faster than ever. Varonis' SaaS Data Security Platform is available now, providing customers with: Real-time visibility. Continually discover, classify, and prioritize sensitive data risk with an accurate view of your data security posture. Autonomous risk reduction. Intelligently eliminate data exposure by enforcing Zero Trust without breaking business processes. Proactive detection. Transparently monitor data access activity and quickly respond to anomalous behavior. "Today marks a significant milestone in our history. We are announcing the early availability of the Varonis Data Security Platform as a SaaS delivery model. Our new SaaS offering is quick to deploy, easy to maintain, and provides our customers with the automated detection and protection capabilities they need to stay ahead of bad actors. Taken together, these enhancements create significant value for our customers." Yaki Faitelson, Varonis CEO About Varonis Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data: sensitive files and emails; confidential customer, patient, and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects cyber threats from both internal and external actors by analyzing data, account activity, and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. Varonis products address additional important use cases including data protection, data governance, Zero Trust, compliance, data privacy, classification, and threat detection and response. Varonis started operations in 2005 and has customers spanning leading firms in the financial services, public, healthcare, industrial, insurance, energy and utilities, technology, consumer and retail, media and entertainment, and education sectors.

Read More

ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bearer Launches Data-First Security Solution

Bearer | November 15, 2022

Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients. “At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.” said Guillaume Montard, CEO and co-founder of Bearer Why Bearer Data Security Platform Now Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data. Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications. DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer. Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers. The Bearer Data Security Platform Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue. Bearer accomplishes these results through three major innovations: Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored. Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself. Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development. About Bearer Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Qumulo Helps Customers Avoid the Complexity of Protecting Unstructured Data with its Comprehensive Approach to Data Security

Qumulo, Inc. | November 11, 2022

Qumulo, the radically simple way to manage petabyte-scale data anywhere, today announced the launch of the company’s new corporate security initiative “Simply Secure,” a multi-layered approach designed to protect data across multiple points of vulnerability. Qumulo’s “Simply Secure” initiative is meant to help organizations minimize the risk of business disruption and protect their data from theft or loss with a complete suite of security features that continue to harden over time, all-inclusive with their Qumulo® subscription, without additional cost for future releases. The unprecedented rise in cyber threats in recent years is creating dire consequences for businesses: multi-million dollar ransom payments, days or weeks in disruption of operations, and potential loss of valuable data sets. Not only that, cyber attacks which become public often leave behind permanent reputational damage. While most organizations understand and respect the risk of poor security posture, many are strapped for cycles, time, and expertise to build adequate defenses around their unstructured data. Qumulo is meeting its customers anywhere – edge, core, and in the cloud – with a holistic approach to security, making it simple for customers to protect their data from ransomware attacks, data theft, and data destruction. Qumulo not only helps customers ensure lighting-fast recovery but also helps proactively detect and prevent anomalies, so organizations and end users can simply secure their sensitive data. Customers are granted access to each new security feature every two weeks, which is available through non-disruptive software upgrades, increasing the value of Qumulo clusters over time. “Qumulo’s focus on radical simplicity means it's taken an approach to security that makes it as easy as possible for customers to protect their data everywhere it’s stored.” Kiran Bhageshpur, Chief Technology Officer at Qumulo Qumulo is constantly developing new and enhancing existing features to provide the most robust security possible. The most recent releases add five new layers to storage security for greater data protection, including: Multi-tenancy VLAN Isolation: Organizations can now use virtual local area networks (VLANs) to isolate administrative interfaces from their file system clients, such that the general network population cannot reach the interfaces. This adds an additional guarantee of network protection, while helping consolidate multiple use cases on a single cluster, resulting in potential cost savings. Single sign-on & Access Tokens: Cluster administrators can now eliminate the need for sensitive user passwords when logging into the Qumulo administrator UI or API since user credentials are prime targets for theft by cyber attackers. NFSv4.1 Kerberos Authentication & Encryption: All data is encrypted before transmitting across networks, preventing any bad actor that intercepts the data from understanding it in plain text. Federal Information Processing Standards (FIPS) 140-2 certification of Qumulo encryption: Now, customers with FIPS requirements can maintain compliance and independently verify that Qumulo’s data-at-rest encryption meets the standards set by the National Institute of Standards and Technology (NIST). Customers who don’t require FIPS certification can rest assured their data is protected by the highest standards. OpenMetrics API provides telemetry data to 3rd party monitoring and alerting systems, so organizations can proactively detect and quickly respond to anomalies at risk of disrupting operations such as an attack-in-progress. “Trust is mission critical when it comes to security,” said Kathy Ahuja, VP of Information Security at Qumulo. “That’s why we’ve built a security posture with FIPS 140-2 accreditation and enhanced encryption that provides the greatest level of protection for our cryptographic modules. Our customers know they can trust Qumulo with their data. And as cybercriminals continue to advance their own breach strategies, we’re well prepared to continue to improve our security measures to match and defeat the complexities of these attacks.” About Qumulo, Inc. Qumulo is the radically simple way to manage petabyte-scale data anywhere – edge, core or cloud – on the platform of your choice. In a world with trillions of files and objects comprising 100+ Zettabytes worldwide, companies need a solution that combines the ability to run anywhere with simplicity. This is precisely what Qumulo was founded to accomplish.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Varonis Launches Its Flagship Data Security Platform as a SaaS

Varonis | November 01, 2022

Varonis Systems, Inc., a pioneer in data security and analytics, today announced early availability of its flagship Data Security Platform as a SOC® 2-compliant SaaS. Varonis' SaaS Data Security Platform simplifies deployment, delivering quantifiable data security outcomes with minimal manual effort and a low total cost of ownership (TCO). Varonis' new SaaS offering also unlocks faster threat model and policy updates, proactive threat detection and response, and autonomous risk reduction. This new release is a force multiplier for overburdened security teams responsible for protecting complex hybrid data environments with overwhelming levels of data exposure that threat actors are exploiting faster than ever. Varonis' SaaS Data Security Platform is available now, providing customers with: Real-time visibility. Continually discover, classify, and prioritize sensitive data risk with an accurate view of your data security posture. Autonomous risk reduction. Intelligently eliminate data exposure by enforcing Zero Trust without breaking business processes. Proactive detection. Transparently monitor data access activity and quickly respond to anomalous behavior. "Today marks a significant milestone in our history. We are announcing the early availability of the Varonis Data Security Platform as a SaaS delivery model. Our new SaaS offering is quick to deploy, easy to maintain, and provides our customers with the automated detection and protection capabilities they need to stay ahead of bad actors. Taken together, these enhancements create significant value for our customers." Yaki Faitelson, Varonis CEO About Varonis Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data: sensitive files and emails; confidential customer, patient, and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects cyber threats from both internal and external actors by analyzing data, account activity, and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. Varonis products address additional important use cases including data protection, data governance, Zero Trust, compliance, data privacy, classification, and threat detection and response. Varonis started operations in 2005 and has customers spanning leading firms in the financial services, public, healthcare, industrial, insurance, energy and utilities, technology, consumer and retail, media and entertainment, and education sectors.

Read More

Events