DATA SECURITY

New White Paper to be Released by Bluefin and Alpine Security Consulting on Payment and Data Security

Alpine Security Consulting | July 12, 2021

A new white paperon “Formulating a Complete Payment Data and Security Approach, ”authored by Alpine Security Consulting, has releasedby the recognized leader inand tokenization and encryption technologies for payment and data security, Bluefin.

The main points covered and discussed in the whitepaper are considerations when choosing a data protection approach, rules and regulations governing sensitive data and payment, Protected Health Information (PHI) and ACH account data, Personally Identifiable Information (PII), and how tokenization can be combined with encryption to provide a single solution for securing cardholder data (CHD).


Topics covered in the white paper are:

• Payment and Privacy Data – History and Trends
• Data Breaches, the Pandemic Effect, and the Shift to Online Commerce
• Protecting Privacy Data – HIPAA, GDPR, and Privacy Acts
• Protecting Financial Data – PCI DSS and Nacha
• Bluefin's Payment and Data Security Suite: PCI-validated P2PE and ShieldConex® Data Security
• The Roles of Encryption, Tokenization and Authentication in Protecting Data

Bluefin specializes in data security solutions and omnichannel payment. With the company’s PCI-validated point-to-point encryption (P2PE)solutions, it is specialized in protecting all data. It is for ShieldConex data security platform and point-of-sale (POS) payments for the encrypted tokenization of PHI,PII, ACH and CHD account data.


About Bluefin

For payment and data security, Bluefin is the renowned leader in antokenization and encryption technologies. Our security suite includes call center, mobile and unattended payments, PCI-validated point-to-point encryption (P2PE) for contactless face-to-face, and our ShieldConex® data security platform for the protection of Personal Health Information (PHI),Personal Health Information (PHI), personally Identifiable Information (PII), and payment data entered online.

About Alpine Security Consulting

Alpine was founded to fulfill a passion to help businesses. With an experience of over 20 years in security, technology, and compliance, Alpines skill set can support virtually any business learn how to control ground-breaking security technologies with the outcome of translating security savings into tangible business worth.

Spotlight

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Spotlight

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Launch of Virtru Private Keystore Enables Heightened Privacy and Secure Collaboration in the Cloud

Globenewswire | March 24, 2023

Virtru, the global leader in data-centric security and privacy, today announced the immediate availability of the Virtru Private Keystore, allowing organizations to leverage the power of industry-leading cloud collaboration platforms with the confidence that their data is completely private and shielded from their cloud provider. The Virtru Private Keystore gives businesses a simple way to encrypt their cloud data and store the keys in an environment separate from their cloud provider. It is available for Google Workspace, Google Cloud, and all of Virtru’s products. Privacy-preserving technology has become a top priority for businesses and individuals alike, as evidenced by Google’s rapid expansion of Client-Side Encryption for Google Workspace and customer-managed encryption keys for Google Cloud. Google has undertaken these efforts to win and retain privacy- and compliance-sensitive customers. Virtru is one of a select number of Google-recommended private encryption key management partners to support these initiatives. Paris-based HR tech firm, Maki People, uses Virtru as its key management solution provider for Google Cloud, and views the Virtru Private Keystore as a way to build trust with its customers. “The Virtru Private Keystore is super seamless,” said Benjamin Chino, CPO and Co-Founder, Maki People. “Everything is running smoothly. From a customer standpoint, it really makes a difference – they now feel that they're much more in control, and that Google will not be able to access their data.” “Safeguarding data privacy and control is our top priority, and the Virtru Private Keystore plays a crucial role in helping us achieve this objective,” said Ali Umana, Network Administrator, Kulite Semiconductor Products, Inc. Around the world, regulatory requirements continue to tighten. The Virtru Private Keystore helps organizations meet compliance and data sovereignty obligations such as the International Traffic in Arms Regulations (ITAR) and the EU’s General Data Protection Regulation (GDPR). “Our customers choose Virtru because our products are easy to use, and they integrate seamlessly with the apps they work in every day,” said Bill Bauman, Product Marketing, Virtru. “The Virtru Private Keystore does that, too. It simplifies key management for our customers and runs seamlessly in the background. It does more than just key exchanges, though: It adds policies to the keys and has audit capabilities. So, everyone can collaborate more confidently in the cloud and have final decision over who can access their data.” The Virtru Private Keystore supports the full suite of Virtru products, including Virtru for Microsoft Outlook 365, Virtru for Gmail, Virtru Secure Share, and Virtru Data Protection Gateway, and is a trusted solution for Google Workspace Client-Side Encryption (or CSE, including CSE for Gmail) and Google Cloud External Key Manager (EKM). It can be deployed in a public or private cloud, or a private or co-hosted data center, and supports hardware security modules (HSM), with additional support for HSM Proxy Connector. About Virtru Virtru is a global leader in data privacy and protection. At Virtru, we equip our customers to take control of their data—everywhere it’s shared—through end-to-end encryption for Google, Microsoft, and other data sharing platforms. Our team is creative, collaborative, and passionate about creating a brighter future for data privacy. Above all, we support our colleagues and empower each other to do our best work.

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Interos Enhances Industry-First Operational Resilience Score

Interos Inc | March 10, 2023

On March 9, 2023, Interos, one of the leading operational resilience companies creating the world's strongest, safest, and most secure supply chains, announced the introduction of its upgraded cyber risk factor, a part of its i-ScoreTM measurement of operational resilience. The Interos i-Score is the first of its kind resilience score that assesses the health of extended supply chains against multiple risk factors, such as restriction, financial, geopolitical, operations/catastrophe, ESG, and cyber. The i-Score update includes an innovative cyber behavior model to detect potentially harmful cyber activity irrespective of public disclosure, commercial cyber ratings, threat assessment (Mitre ATT&CK®), vulnerability information (CVEs), regulatory compliance, cyber events, and operating country issues into a single score. This advancement directs cyber risk and procurement managers to their multi-tiered vendors most exposed to ransomware, breaches, data leakage, and other cyber-attacks carried out by malicious attackers who target suppliers concealed in the extended global supply chain. Interos's 2022 Resilience study of 1,500 cybersecurity and procurement leaders found that cyber incidents cause supply chain disruptions that cost businesses $37M each year. Andrea Little Limbago, SVP, Research & Analysis, Interos, said, "This is another crucial step forward in helping organizations achieve operational resilience." She further mentioned, "We've added new, proprietary models that integrate and assess data on cloud-based risk exposure, evaluate anomalous cyber behavior, measure regulatory compliance risks and more. It's designed to deliver better and faster information to CPOs partnering with CISOs — who are increasingly being held accountable for collective cyber resilience — to respond to more frequent and severe supply chain cyberattacks, with enhanced monitoring of vendors and third-party service providers." (Source – Cision PR Newswire) About Interos Inc Founded in 2005, Interos is one of the leading operational resilience companies. The company's first-of-its-kind scoring and relationship discovery technologies automate evaluation, detection, and response to risks. As the only operational resilience platform in the world, it protects customers from unethical labor, regulatory violations, cyberattacks, disasters, bankruptcy, and other supplier vulnerabilities. Interos is based in Washington, DC, and has clients all over the world, including NASA, the U.S. Department of Defense, and a number of Global Fortune 500 companies.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

CyberArk Identity Flows Accelerates Cybersecurity Risk Response

Businesswire | May 10, 2023

CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced enhancements to its CyberArk Identity Flows orchestration solution, including new integrations with Gurucul, Proofpoint and SentinelOne. Part of the CyberArk Identity Security Platform, CyberArk Identity Flows automates risk response tasks and processes through no-code app integrations and workflows, and improves response times, efficiency and productivity. CyberArk Identity Flows includes a user-friendly workflow builder with powerful integration and orchestration capabilities for identity-related business processes, data management and security event responses. New features enable organizations to orchestrate complex responses to a potential threat or security event and act on the valuable data provided by threat monitoring and alerting systems. For example, when a security alert is triggered due to continued failed login attempts, users can be automatically moved into a “risky persons” group to restrict access to specific resources. This feature can also automatically notify relevant parties of the risk, create IT tickets, or take other actions based on security policies. The new technology integrations, available on CyberArk Marketplace, expand these capabilities to work with the industry’s leading threat detection systems, including: Gurucul Security Analytics and Operations Platform – detects threats and provides analytics-driven risk scoring to quickly identify and prioritize new, emerging and unknown threats. CyberArk Identity Flows can gather the risk score from Gurucul and orchestrate appropriate responses and actions to reduce the manual effort associated with threat investigation and remediation while securing the associated identity(s). Proofpoint Targeted Attack Protection (TAP) – detects email threats and assigns a level of risk to individuals with a Very Attacked People (VAP) feature. CyberArk Identity Flows can utilize the insights provided by Proofpoint to orchestrate appropriate responses such as moving identities into different groups to change access permissions, change an authentication policy, send alerts, post notifications or create IT tickets. SentinelOne Singularity Platform – detects and hunts for threats across user endpoints, containers, cloud workloads and IoT devices. When risks are detected, CyberArk Identity Flows leverages that context to make decisions within workflow actions that need to take place across the identity infrastructure. With CyberArk Identity Flows, workflows can be built in minutes through a user-friendly visual editor and thousands of pre-built connectors to more than 700 applications. CyberArk Identity Flows now also integrates with CyberArk Identity Security Intelligence, a shared service of the CyberArk Identity Security Platform that leverages user behavior analytics to detect and remediate anomalous and risky activity by employees. When high-risk behavior is detected, CyberArk Identity Flows is used to orchestrate response actions to reduce response times to attacks to minimize risk. “Flexible automation and orchestration are critical to a proactive Identity Security program and vital to improving the security posture of our clients. That’s why we’ve been so focused on delivering new CyberArk Identity Flows innovations,” said Peretz Regev, chief product officer at CyberArk. “With these enhancements and integrations, we make it simple for organizations to use CyberArk Identity Flows to reduce IT overhead, accelerate service agility and strengthen their overall security, ultimately improving operational efficiencies.” CyberArk Identity Flows can be purchased as a standalone solution, or as part of the CyberArk Identity Security Platform. CyberArk applies intelligent privilege controls to all identities – human and machine – with continuous threat detection and prevention across the entire identity lifecycle. With the CyberArk Identity Security Platform, organizations can enable Zero Trust and least privilege with complete visibility, enabling every identity to securely access any resource, located anywhere, from everywhere. To learn more, please register for “Better Security with Threat Response Automation,” a webinar taking place on May 18, 2023 or visit https://www.cyberark.com/products/identity-flows/. About CyberArk CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.

Read More