Futurex’s Adam Cason advises, ‘To look at your data security posture with a critical eye’

Media 7 | December 1, 2021

Adam Cason, Vice President of Global and Strategic Alliances at Futurex speaks about some major cybersecurity developments retailers need to look out for in the next 5 years. Read on for his thoughts on the top security needs of brands and retailers.

Security must continue to be the number one priority for retailers.

MEDIA 7: The COVID-19 pandemic has greatly accelerated online shopping. Brands and retailers must push ahead this holiday season so they can effectively support consumers via all digital channels. What are some of their top security needs?
ADAM CASON:
Security must continue to be the number one priority for retailers. Without a solid digital security strategy covering all aspects of their business, retailers cannot expect to effectively grow and adapt to a rapidly changing payments ecosystem. We're seeing a lot of attention paid to how the payment process can be streamlined and more frictionless. This includes the ability for merchants — from the largest retailer to the smallest micro merchant — to do more through mobile devices and adopt alternative ways to accept payments. We're seeing trends like the PCI Security Standards Council’s Contactless Payments on COTS (CPoC) standard that brings payment functionality inside the mobile device, whether it's a tablet or phone. The PCI Security Standards Council is doing a lot with new mobile payment standards that regulate the security of electronic transactions on commercial off-the-shelf (COTS) devices that are gaining traction in the retail space. All of this is going to transform the payment process for consumers in very exciting ways.


M7: This boost in online shoppers automatically enhances the retailers’ responsibility to protect cardholder data. What point-of-sale security solutions does Futurex offer in these circumstances?
AC:
When we talk about security, a lot of it starts with the point-of-sale terminal and how the data collected there, is protected. Every point-of-sale terminal has a variety of different cryptographic keys on them, which can be used for everything from PIN encryption to Point-to-Point Encryption (P2PE). As a provider of key management technology, one thing Futurex has seen in 2021 is a pivot toward remote key loading rather than direct key loading.

The process of directly loading encryption keys traditionally has required multiple people to sit in a small, highly secured facility (and that’s being generous — often it’s just a “secure room!”) and perform a very manually-driven, labor-intensive task. Plug in a terminal, inject a key, unplug the terminal, put it in a box. Plug in the next terminal, inject a key, and so on. Now, especially with the pivot toward remote work that 2020 brought, companies are looking to automate many of these tasks and make them more remote-friendly. With the remote key management technology for point of sale that Futurex offers, this is now possible.

We also provide the hardware security modules (HSMs) that are used on the back-end for things like PIN validation, CVV validation, P2PE decryption, tokenization, and more. And when you look at the role mobile devices are playing in the retail space, the horizon widens even further. We provide foundational technology that developers of contactless payment applications or SoftPOS/CPoC applications can use to help go to market faster in a compliant manner.

Read More: Presidio’s Dan Lohrmann believes organizations without AI will not be able to keep up with the mounting cyberthreats in the future


Cyber attacks are not only becoming more prevalent but also more clever in how they attempt to steal sensitive information from users.



M7: With digital transformations becoming a mission-critical strategy and retailers adopting newer ways to scale their businesses, what benefits does Futurex’s expansion suite offer its clients?
AC:
When you look at how these technologies are deployed, one of the biggest questions organizations are asking is about the form factor. Do they want the traditional approach, using on-premises network appliances (such as HSMs) that they house in their own data center and manage like any other piece of networking gear, such as a firewall, intrusion detection system, etc.? Or do they want to take the cloud-based approach instead?

We’re seeing a significantly increased interest in the cloud option in 2021. Organizations like the idea of an OPEX model where they pay a monthly service fee and someone else manages the configuration, day-to-day management, redundancy, etc. With Futurex’s VirtuCrypt Cloud Payment HSM, for example, organizations can create an end-to-end security environment, or just supplement existing on-premises HSM ecosystems, all while gaining peace of mind that their core cryptographic infrastructure is secure, scalable, compliant, and highly available.


M7: According to you, what are some major cybersecurity developments retailers need to look out for in the next 5 years?
AC:
As retailers increasingly adopt alternate forms of payment, they’re going to need to stay very closely plugged in with the latest security trends and best practices. We’re seeing that attacks are not only becoming more prevalent but more clever in how they attempt to steal sensitive information from users. Having a strong security platform is critical, but it’s important not to ignore the human element either. Employees throughout the retail space, whether they’re on the floor or in the back office, need to be aware of their important responsibility in staying vigilant and reporting potential information security threats.

Read More: ‘Crypto will promote a huge change in the financial service ecosystem,’ believes Roberta Antunes


If data is sensitive and you don’t have a good reason to retain it, then get rid of it!



M7: In this evolving threat landscape, what are some key strategies retailers can adopt in their business models for enhanced protection of data?
AC:
Always look at your data security posture with a critical eye. And that’s not just from the standpoint of making sure your vendors share your security-centric focus, it’s also about looking at the data itself. You should regularly be looking at where your sensitive data resides and asking if it’s possible to reduce the amount of unencrypted data that is stored unnecessarily. If data is sensitive and you don’t have a good reason to retain it, get rid of it! And if you do need to retain it, be sure it’s adequately protected.

ABOUT FUTUREX

For more than 40 years, Futurex has been a trusted provider of hardened, enterprise-class data security solutions. More than 15,000 organizations worldwide, including financial services providers and corporate enterprises, have used Futurex’s innovative hardware security modules, key management servers, and enterprise-class cloud solutions to address their mission-critical systems, data security, and cryptographic needs. This includes the secure encryption, storage, transmission, and certification of sensitive data. For more information, visit futurex.com.

More THOUGHT LEADERS

'Data is the answer to a more effective digital transformation,' says SonicWall's Diane Walker

Media 7 | November 23, 2021

In this interview with Diane Walker, Senior Director of Demand Generation at SonicWall, we had the opportunity to peek into SonicWall's latest high-performance firewall models that are aimed to combat the unprecedented surge of malware and ransomware resulting from a rise in remote and hybrid workforces across enterprises. She shared meaningful insights into SonicWall's vision of cybersecurity, and how modern-day marketers need to reflect on the different levels of the digital buyer journey. Read on to discover effective approaches towards marketing to drive business growth....

Read More

No backup can land companies in serious trouble, warns Tinesh Chhaya, Founder at Decipher Cyber

Media 7 | November 15, 2021

With only a few weeks till the launch of Jenny 2.0, Tinesh Chhaya, Founder at Decipher Cyber, explores the different ways Jenny makes searching and analyzing cybersecurity vendors and service providers easier for businesses who are looking to upgrade their security systems, in this interview with Media 7. Read on to find out how businesses can make digital transformations and hybrid work environments safer from cyber-attacks....

Read More

Q&A with Alastair Speare-Cole, President of Insurance at QOMPLX

Media 7 | August 20, 2021

Alastair Speare-Cole, President and General Manager of the Insurance Division at QOMPLX, leads the overall strategy for the business unit, the development of QOMPLX’s underwriting-as-a-service platform, the management of the company’s Managing General Agent (MGA), as well as setting the direction for the company’s next-generation insurance decision platform that leverages a wide variety of data and advanced analytics to provide advanced risk and portfolio management solutions. Prior to joining QOMPLX, he served as Chief Underwriting Officer at Qatar, and he served as the CEO of JLT Towers from 2012 to 2015. He was also COO at Aon Re for ten years and has also held board appointments at reinsurance and banking subsidiaries in the United Kingdom....

Read More

'Data is the answer to a more effective digital transformation,' says SonicWall's Diane Walker

Media 7 | November 23, 2021

In this interview with Diane Walker, Senior Director of Demand Generation at SonicWall, we had the opportunity to peek into SonicWall's latest high-performance firewall models that are aimed to combat the unprecedented surge of malware and ransomware resulting from a rise in remote and hybrid workforces across enterprises. She shared meaningful insights into SonicWall's vision of cybersecurity, and how modern-day marketers need to reflect on the different levels of the digital buyer journey. Read on to discover effective approaches towards marketing to drive business growth....

Read More

No backup can land companies in serious trouble, warns Tinesh Chhaya, Founder at Decipher Cyber

Media 7 | November 15, 2021

With only a few weeks till the launch of Jenny 2.0, Tinesh Chhaya, Founder at Decipher Cyber, explores the different ways Jenny makes searching and analyzing cybersecurity vendors and service providers easier for businesses who are looking to upgrade their security systems, in this interview with Media 7. Read on to find out how businesses can make digital transformations and hybrid work environments safer from cyber-attacks....

Read More

Q&A with Alastair Speare-Cole, President of Insurance at QOMPLX

Media 7 | August 20, 2021

Alastair Speare-Cole, President and General Manager of the Insurance Division at QOMPLX, leads the overall strategy for the business unit, the development of QOMPLX’s underwriting-as-a-service platform, the management of the company’s Managing General Agent (MGA), as well as setting the direction for the company’s next-generation insurance decision platform that leverages a wide variety of data and advanced analytics to provide advanced risk and portfolio management solutions. Prior to joining QOMPLX, he served as Chief Underwriting Officer at Qatar, and he served as the CEO of JLT Towers from 2012 to 2015. He was also COO at Aon Re for ten years and has also held board appointments at reinsurance and banking subsidiaries in the United Kingdom....

Read More

Related News

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

Contrast Security Launches New Partner Program, Security Innovation Alliance

Contrast Security | February 02, 2023

On February 1, 2023, Contrast Security (Contrast), a leading code security platform, announced the launch of its new partner program, the Security Innovation Alliance (SIA), a worldwide ecosystem of system integrators (SIs), cloud, channel, and technology alliances. SIA's mission is to provide customers with unrivaled, fully integrated application security solutions from Contrast and its strategic alliance partners, which include Amazon/Amazon Web Services (AWS), GitLab Inc., Microsoft, VMware, Armor Code, PagerDuty, Zimperium, Anchore, Wallarm, Neosec, Noname Security, Ermetic, Cloudwize, BLST Security, ProtectOnce, Scribe Security, Wiz, and Legit Security. Furthermore, the team will concentrate on expanding collaborations with SIs, technology providers, and independent software providers (ISVs). SIA and Contrast's robust strategic partner integrations will not only enable partners to integrate with the Contrast Secure Code Platform seamlessly but will also enable clients to realize the following benefits: To use Contrast's services confidently as part of a more extensive program for application security (AppSec). Increase the predictability of security and decrease the risk of implementing new code and AppSec technologies. Increased trust and confidence in already implemented technologies. SIA is designed to boost its partners' business capabilities to satisfy AppSec clients' demands. Contrast collaborates with each partner to deliver a customized experience that meets their specific interests and business requirements, including a streamlined onboarding process, joint marketing campaigns, integration support and access to the company's impressive install base. SIA is led by Goodman, a seasoned Alliance professional, and several other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Frank Gasparovic, Director, Ecosystem Engineering; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances. About Contrast Security Founded in 2014, Contrast Security is a leading code security platform firm purposely created for developers to get secure code flowing quickly and trusted by security teams to protect business applications. With Contrast, developers, security, and operations teams can swiftly secure code across the entire Software Development Life Cycle (SDLC) to defend against today's targeted Application Security (AppSec) threats. It also provides free security testing to all developers through CodeSec. Established by cybersecurity industry experts to replace old AppSec solutions that cannot secure modern organizations, the company defends its customers from major cybersecurity attacks, which include some of the world's top brands, such as BMW, AXA, DocuSign, Zurich, Sompo Japan, and American Red Cross, as well as several other prominent leading Fortune 500 companies.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Arkose Labs™ Introduces Arkose Email Intelligence™

Arkose Labs | January 30, 2023

Arkose Labs™, one of the worldwide leaders in bot management and account security, announced the launch of Arkose Email Intelligence™. This new tool prevents bots and bad actors from using fraudulent or dangerous email addresses to target online services and apps. Legacy email intelligence systems are not optimized and are too costly to utilize in high-volume applications such as new account registration that are targets of bot-driven assaults. Arkose Email Intelligence combines email risk discovery with the industry-leading Arkose Protect, a bot detection and challenge platform, to create the first email intelligence solution. This solution prevents bots and bad actors from using fake, throw-away, and other high-risk email addresses to develop synthetic online accounts and launch volumetric account takeover (ATO) attacks. In the second half of 2022, the creation of bogus accounts increased by 81% compared to the first half. Additionally, 11% of all attack attempt sessions were ATOs in 2022 and were of the same severity. Extremely high market demand exists for an email intelligence service that is both highly effective and reasonably priced. Existing services are exorbitantly costly, often compelling CISOs and product teams to use email intelligence at restricted locations more profoundly in the user flow of an application, such as during the payment transaction. This trade-off leaves important occasions, such as the creation of a new account, exposed to assault and misuse by email addresses that are fake or high-risk. Arkose Email Intelligence is meant to provide robust abuse protection at a much lower cost than previous industry solutions. This allows businesses to afford email intelligence beyond standard transactions. In addition to combating automated and fraud farm attacks, Arkose Email Intelligence offers organizations over forty relevant data insights. These extensive data points and signals give a multidimensional perspective of the risk connected with the email address, allowing for additional threat assessment and decision-making. About Arkose Labs Arkose Labs is one of the industry leaders in bot management. Its novel method identifies genuine user intent and mitigates threats in real time. In addition, risk assessments and interactive authentication difficulties degrade the return on investment (ROI) behind attacks, ensuring long-term security and enhancing consumer throughput. The firm, headquartered in San Mateo, California, with operations in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, United Kingdom, placed 106th on the North American Deloitte Fast 500 list for 2022.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Varonis Introduces Automated Posture Management to Fix Cloud Security Risks

Varonis | January 27, 2023

On January 26, 2023, Varonis Systems, Inc., a leader in data security and analytics, announced the availability of automated posture management to assist clients in resolving security and compliance gaps spanning their SaaS and IaaS systems. Varonis continuously scans, identifies, and ranks cloud security threats, providing CISOs and compliance officers with real-time insight into their data security posture. With this new automation option, users can fix misconfigurations in applications such as Salesforce and AWS with a single click from a unified interface. According to Gartner, through 2025, 99% of cloud security breaches will be the customer's fault. CIOs can counter this by adopting and enforcing rules for cloud ownership, accountability, and risk acceptance. Varonis Field CTO, Brian Vecci, said, “Automated posture management takes the burden of understanding and remediating cloud misconfigurations off the customer.” He also said, “We stay on top of the latest configuration risks and best practices, so you don’t have to. Now, we can not only show you exactly how to improve your security posture, but we can also automatically mitigate risk on your behalf.” (Source – GlobeNewswire) This release marks a significant advancement in cloud data security. Passive data security posture management (DSPM) solutions need manual operations to generate help desk tickets for a person to review and fix in every cloud application manually. Varonis offers a uniform and automated method for minimizing the attack surface of multi-cloud environments. Automated posture management is the most recent tool introduced by Varonis to simplify data security outcomes. Varonis introduced least privilege automation for Google Drive, Microsoft 365, and Box, as well as a new data security posture management (DSPM) dashboard early this month. About Varonis Varonis is a leader in data security and analytics, waging war differently from typical cybersecurity corporations. Instead, Varonis focuses on protecting business data like: Sensitive files and emails Strategic and product plans Financial records Confidential customer, patient, and employee data In addition to data protection, Zero Trust, data governance, compliance, categorization, data privacy, and threat detection and response, Varonis solutions handle various other critical use cases. The company began operations in 2005 and has clients in the financial services, healthcare, industrial, energy and utilities, insurance, technology, media and entertainment, consumer and retail, and education industries, among others.

Read More

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

Contrast Security Launches New Partner Program, Security Innovation Alliance

Contrast Security | February 02, 2023

On February 1, 2023, Contrast Security (Contrast), a leading code security platform, announced the launch of its new partner program, the Security Innovation Alliance (SIA), a worldwide ecosystem of system integrators (SIs), cloud, channel, and technology alliances. SIA's mission is to provide customers with unrivaled, fully integrated application security solutions from Contrast and its strategic alliance partners, which include Amazon/Amazon Web Services (AWS), GitLab Inc., Microsoft, VMware, Armor Code, PagerDuty, Zimperium, Anchore, Wallarm, Neosec, Noname Security, Ermetic, Cloudwize, BLST Security, ProtectOnce, Scribe Security, Wiz, and Legit Security. Furthermore, the team will concentrate on expanding collaborations with SIs, technology providers, and independent software providers (ISVs). SIA and Contrast's robust strategic partner integrations will not only enable partners to integrate with the Contrast Secure Code Platform seamlessly but will also enable clients to realize the following benefits: To use Contrast's services confidently as part of a more extensive program for application security (AppSec). Increase the predictability of security and decrease the risk of implementing new code and AppSec technologies. Increased trust and confidence in already implemented technologies. SIA is designed to boost its partners' business capabilities to satisfy AppSec clients' demands. Contrast collaborates with each partner to deliver a customized experience that meets their specific interests and business requirements, including a streamlined onboarding process, joint marketing campaigns, integration support and access to the company's impressive install base. SIA is led by Goodman, a seasoned Alliance professional, and several other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Frank Gasparovic, Director, Ecosystem Engineering; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances. About Contrast Security Founded in 2014, Contrast Security is a leading code security platform firm purposely created for developers to get secure code flowing quickly and trusted by security teams to protect business applications. With Contrast, developers, security, and operations teams can swiftly secure code across the entire Software Development Life Cycle (SDLC) to defend against today's targeted Application Security (AppSec) threats. It also provides free security testing to all developers through CodeSec. Established by cybersecurity industry experts to replace old AppSec solutions that cannot secure modern organizations, the company defends its customers from major cybersecurity attacks, which include some of the world's top brands, such as BMW, AXA, DocuSign, Zurich, Sompo Japan, and American Red Cross, as well as several other prominent leading Fortune 500 companies.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Arkose Labs™ Introduces Arkose Email Intelligence™

Arkose Labs | January 30, 2023

Arkose Labs™, one of the worldwide leaders in bot management and account security, announced the launch of Arkose Email Intelligence™. This new tool prevents bots and bad actors from using fraudulent or dangerous email addresses to target online services and apps. Legacy email intelligence systems are not optimized and are too costly to utilize in high-volume applications such as new account registration that are targets of bot-driven assaults. Arkose Email Intelligence combines email risk discovery with the industry-leading Arkose Protect, a bot detection and challenge platform, to create the first email intelligence solution. This solution prevents bots and bad actors from using fake, throw-away, and other high-risk email addresses to develop synthetic online accounts and launch volumetric account takeover (ATO) attacks. In the second half of 2022, the creation of bogus accounts increased by 81% compared to the first half. Additionally, 11% of all attack attempt sessions were ATOs in 2022 and were of the same severity. Extremely high market demand exists for an email intelligence service that is both highly effective and reasonably priced. Existing services are exorbitantly costly, often compelling CISOs and product teams to use email intelligence at restricted locations more profoundly in the user flow of an application, such as during the payment transaction. This trade-off leaves important occasions, such as the creation of a new account, exposed to assault and misuse by email addresses that are fake or high-risk. Arkose Email Intelligence is meant to provide robust abuse protection at a much lower cost than previous industry solutions. This allows businesses to afford email intelligence beyond standard transactions. In addition to combating automated and fraud farm attacks, Arkose Email Intelligence offers organizations over forty relevant data insights. These extensive data points and signals give a multidimensional perspective of the risk connected with the email address, allowing for additional threat assessment and decision-making. About Arkose Labs Arkose Labs is one of the industry leaders in bot management. Its novel method identifies genuine user intent and mitigates threats in real time. In addition, risk assessments and interactive authentication difficulties degrade the return on investment (ROI) behind attacks, ensuring long-term security and enhancing consumer throughput. The firm, headquartered in San Mateo, California, with operations in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, United Kingdom, placed 106th on the North American Deloitte Fast 500 list for 2022.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Varonis Introduces Automated Posture Management to Fix Cloud Security Risks

Varonis | January 27, 2023

On January 26, 2023, Varonis Systems, Inc., a leader in data security and analytics, announced the availability of automated posture management to assist clients in resolving security and compliance gaps spanning their SaaS and IaaS systems. Varonis continuously scans, identifies, and ranks cloud security threats, providing CISOs and compliance officers with real-time insight into their data security posture. With this new automation option, users can fix misconfigurations in applications such as Salesforce and AWS with a single click from a unified interface. According to Gartner, through 2025, 99% of cloud security breaches will be the customer's fault. CIOs can counter this by adopting and enforcing rules for cloud ownership, accountability, and risk acceptance. Varonis Field CTO, Brian Vecci, said, “Automated posture management takes the burden of understanding and remediating cloud misconfigurations off the customer.” He also said, “We stay on top of the latest configuration risks and best practices, so you don’t have to. Now, we can not only show you exactly how to improve your security posture, but we can also automatically mitigate risk on your behalf.” (Source – GlobeNewswire) This release marks a significant advancement in cloud data security. Passive data security posture management (DSPM) solutions need manual operations to generate help desk tickets for a person to review and fix in every cloud application manually. Varonis offers a uniform and automated method for minimizing the attack surface of multi-cloud environments. Automated posture management is the most recent tool introduced by Varonis to simplify data security outcomes. Varonis introduced least privilege automation for Google Drive, Microsoft 365, and Box, as well as a new data security posture management (DSPM) dashboard early this month. About Varonis Varonis is a leader in data security and analytics, waging war differently from typical cybersecurity corporations. Instead, Varonis focuses on protecting business data like: Sensitive files and emails Strategic and product plans Financial records Confidential customer, patient, and employee data In addition to data protection, Zero Trust, data governance, compliance, categorization, data privacy, and threat detection and response, Varonis solutions handle various other critical use cases. The company began operations in 2005 and has clients in the financial services, healthcare, industrial, energy and utilities, insurance, technology, media and entertainment, consumer and retail, and education industries, among others.

Read More

Spotlight

Futurex

For over 35 years, Futurex has been a globally recognized provider of enterprise-class data encryption solutions. More than 15,000 customers worldwide have trusted Futurex's innovative technology to provide market-leading solutions for the secure encryption, storage, and transmission of sensitive da...

Events

Resources