The strategic importance of encryption Securing business data and traffic throughout its journey

Size: px
Start display at page:

Download "The strategic importance of email encryption Securing business data and email traffic throughout its journey"

Transcription

1 A White Paper by Bloor Research Author : Nigel Stanley Publish date : November 2007 This document is Copyright 2007 Bloor Research

2 Some traffic is now far too important to encrypt solely at an organisation s gateway to the outside world Nigel Stanley

3 page 1 Summary As is now fully embedded as a business tool and is being used to transfer critical, sensitive data, it is becoming increasingly important to provide a secure, robust and manageable encryption service for users. encryption cannot be addressed as a standalone proposition. It must be considered as part of an organisation-wide encryption service, providing security for other applications and line of business solutions. Some traffic is now far too important to encrypt solely at an organisation s gateway to the outside world. The rise of the inside threat means that all organisations need to consider who can access internal messages and ensure that this risk is mitigated, if appropriate, from sender through to recipient. A mature, blended approach to encryption that encompasses an intelligent analysis of the risks to data and the associated data value will enable organisations to implement a cost effective, robust and reliable solution. encryption should be of strategic concern to businesses given the possible value of data contained in many messages. Appropriate levels of encryption should be applied intelligently. now mainstream and mission critical For any sizeable organisation is probably the top, mission critical application used by the company. Of course customer database systems, finance applications and product design systems are important but it can be legitimately held that is the glue that holds an organisation together and provides major support for critical processes with suppliers, partners and customers. With this ubiquitous and important nature comes the responsibility of ensuring that messages sent and received via an system remain secure at all times. Users are not going to think about the sensitivity of their message before they send it; rather technology, enabled and controlled by policies, needs to come to their rescue and ensure that messages are appropriately secured. It is very rare for an organisation to mandate less security in its IT systems. In fact the relentless march of new threats places pressure on us all to increase our levels of security to ensure we can match new and emerging attacks. is one of the most potent business tools that we have, but also one of the most vulnerable systems for attack. The volume of organisational smarts that can travel out of the virtual front door via can be staggering. Quotes, legal information, contracts, customer data and just about every type of document you can think of will be transported via . Due to the prevalence of it must be considered as a top priority in any corporate security and encryption strategy. Implementing firewalls, intrusion prevention and hygiene devices is fine on the one hand, but if confidential traffic is in a plain, unencrypted format there will exist a fundamental flaw in an organisation s security strategy. Reputational risk Many CEOs see their role as keeping their corporations out of the headlines of the Wall Street Journal or Financial Times for anything other than good reasons. Building a brand, with an associated reputation, takes years and can be destroyed in days following allegations of inappropriate behaviour which can often include data losses facilitated by insecure, inappropriate or vindictive messages. In fact an organisation can be one away from significant if not terminal damage. Reputational risk is now more likely following the enactment of various corporate behaviour laws such as Sarbanes Oxley, the Payment Card Industry Data Security Standard and the EU s Data Privacy Directive all of which place responsibility, in different measures, on corporate executives. In addition, over 30 states in the US have enacted Breach of Information Legislation that forces organisations and agencies to disclose security breaches involving personal information, and a federal law is being actively discussed. Internationally, countries are drafting similar provisions to protect consumers and the EU is likely to see legislation by 2009.

4 page 2 As well as attracting reputational risk there is a direct requirement, in many instances, for organisations to compensate users for subsequent financial loss due to a breach. Research from the Ponemon Institute showed a breach to cost $182 per record in sees a rise to $197 per record with the increase attributable to increasing legal costs. encryption and a wider security strategy encryption should never be considered in isolation from a broader security strategy that touches all parts of an organisation and protects data wherever it goes. Fundamental to this security strategy must be the issue of encryption and how data, in any of its forms, can be secured from prying eyes according to an organisation s overall data protection strategy. Historically encryption had been perceived as difficult and costly to implement, due in part to the issue of key management and difficulties with administration. Creating, authenticating, distributing and recovering public and private keys was a time consuming task and placed a burden on the IT department. Policy decisions needed to be made with regard to how keys were safely distributed, refreshed or placed into secure storage had decryption been required. Additionally, placing demands on users to go through more steps to encrypt messages or deviate from their standard working methods meant that encryption was patchy at best, and non-existent at worst. Wider issues, such as departmental politics, need to be addressed, as an organisation has to be aware of how to prevent pockets of unrecoverable, encrypted data appearing across a network. Robust key management and a focus on an achievable policy are critical in preventing silos of unrecoverable data. Point solution or strategic approach? There are many IT security solutions that perform the role of a point solution; that is, they solve a very particular security issue. Some organisations have a strategy of adopting best of breed solutions, for example the best firewall, the best intrusion prevention system and the best database security tool. Whilst this approach will deliver very good point solutions, orchestrating these applications to work coherently together can often be almost impossible as they may be based on different standards, technologies, or incompatible management interfaces. This not only increases the time and cost of deploying and maintaining technology but means valuable IT staff and resources could have been used on other projects. An alternate approach would be to adopt a single provider of a solution set, on the basis that the elements will work together and there is one vendor to deal with. In some instances this may result in the adoption of a solution component that is not best of breed, but in many cases the solution is more than adequate and easier manageability makes up for any shortfalls. encryption needs to be considered as part of a broader encryption strategy as the complex issues of, for example, key management, policy creation and reliability can only be properly addressed as part of a strategic approach to encryption for the entire organisation. It is unlikely that a number of point encryption solutions would be successful as management issues would be compounded leading to huge practical problems. Bloor Research believes that for a critical infrastructure service such as encryption, a single vendor solution, from a leading supplier, is the best strategy. Software or appliance based encryption? Appliances encapsulated servers that contain preconfigured hardware and software are, quite rightly, popular in many small and medium sized businesses. The deployment of an appliance can often be as straightforward as placing it into a rack and switching it on, giving us the notion of a FedEx system upgrade. That is, a new system is simply mailed or delivered by van for easy, instant installation. For many security applications this is a valid and useful approach. For larger enterprises with complex multi-site operations, many of which may operate 24x7, appliance-based solutions are generally unable to provide the depth and breadth of effective encryption seen from an enterprise software approach. Issues around scalability, redundancy and practical systems management make a software-based approach to encryption a more suitable choice for large scale organisations. The growth of virtualisation technologies is raising another challenge to appliance vendors as enterprises see the possibility of hosting multiple security systems on preexisting but under-utilised servers, increasing the return on what could be considerable hardware investments. From gateway to gateway When and where should you encrypt your traffic? Is it at the client or is it at the gateway prior to sending to the recipient? Or maybe the encryption is only from the gateway to the recipient client? Or maybe a combination of all of the above is appropriate? Many organisations are happy with the placing of an gateway of some description that encrypts messages as they leave the corporate perimeter. These gateways are often appliances that process s as they leave and enter the organisation. The problem with gateway encryption is that s are still travelling around the organisation unencrypted and in plain text, vulnerable to prying malware or interception prior to being encrypted by the gateway.

5 page 3 Figure 1: traffic is only encrypted once it passes through the gateway In some circumstances, organisations with data deemed to be of low value or not a risk may find gateway encryption appropriate, but those needing a higher level of security based on the type of work they do or value of data they manage will need to look a bit deeper. Why? Threats to an organisation need not always come from an external source, and indeed threats to an organisation s secure data can be just as damaging from internal users who make mistakes. Most businesses and organisations have in place basic security arrangements that enable them to conduct their day to day work. For many this will entail the provision of a relatively safe and protected building for employees to come to work secure in the knowledge that they will be able to leave the premises at the end of the day without either harming themselves or the business. IT security is dealt with in more or less the same way. The business will put together sufficient technologies so that it can undertake its day to day work, with security implemented appropriately. The level of security protection can range from nothing through to complex intrusion prevention and detection systems combined with state of the art firewalls. Unfortunately most of this effort is targeted at keeping the bad people out. For many who are not IT security experts their visualisation of the topic comprises just this lots of barriers and obstacles to prevent unauthorised people from getting in. No one would disagree with this approach, but keeping the bad people out is only half the problem. What if the bad people are already inside your organisation? What about those upset about poor bonuses looking for a quick exit? This type of insider threat is a real and present danger. Just one incident can have material consequences on a business. Most vulnerable to outside interference would be the ubiquitous mobile user with a handheld device. Tour any financial centre and see the thousands of city whiz kids passing data around in form, with goodness knows what data being passed in plain text. Unless these s are secured using a consistent policy as implemented by an organisation s desktop and gateway encryption products before they leave the handheld device, organisations leave a big gap in their security measures. This immediately demonstrates how perimeterless modern enterprises now are, and puts added pressure on messaging security experts to ensure their is as secure as possible. Remember a $300 device could contain data worth $millions to the right individual or organisation. If the lost data contained customer information then an organisation will need to fix the data breach and report the loss to customers at possibly great financial and brand equity expense. Historically, consideration was given to securing traffic based on a departmental need such as HR, legal and executive messages which were deemed to be sensitive. It is the opinion of Bloor Research that this approach is too simplistic as the nature of s generated by those further down the hierarchy can be just as compromising as those created higher up. In this case encryption needs to be considered as a corporate-wide solution.

6 page 4 From end point to end point A more suitable encryption option that offers better coverage for more sensitive data would be to put in place a security technology that requires all messages to be encrypted at the time they are sent from a client any client. That way there would never be insecure traffic as we now have whole journey encryption for each and every being sent. Data Value & Risk to Data Higher Suited to lower risk/value data Partial journey encryption only Does not deal with inside threat issue More scalable Suited to high value and sensitive Mitigates inside threat issue Full journey encryption A challenge with this approach is how to make the encryption seamless to the user asking users to manually encrypt s each time they are sent is a sure fire recipe for wasted investment in security technology. All it takes is a single user not following policy for the investment in technology to be wasted. By using software that integrates into the heart of an system as well as an existing directory structure user intervention is not required and system management made a lot easier. Organisations that deal with legal, financial, medical or any other classically sensitive data should seriously consider the benefits of end point based encryption. Risk vs. data value the blended approach It is apparent that most businesses will adopt a blended approach to their encryption as they balance the value of the data against the cost of ensuring it is protected. By reviewing the type of data being sent, the roles of individuals and the overall encryption strategy, a mixture of no encryption, client-based and gateway-based encryption is the most probable, and sensible, outcome. Implementing an encryption solution If you work in an organisation that handles sensitive data then encryption is a must have. The best model for this encryption is an end point to end point (client to client) basis anything else leaves you subject to a security violation. The implementation of a client to client solution need not be onerous, and you would expect a leading vendor to have a product that would interoperate with your current system providing the tools and infrastructure to enable deployment and management across a desktop estate. Lower No Encryption Figure 2: Approaches to encryption Less key management required Gateway Encryption This solution must also have the capability to reflect organisational security policies in the s being sent; for example picking up keywords, sender details or recipient information and then applying an appropriate level of encryption based on relevant sensitivities. It is important to have strong integration with content scanning and data leakage prevention systems. An client encryption product that is also extensible enough to take part in an enterprise encryption strategy that secures data ranging from USB flash drives through to file servers is a must have, as previously discussed. Throughout, user workflow and productivity must not be impacted with encryption implemented transparently and enforced by policy. Market overview Blended Encryption Encryption Solutions More key management required Endpoint Encryption encryption can be implemented by using a hardware appliance or by software installed on a server or clients such as desktop/laptops and smart phones. An appliance-based approach to encryption may be a valid approach for some small and medium sized organisations with fixed, specific requirements. For larger organisations an appliance-based approach to encryption may not be flexible enough and may become severely limiting in a short period of time. In addition an appliance will only provide encryption services from the gateway onwards it will not address the issue of encrypting internal traffic.

7 page 5 A software based encryption product provides a more flexible and manageable environment for larger organisations. It will also be easier to integrate into a broader IT management infrastructure, especially if the vendor is able to provide enterprise data encryption and the choice of endpoint or gateway level encryption. Well-proven and extensible key management is critical to any solution that is implemented. The ability to quickly and seamlessly issue, recover and manage keys is core to the successful implementation of and other strategic encryption applications deployed today and in the future. Purchasing issues and points to consider A decision will need to be made early on regarding the nature of the encryption solution being evaluated. Tactical purchases are easier to make but are likely to lead on to problems later with poorer management tools and weak scalability. Any savings in the short term will be quickly lost due to increased management and limited functionality. A strategic encryption solution should be considered in most cases. This should be capable of securing traffic from end point to end point and via gateways depending on an organisation s specific risk profile, data value and deployment considerations. Whatever approach is required, the encryption functionality should be one element of a broader encryption strategy for an organisation. The vendor relationship with a provider of encryption services needs to be considered in depth. You will be buying more than a simple encryption product; instead you will be purchasing a strategic element of your overall security strategy. Consideration needs to be given to the make up of a potential vendor, their support infrastructure, fiscal soundness, broader encryption strategy, international reach, road map, focus and history of working with encryption. Together these should give you a belief in the vendor s soundness and fitness for purpose.

8 Bloor Research overview About the author Bloor Research has spent the last decade developing what is recognised as Europe s leading independent IT research organisation. With its core research activities underpinning a range of services, from research and consulting to events and publishing, Bloor Research is committed to turning knowledge into client value across all of its products and engagements. Our objectives are: Save clients time by providing comparison and analysis that is clear and succinct. Update clients expertise, enabling them to have a clear understanding of IT issues and facts and validate existing technology strategies. Bring an independent perspective, minimising the inherent risks of product selection and decision-making. Communicate our visionary perspective of the future of IT. Founded in 1989, Bloor Research is one of the world s leading IT research, analysis and consultancy organisations distributing research and analysis to IT user and vendor organisations throughout the world via online subscriptions, tailored research services and consultancy projects. Nigel Stanley Practice Leader Security Nigel Stanley is a specialist in business technology and IT security. For a number of years Nigel was Technical Director of a leading UK Microsoft partner where he lead a team of consultants and engineers providing secure business IT solutions. This included data warehouses, client server applications and intelligent web based solutions. Many of these solutions required additional security due to their sensitive nature. From 1995 until 2003 Nigel was a Microsoft Regional Director, an advisory role to Microsoft Corporation in Redmond in recognition of his expertise in Microsoft technologies and software development tools. Nigel had previously worked for Microsoft as a systems engineer and product manager specialising in databases and developer technologies. He was active throughout Europe as a leading expert on database design and implementation. Nigel has written three books on database and development technologies including Microsoft.NET. He is working on a number of business-led IT assignments and is an executive board member of a number of privately held companies. He has significant experience in security and related activities and is practice leader for security at Bloor Research.

9 Copyright & disclaimer This document is subject to copyright. No part of this publication may be reproduced by any method whatsoever without the prior consent of Bloor Research. Due to the nature of this material, numerous hardware and software products have been mentioned by name. In the majority, if not all, of the cases, these product names are claimed as trademarks by the companies that manufacture the products. It is not Bloor Research s intent to claim these names or trademarks as our own. Whilst every care has been taken in the preparation of this document to ensure that the information is correct, the publishers cannot accept responsibility for any errors or omissions.

10 Suite 4, Town Hall, 86 Watling Street East TOWCESTER, Northamptonshire, NN12 6BS, United Kingdom Tel: +44 (0) Fax: +44 (0) Web:

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web

More information

Enterprise Data Protection

Enterprise Data Protection PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Why SAAS makes sense: The benefits of Cloud Computing for Email Archiving

Why SAAS makes sense: The benefits of Cloud Computing for Email Archiving Why SAAS makes sense: The benefits of Cloud Computing for Email Archiving Confidentiality This document contains confidential material that is proprietary to Gradian Systems Ltd. The material, ideas, and

More information

IBM Data Security Services for endpoint data protection endpoint encryption solution

IBM Data Security Services for endpoint data protection endpoint encryption solution Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such

More information

White Paper. Architecting the security of the next-generation data center. why security needs to be a key component early in the design phase

White Paper. Architecting the security of the next-generation data center. why security needs to be a key component early in the design phase White Paper Architecting the security of the next-generation data center A White Paper by Bloor Research Author : Fran Howarth Publish date : August 2011 teams involved in modernization projects need to

More information

White Paper: Cloud Security. Cloud Security

White Paper: Cloud Security. Cloud Security White Paper: Cloud Security Cloud Security Introduction Due to the increase in available bandwidth and technological advances in the area of virtualisation, and the desire of IT managers to provide dynamically

More information

Email Security Solutions

Email Security Solutions TECHNOLOGY REPORT Email Security Solutions 1 TECHNOLOGY REPORT SUPPLEMENT EMAIL SECURITY TECHNOLOGY REPORT IF YOUR EMAIL IS SO CRITICAL, CAN YOU BE SURE IT S REALLY REALLY PRIVATE? FIND THE FULL RESULTS

More information

White Paper. The benefits of basing email and web security in the cloud. including cost, speed, agility and better protection

White Paper. The benefits of basing email and web security in the cloud. including cost, speed, agility and better protection White Paper The benefits of basing email and web security in the cloud A White Paper by Bloor Research Author : Fran Howarth Publish date : July 2010 the outsourcing of email and web security defences

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

A New Standard in Encrypted Email. A discussion on push, pull and transparent delivery

A New Standard in Encrypted Email. A discussion on push, pull and transparent delivery A New Standard in Encrypted Email A discussion on push, pull and transparent delivery By ZixCorp November 2010 2 Email enhances our daily business life. It enables efficient, real-time communication, unites

More information

White. Paper. The SMB Market is Ready for Data Encryption. January, 2011

White. Paper. The SMB Market is Ready for Data Encryption. January, 2011 White Paper The SMB Market is Ready for Data Encryption By Mark Peters January, 2011 This ESG White Paper was commissioned by Tandberg Data and is distributed under license from ESG. 2011, Enterprise Strategy

More information

Email Encryption Made Simple

Email Encryption Made Simple White Paper For organizations large or small Table of Contents Who Is Reading Your Email? 3 The Three Options Explained 3 Organization-to-organization encryption 3 Secure portal or organization-to-user

More information

White Paper. The Importance of Securing Emails as Critical Best Practice within Financial Services. Executive Summary

White Paper. The Importance of Securing Emails as Critical Best Practice within Financial Services. Executive Summary White Paper The Importance of Securing Emails as Critical Best Practice within Financial Services IN THIS WHITE PAPER 1. Latest survey results Attitudes toward data security within Financial Services conducted

More information

Guidance on data security breach management

Guidance on data security breach management Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction

More information

White Paper. When email archiving is best done in the cloud. ease of use a prime consideration

White Paper. When email archiving is best done in the cloud. ease of use a prime consideration White Paper When email archiving is best done in the cloud A White Paper by Bloor Research Author : Fran Howarth Publish date : June 2010 An email archiving service provided in the cloud is a viable alternative

More information

White Paper. The benefits of a cloud-based service for web security. reducing risk, adding value and cutting costs

White Paper. The benefits of a cloud-based service for web security. reducing risk, adding value and cutting costs White Paper The benefits of a cloud-based service for web security A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 By using a service based in the cloud, protection against

More information

A Comprehensive Plan to Simplify Endpoint Encryption

A Comprehensive Plan to Simplify Endpoint Encryption A Comprehensive Plan to Simplify Endpoint Encryption Managing SEDs, BitLocker, and FileVault Together from the Cloud Executive Summary Encryption is an essential component of any information security plan.

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

V1.4. Spambrella Email Continuity SaaS. August 2

V1.4. Spambrella Email Continuity SaaS. August 2 V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable

More information

SORTING OUT YOUR SIEM STRATEGY:

SORTING OUT YOUR SIEM STRATEGY: SORTING OUT YOUR SIEM STRATEGY: FIVE-STEP GUIDE TO TO FULL SECURITY INFORMATION VISIBILITY AND CONTROLLED THREAT MANAGEMENT INTRODUCTION It s your business to know what is happening on your network. Visibility

More information

Email Compliance in 5 Steps

Email Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

Central and Eastern European Data Theft Survey 2012

Central and Eastern European Data Theft Survey 2012 FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe Ever had the feeling that your competitors seem to be in the know about your strategic plans

More information

Email Encryption Made Simple

Email Encryption Made Simple Email Encryption Made Simple For organizations large or small Table of Contents Who Is Reading Your Email?....3 The Three Options Explained....3 Organization-to-organization encryption....3 Secure portal

More information

Managing Security Risks in Modern IT Networks

Managing Security Risks in Modern IT Networks Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

White Paper. The benefits of a cloud-based email archiving service. for use by organisations of any size

White Paper. The benefits of a cloud-based email archiving service. for use by organisations of any size White Paper The benefits of a cloud-based email archiving service A White Paper by Bloor Research Author : Fran Howarth Publish date : June 2010 Given the importance placed today on emails as a means of

More information

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management This guide will show you how a properly implemented and managed SIEM solution can solve

More information

Five reasons SecureData should manage your web application security

Five reasons SecureData should manage your web application security Five reasons SecureData should manage your web application security Introduction: The business critical web From online sales to customer self-service portals, web applications are now crucial to doing

More information

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure Real-time protection backed by the largest investment in security infrastructure Overview delivers inbound and outbound messaging security, with effective and accurate real-time antispam and antivirus

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee

More information

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information

More information

White Paper: Managing Security on Mobile Phones

White Paper: Managing Security on Mobile Phones White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile

More information

Assessment of Software for Government

Assessment of Software for Government Version 1.0, April 2012 Aim 1. This document presents an assessment model for selecting software, including open source software, for use across Government, and the wider UK public sector. 2. It is presented

More information

Protecting Your Data On The Network, Cloud And Virtual Servers

Protecting Your Data On The Network, Cloud And Virtual Servers Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public

More information

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co.

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ 0844 586 0040 intouch@digitalpathways.co.uk Security Services Menu has a full range of Security Services, some of which are also offered as a fully

More information

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

How Cloud Computing Can Accelerate Endpoint Encryption:

How Cloud Computing Can Accelerate Endpoint Encryption: How Cloud Computing Can Accelerate Endpoint Encryption: Managing Self-Encrypting Drives in the Cloud Executive Summary Cloud computing is transforming IT for businesses of all sizes, but not without significant

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Simple Security Is Better Security

Simple Security Is Better Security Simple Security Is Better Security How small and medium-sized businesses can benefit from cloud-based security By Tsailing Merrem, Senior Product Marketing Manager Most vendors seem to assume that small

More information

Tumbleweed MailGate Secure Messenger

Tumbleweed MailGate Secure Messenger EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT Tumbleweed MailGate Secure Messenger JANUARY 2007 www.westcoastlabs.org 2 EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT CONTENTS MailGate Secure Messenger Tumbleweed

More information

Secured email Enterprise eprivacy Suite

Secured email Enterprise eprivacy Suite EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT Secured email Enterprise eprivacy Suite JANUARY 2007 www.westcoastlabs.org 2 EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT CONTENTS Secured email Enterprise eprivacy

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom

More information

PineApp TM Mail Encryption Solution TM

PineApp TM Mail Encryption Solution TM PineApp TM Mail Encryption Solution TM How to keep your outgoing messages fully secured. October 2008 Modern day challenges in E-Mail Security Throughout the years, E-Mail has evolved significantly, emerging

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Compliance in the Corporate World

Compliance in the Corporate World Compliance in the Corporate World How Fax Server Technology Minimizes Compliance Risks Fax and Document Distribution Group November 2009 Abstract Maintaining regulatory compliance is a major business issue

More information

Symantec Messaging Gateway powered by Brightmail

Symantec Messaging Gateway powered by Brightmail The first name in messaging security powered by Brightmail Overview, delivers inbound and outbound messaging security, with effective and accurate real-time antispam and antivirus protection, advanced

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

FIREWALLS VIEWPOINT 02/2006

FIREWALLS VIEWPOINT 02/2006 FIREWALLS VIEWPOINT 02/2006 31 MARCH 2006 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre for the Protection

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge This paper will present a case study of Lumeta s participation in an open

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

White paper. Why Encrypt? Securing email without compromising communications

White paper. Why Encrypt? Securing email without compromising communications White paper Why Encrypt? Securing email without compromising communications Why Encrypt? There s an old saying that a ship is safe in the harbour, but that s not what ships are for. The same can be said

More information

AB 1149 Compliance: Data Security Best Practices

AB 1149 Compliance: Data Security Best Practices AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Table of Contents. Page 2/13

Table of Contents. Page 2/13 Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities

More information

Effective Intrusion Detection

Effective Intrusion Detection Effective Intrusion Detection A white paper by With careful configuration and management, intrusion detection systems can make a valuable contribution to IT infrastructure security s Global network of

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

email management solutions

email management solutions Safeguard business continuity and productivity with Mimecast email management solutions Computacenter and Mimecast in partnership Expert software solutions Computacenter and Mimecast help organisations

More information

ObserveIT User Activity Monitoring

ObserveIT User Activity Monitoring KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on

More information

The Evolving Threat Landscape and New Best Practices for SSL

The Evolving Threat Landscape and New Best Practices for SSL The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS Traditionally, IT risk management has balanced security investment and the impact of the threat, allowing each business

More information

Implementing Transparent Security for Desktop Encryption Users

Implementing Transparent Security for Desktop Encryption Users Implementing Transparent Security for Desktop Encryption Users Solutions to automate email encryption with external parties Get this White Paper Entrust Inc. All All Rights Reserved. 1 1 Contents Introduction...

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

In-House Vs. Hosted Email Security. 10 Reasons Why Your Email is More Secure in a Hosted Environment

In-House Vs. Hosted Email Security. 10 Reasons Why Your Email is More Secure in a Hosted Environment In-House Vs. Hosted Email Security 10 Reasons Why Your Email is More Secure in a Hosted Environment Introduction Software as a Service (SaaS) has quickly become the standard delivery model for critical

More information

Hosted vs. On-Site Email

Hosted vs. On-Site Email S P I C E W O R K S R E S O U R C E P A P E R REPORT Introduction 1 Feature Comparison 2 What About the Risks? 3 Cost 4 Conclusion 6 Introduction T I M E T O R E C O N S I D E R H O S T E D E M A I L Until

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone Parent Teacher Online

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Database Security in Virtualization and Cloud Computing Environments

Database Security in Virtualization and Cloud Computing Environments White Paper Database Security in Virtualization and Cloud Computing Environments Three key technology challenges in protecting sensitive data Table of Contents Securing Information in Virtualization and

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex

More information

Overview TECHIS60341. Carry out security architecture and operations activities

Overview TECHIS60341. Carry out security architecture and operations activities Overview The protection of information, services and systems relies on a range of technical and procedural activities, often grouped in a framework. The framework will contain technical and logical, physical

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

NAC at the endpoint: control your network through device compliance

NAC at the endpoint: control your network through device compliance NAC at the endpoint: control your network through device compliance Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION Technology Overview, Business Justification, and Resource Requirements Introduction to Data Loss Prevention Intelligent Protection for Digital Assets Although

More information

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

White Paper: Cloud Solutions for Continuity

White Paper: Cloud Solutions for Continuity White Paper: Cloud Solutions for Continuity 2014, igroup ltd. All rights reserved. INTELLECTUAL PROPERTY DISCLAIMER This white paper is for informational purposes only and is provided as is with no warranties

More information

Securing data at rest white paper

Securing data at rest white paper Securing data at rest white paper An enterprise strategy for data encryption and key management Introduction: The data security imperative... 2 Enterprise data-at-rest security landscape today... 2 Challenges

More information

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

The True Story of Data-At-Rest Encryption & the Cloud

The True Story of Data-At-Rest Encryption & the Cloud The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

Data Loss Prevention Best Practices for Healthcare

Data Loss Prevention Best Practices for Healthcare Data Loss Prevention Best Practices for Healthcare The perils of data loss Table of Contents This white paper is co authored with Siemens Healthcare First Steps to Data Loss Prevention....3 You Cannot

More information