26 Jun 2005:
AN EYE OPENER FOR BANKS, GOVERNMENTS, RETAILERS
130,000 Australian credit card holders have been caught up in a massive security
breach in the US where an unauthorised individual infiltrated CardSystems Solutions
Inc., (a third party payment processor) computer systems and may have stolen up
to 40 million credit card numbers.
This theft is costing Australian card companies un-necessary expenses as well as
brand damage, productivity loss, potential future legal suits and consumer anger
management.
The re-issuance cost to banks as estimated in press is $20 or more per card and
for 130,000 Australian card holders easily add to $2,600,000. This does not take
into account other cost such as notification cost by card companies as we have read
in press by our banks to thousands of their users. Furthermore, consumers could
pay for up to ten of millions of dollars, a shocking amount, in undetected transactions
over a period of months or years.
Could banks, government, retailers, card companies do something proactively to prevent
above? Are there any technological breakthroughs?
There are a number of technological breakthroughs using cryptography in purpose
built data privacy appliance. This architecture is proven by a number of banks,
government organisations and card companies in US and Europe. Australian and Asian
companies understand the benefits and are already taking steps in testing the solutions.
Randtronics, an Australian and Asia Pacific company distributing Ingrian's DataSecure
products has been closely working with a number of card companies in Australia and
Asia Pacific region and testing ways of protecting any sensitive data (credit card
details, personal details, health details, etc..) residing in plain text in computers
at their data centres. Ingrian's DataSecure Solution provides dynamic real-time
encryption of data in databases and application servers. This ensures critical information
(like credit card numbers) is visible in plain text only to those that are authorised
to view it, while it is encrypted for all other users, both within and outside the
organisations. With DataSecure Solution organisations can be confident that even
if sensitive data was compromised in any way, it will never be exposed in plain
text to unintended audience.
Whilst the technical benefits are evident, the actual implementation often is hampered
by slower decision making process within organisations. We hope the above incident
and potential cost is an eye opener. The solution as available today can be implemented
within weeks and is proven as per working systems at major organisations around
the world.
Australia and South Korea is almost keeping pace with data privacy standards as
seen in Europe and US. We have seen government and MasterCard, Visa and Amex re-work
the data privacy standards. In particular, the PCI standard from Visa and Master
cards calls for encryption of data amongst other security measures. This standard
comes into effect 30th of June and we believe encryption at Application layer would
have certainly prevented the attack at CardSystems. We feel the government and Visa/Master/Amex
should re-look at methods of enforcing the data privacy standards.
14 Feb 2005:
DataSecure 4.0 Scales Encryption in the Enterprise
New Software Offers Enhanced Scalability, Performance, LDAP Integration, and Replication
REDWOOD CITY, Calif.-February 14, 2005-IngrianT Networks, Inc., the leading provider
of data privacy solutions, today announced a major new product release that significantly
boosts scalability and eases the process of encrypting critical data in larger enterprises.
Ingrian DataSecureT Platform, release 4.0, delivers a range of new features designed
to improve performance, strengthen AAA support, and increase administrative controls.
The new capabilities and enhancements will enable organisations to implement encryption
with more reliability and scalability, while lowering their total cost of ownership
(TCO) with new integration features that require less time and training from IT.
New features and enhancements include:
a.. Improved performance. A single appliance can now handle over 8,000 cryptographic
operations per second, with latency of less than 0.3 ms for a single request.
b.. Strengthened AAA Support. This new release offers advanced authorization policies;
enhanced logging and statistics; more granular access control lists (ACLs); and
integration with an external LDAP server for user authentication, enabling customers
to leverage existing directory servers and policies.
c.. New enterprise deployment features. New features include intuitive configuration
of server clusters via the user interface to support scalability and failover, and
more granular backup/restore options, including the ability to select which keys
will be backed up.
d.. More robust administrative controls. New features enable administrators, via
a graphical user interface and via an XML interface, to do secure replication of
all configuration information, including keys, groups, and user profiles.
"Most of the enterprises we've worked with are being compelled, whether by privacy
legislation or the prospects of data theft, to encrypt sensitive data," explained
Karim Toubba, Ingrian's vice president of product management and marketing. "Traditionally,
encrypting sensitive data at rest has posed significant challenges, such as complex
application integration, time-consuming maintenance, and poor performance.
These challenges are exacerbated within the complex environments of most large-scale
enterprises.
We're pleased to provide a solution that enables organisations to deploy encryption
in large-scale, complex environments while avoiding these traditional obstacles."