Posts from ‘Advanced File Services’
Tokenization 101
I just returned from the PCI Security Standards Council . It was great to spend a couple of days talking tech and trends with other security experts.
The hottest trend this year in the payment security industry is “tokenization”. This technology lifts credit card numbers from sets of data and replaces them with unique one-way tokens (e.g., “234cew23”) in the data instead. The original credit card numbers are stored in a “secure token vault” and may only be retrieved by authorized people and processes who present another set of credentials (preferably two-factor credentials).
The reason businesses find tokenization compelling is because PCI requirements state that data sets with credit card numbers must be treated with more care than data sets without that information (e.g., just your name, expiration date, etc.). The higher degree of care often translates into full encryption, good key management, regular key rotation and a host of other security controls. All these extra controls cost money, so if businesses can ratchet down the sensitivity of their data with tokenization, they can enjoy cost savings by not having to implement (or audit) other security controls.
Anyone buying in at this stage would be an early adopter: the Council has not yet endorsed the use of this technology. However, the Council has formed a working group to come up with specific guidance (e.g., are hashes OK, if so, which ones, are unique IDs OK, etc.), so some level of future acceptance seems likely. So far the working group has only provided a definition of the technology (essentially, the one I provided above). However, a draft recommendation from the Council with specifics is expected around the new year.
We’re two months into ownership of MessageWay and leading the organization through its second acquisition integration has been fun and challenging. It’s especially nice when we can announce a milestone in the integration process, and that will be coming soon with the release of a “translation connector” existing MOVEit Central customers can use to access the translation capabilities we acquired in the MessageWay software.
Development on the necessary integration components has wrapped up and the package has entered QA. If you’re interested in a sneak preview, please contact your sales representative for a demonstration. The screenshot below is from one such demo…
“We are sorry for any concern we are causing anyone at this time.”
It’s pretty certain that those are 13 words that no CEO ever wants to have to say. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.
Seems that some computer files containing the personal information of about 800,000 people might have been misplaced or possibly lost or maybe even stolen.
We’re talking about information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits … just to name a few pieces of personal information, you get the picture.
800,000 records. 800,000 reasons why Managed File Transfer is important. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.
Seems that somewhere in the process of these 800,000 records being shipped to a contractor to be destroyed, and actually getting to the contractor to be destroyed they disappeared.
Boston.com has some information worth reading.
Forgive the obvious Ipswitch plug here, but c’mon, any one of these solutions could help any CEO avoid having to say those 13 words.
So, that’s today’s 800,000 reasons why MFT is important, and how to avoid those 13 words. As a special bonus for you, here’s 7 words you’d surely like to steer clear of:
“We are still searching for those files.’’
Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.
In a July 1, 2010 Register article entitled “the cloud’s impact on security“, Tony Lock provides a definition of “Cloud Escrow”:
“…if you are using external cloud resources, look at how the data and any intellectual property invested in the processing engines employed to manipulate data can be moved to other third party cloud providers, or back into the enterprise, if you need to do that. You could call this ‘Cloud Escrow’.”
This is exactly the benefit you enjoy today by selecting either a MOVEit DMZ on-premise or MOVEit DMZ Hosted Services solution. We can migrate your data into our SaaS environment, we can migrate your data into your private data center. It’s the same application but you choose what deployment model is best for your business.
