Data Protection in the Cloud – Whose Problem Is It Really?

Global Encryption Trends Report: Encryption usage is an indicator of a strong security posture. Is your organization ready? Organizations that deploy encryption extensively throughout the enterprise as opposed to limiting its use to a specific purpose are more aware of threats to sensitive and confidential information and spend more
on IT security.

The Ponemon Institute and Thales e-Security are pleased to present the findings of the 2012 Global Encryption Trends Study. Ponemon surveyed 4,205 business and IT managers in the United
States, United Kingdom, Germany, France, Australia, Japan and Brazil. The purpose of this
research was to examine how the use of encryption has evolved over eight years and its impact of this technology on the security posture of organizations. Join us to learn more and find out how you can determine the barometer of your company’s overall security posture!

Organizations that are expanding their use of encryption technology for data protection are increasingly turning their attention to developing an overarching enterprise key management strategy. However, the complexities of meeting current needs while trying to account for future requirements and evolving virtualization and cloud computing initiatives can easily cause confusion and frustration. This webinar, the second in a two-part series from Securosis and Thales e-Security focused on key management, explains deployment options, describes important technology and management features, and includes a practical checklist to use when selecting a key management solution to best fit the needs of specific projects and environments.

Using cloud computing is like climbing a mountain – the higher you go the harder it is to climb. Moving mundane tasks to the cloud is easy, but for security centric applications the move is harder to make and for those involving regulated data the day may never come. That’s a shame because it’s in just these areas where the strongest economic incentives for moving to the cloud lie. The question is, who is best placed to establish the appropriate security in order to make this particular mountain easier to climb? Should cloud users plan on a “Bring Your Own Security” approach where they assume that the cloud is essentially an untrusted environment where they must wrap their own security around their applications and data, or should cloud providers be responsible for providing appropriate protection as part of a trusted cloud platform where users can feel safe and do what they do best – build applications? This presentation will address the tradeoffs as well as provide practical guidance regarding data protection approaches in a cloud environment.

Thales PKI Webinar: The suitability and trustworthiness of a PKI must be regularly assessed as more higher value applications increasingly depend on it. As the demands on previously deployed PKIs change, consultants and PKI implementers can play a valuable role by examining usage, applications, and data to ensure the appropriate levels of assurance are in place. With the backdrop of well-known attacks on sensitive data, as well as technology advances, implementers must consider critical security factors including:

. Growing industryand government regulatory compliance requirements
. Today’s increased threat environment and sophistication of attacks
. Supported applications and the sensitivity of the data they process
. Expanded use of a PKI to support mobility and cloud computing
. Transition to longer RSA key lengths and alternative algorithms

Join our webcast to learn how to create awareness of the critical need to assess PKIs in the face of new developments, and to ensure they can still do the job. This informative Microsoft PKI implementers session will provide you:

. A security blueprint to create awareness in this critical security matter
. A framework to examine PKI needs against required assurance levels
. A set of best practices to develop action plans to strengthen their PKIs
. Information about how Thales nShield hardware security modules (HSMs) can enhance the assurance level of Microsoft PKIs

Securosis/Thales e-Security Webinar: Over the years, key management has developed a dubious reputation – in a large part due to numerous crypto-enabled products failing to meet enterprise requirements for full lifecycle key management and few being genuinely easy to use. Fortunately, new techniques and tools remove much of the historical pain of key management, setting the stage for better experiences with mature technologies like encryption and PKI as well as a host of new and innovative applications.

In this webinar, Securosis and Thales review encryption and key management basics, outline the four primary key management strategies, show how they map to typical enterprise use cases, and review how to choose a strategy that best fits your organization today while preparing you for tomorrow’s needs.

This Cloud focused webinar is based on the Ponemon research that considers how encryption is used to ensure sensitive or confidential data is kept safe and secure when transferred to external-based cloud service providers. Together, Thales & Ponemon discuss important findings that demonstrate the relationship between encryption and the preservation of a strong security posture in the cloud environment. Based on the research, organizations with a relatively strong security posture are more likely to transfer sensitive or confidential information to the cloud. We'll cover high-level questions asked and issues sought by this research including:

. What percent of organizations currently transfer sensitive or confidential data to external cloud-based services?
. Who is most responsible for protecting sensitive or confidential data transferred to an external cloud-based service provider? Is it the cloud provider, the cloud consumer or is it a shared responsibility?
. Do organizations have the ability to safeguard sensitive or confidential data before or after it is transferred to the cloud?
. Do respondents believe their cloud providers have the ability to safeguard sensitive or confidential data within the cloud?
. In the eyes of respondents, does the adoption of cloud services impact their organization’s security posture?
. Where is encryption applied to protect data that is transferred to the cloud?
. Do organizations fully comprehend or even have visibility of the steps or measures taken by the cloud provider to protect sensitive or confidential data?
. Who manages encryption keys when sensitive and confidential data is transferred to the cloud?

How can you be sure you can recover your data, long-term, ensure that keys are protected from theft, and limit access to all but legitimate users? Key management is the foundation to deploying encryption successfully.
During this webinar Thales e-Security and IBM will discuss:
• The importance of key management for effective encryption solutions
• Determining environmental readiness and solution qualifying criteria
• Six critical requirements of a robust key management system
• A best of breed approach: IBM software in a security-hardened appliance

Whether yours is a small enterprise looking for a reliable point solution, or a global organization with a large investment in centralized IT services, this presentation will inform you on how today’s solutions provide the right fit to accelerate adoption and plan for future growth.

Veja como as organizações brasileiras estão aumentando o uso da criptografia para atender aos novos regulamentos e aos ataques cibernéticos. Pesquisa multi-nacional da Thales conclui que a criptografia e o uso de chaves criptográficas tem se tornado questões estratégicas de negócios para abordar os regulamentos de segurança e gerenciar os riscos

Using cloud computing is like climbing a mountain – the higher you go the harder it is to climb. Moving mundane tasks to the cloud is easy, but for security centric applications the move is harder to make and for those involving regulated data the day may never come. That’s a shame because it’s in just these areas where the strongest economic incentives for moving to the cloud lie. The question is, who is best placed to establish the appropriate security in order to make this particular mountain easier to climb? Should cloud users plan on a “Bring Your Own Security” approach where they assume that the cloud is essentially an untrusted environment where they must wrap their own security around their applications and data, or should cloud providers be responsible for providing appropriate protection as part of a trusted cloud platform where users can feel safe and do what they do best – build applications? This presentation will address the tradeoffs as well as provide practical guidance regarding data protection approaches in a cloud environment.

Thales e-Security and Ponemon Institute have partnered within the security community to identify and understand the trends that shape the market. This webinar will examine the usage of encryption and how it has been evolving. Having recently completed the “2011 Enterprise Encryption Trends Report” that focuses on compliance pressures and cyber-attacks targeting sensitive data that is leading IT organizations to alter their encryption strategies, this webinar will provide insight from surveyed I.T. workers across various job functions. You'll hear how they're leveraging encryption technology in order to protect their critical information assets. Since compliance laws differ around the world, encryption trends tend to vary greatly in various markets. Are your assets being fully protected?

Join Thales e-Security and guest speaker Larry Ponemon to learn more about this exciting webinar topic on April 26, 2012 at 2:00 pm EST!

Advanced persistent threats (APTs) like Stuxnet and Duqu have caused many software-producing organizations to re-examine their code signing operations – specifically the security of private signing keys that underpin the integrity of the entire process. What many don’t realize is that they can both increase the assurance level of their code signing AND simplify and automate their code signing workflows at the same time!

Join Thales security expert Peter DiToro on April 24, 2012 at 2:00pm EST for an informative session where you will learn how to:
• Provide high assurance protection for private code signing keys and digital signature operations
• Automate and simplify code signing workflows in multi-workstation environments
• Apply cryptographic best practices to significantly reduce the risk of malicious software alteration and protect your brand.

Thales e-Security and Oracle will discuss database security solutions levering encryption and key management for users of Oracle 11g R2. You'll learn about the "standards of due care" and why HSMs (hardware security modules) play an important role in meeting compliance and auditing requirements.

Thales and Microsoft will discuss high assurance database encryption for Government Microsoft SQL Server users. Learn how to:
• Enhance the security of your Microsoft SQL database using built-in TDE and the extensible key management feature
• Achieve operational ease with centralized key management in a scalable manner across multiple databases
• Simplify regulatory compliance by protecting critical master keys in certified hardware with advanced separation of duties capabilities

Thales and Microsoft will discuss high assurance database encryption for Microsoft SQL Server users in the financial services industry. Learn how to:
• Enhance the security of your Microsoft SQL database using built-in TDE and the extensible key management feature
• Achieve operational ease with centralized key management in a scalable manner across multiple databases
• Simplify regulatory compliance by protecting critical master keys in certified hardware with advanced separation of duties capabilities