Busting the Top 5 Myths of Protecting Data in Motion
Fibre tapping is on the increase due to the high success rate currently enjoyed by cyber criminals targeting data in motion. A recent survey* conducted by Trustwave and published in their 2013 global security report, found that “Attackers were more successful at maintaining persistence and harvesting data in transit than they were at attacking stored data. Despite this a recent Spiceworks survey* of IT pros found that “29% of respondents are not encrypting ANY data in motion.”
Add to this that high profile fibre tapping cases are becoming public news and increasing, and all of this contributes to the real need to protect data in motion from cyber threats.
By protecting the data itself with encryption you render it useless to a 3rd party, but as with all technology applied to a business need, this brings about some common myths.
Join this live webinar and hear Stan Mesceda, Senior Product Manager, High Speed Encryption, de-mystify the top 5 most common myths about protecting data in motion, listed below:
•Ethernet is inherently secure/Fibre is not tappable
•VPN/MPLS/IPSEC doesn't affect performance
•My carrier is required to let me know if my data is breached
•Encryption is complicated
•Encryption is only affordable for the big guys
Then following this discussion, learn about the business and technology benefits of encryption data in motion.
Register today to join this insightful webinar
*survey stats quoted are from the Trustwave 2013 Global Security Report and Spiceworks Voice of IT survey deployed to 200 IT pros worldwide conducted on behalf of SafeNet, July 2014
RecordedOct 8 201459 mins
Your place is confirmed, we'll send you email reminders
John Ray, Product Management and Danna Bethlehem, Product Marketing Gemalto and Josh Chambers, Product Management at F5
Securing and monitoring your network and cloud environments has changed over the past few years and compliance and government regulations will add to it. Network traffic monitoring tools have been presented as a solution to meeting compliance and performance on a network. But monitoring alone is not enough. In terms of security, companies need to holistically secure their network, cloud and data, no matter where their users are accessing from.
This joint webinar between F5 and Gemalto will help attendees prepare for the next-generation of secure network access as more data resides in more places with more people accessing it. It will also walk them through the integration between F5 and Gemalto and what options this partnership offers.
In this webinar, you will earn how to:
•Reduce the risk of breaches by ensuring that only authorized users are accessing network, using the F5 environment as an example
•Protect & encrypt your customer data
•Manage secure cloud access
•Comply with regulations
Paul Lockley, VP of Partnerships at Device Authority and Gorav Arora, CTO Office Director of Products
One of the biggest obstacles to IoT adoption is security. Our recent survey found 65% of consumers are concerned about hackers controlling IoT devices and 60% worry about their data being stolen. Recent widespread attacks using IoT device vulnerabilities has also highlighted how interconnected the system is and one weak link creates a ripple effect Securing the identities of both humans and machines, access to the devices and protecting the integrity of the data and device opens the door to more opportunities. For example, the ability to manage blockchain identities and data security policies across any IoT deployment.
In our joint webinar with Device Authority, our experts will outline how security by design methodology helps future proof IoT deployments. They will have an open conversation and a question and answer session on topics that customers are dealing with, related news topics, compliance and government regulations, business opportunities and technologies that are changing the game. Join us to hear more about how using the security by design approach can help:
•Identify and manage risks and challenges in the short and long term
•Prepare for legislation and compliance
•Create new opportunities for a secure blockchain-based IoT
•Leverage new technology like machine learning and analytics
The security challenges of companies large and small is changing. This is especially pronounced in the access management space as IT admins and CISOs are faced with more identities and devices across a growing number of cloud applications. In our recent survey, we found 72% of respondents found cloud access management tools as a solution to reducing the threat of large scale data breaches, while 62% highlighted the tools ability to help simplify the login process for their enterprise users.
In an organization, individuals dealing with security have different goals and objectives. Aligning them can be a challenge. We will look at the priorities of the user, IT teams and CISOs – where they are linked and where they diverge. To build effective risk-based access policies, you need to start with a living IAM strategy that takes into account geolocation, threats, unusual behavior and scenario based data. Using policy-based access management, internally and externally for example in the cloud, is helping enables aligning the different security teams in an organization and automate and simplify the log-in process for users as well. During the webinar attendees will walk away with an understanding of:
-Analyzing personas within your organizations security team to improve IAM solution implementations
-Things to consider when building your access management strategy
-Building risk-based access management policies across multiple applications or cloud environments
With a growing number of cloud apps in use, more employees working remotely increasing the need for stronger authentication. This is driving IT decision makers to find ways to ‘consumerize’ the login process. To get a better understanding of access management challenges and views on the industry Gemalto surveyed 1,000 IT decision makers to compile the 2018 Identity and Access Management Index. During this webinar, we will share some of the fascinating key findings that will shape cybersecurity and the way enterprise IT professionals evaluate and implement access management technology. Join us to learn more about:
•2018 key findings and trends
•How consumerization of IAM can be achieve in the enterprise security space
•How organizations can maintain security while lowering barriers to authentication
•Evolution of IAM Trends: A look at the historical numbers compared to the new findings
Larry Ponemon, Chairman and Founder of the Ponemon Institute and Jason Hart, CTO office for data protection
95% of companies have adopted cloud services but the 2018 Global Cloud Data Security Survey found there is a wide gap in the level of security precautions applied by companies in different markets. Organizations admitted that on average, only two-fifths (40%) of the data stored in the cloud is secured with encryption and key management solutions. This is disturbing since only a quarter (25%) of IT and IT security practitioners revealed they are very confident they know all the cloud services their business is using,
The reality is cloud creates challenges in knowing where your data resides and what or who has access to it. In 2018, breaches like Uber and Accenture occurred because of improperly configured security for web and cloud applications that were connected to a company’s network. A major catalyst to address this is upcoming regulations and compliance, which are trying to catch up with cloud adoption. Over the next few years, companies will be faced with more complicated and intricate auditing to demonstrate security and privacy best efforts in the cloud.
During this webinar, Larry Ponemon, Chairman and Founder of the Ponemon Institute, and Jason Hart, CTO of Data Protection, will walk attendees through the research methodology, key findings and how things have changed over the past couple of years. Join us to learn more about:
-2018 Global Cloud Data Security Findings
-Compliance and cloud security: How will this work?
-A shift in the budget: Where is IT spending their money?
-Country breakdown of IT cloud security: Who is doing the best?
-What can you do to secure the cloud and comply with regulations?
Mor Ahuvia, Authentication Product Marketing at Gemalto
Organizations with Microsoft environments, such as Azure or Office 365, are inclined to implement Microsoft’s native access management solutions (namely, Azure AD and AD FS). Defaulting to Microsoft’s cloud SSO solutions may appear to be the best choice, a closer examination of these solutions reveals critical downsides, as well.
Join this webinar to learn the five things to consider before implementing Microsoft’s access management solutions. You will also see a demo of how you can centrally define access management policies (including cloud SSO and step-up authentication) for Microsoft and 3rd party apps with a vendor agnostic-solution.
Eric Avigdor, DIrector of Product Management at Gemalto
Two critical European regulations are rolling out in 2017 and 2018. The General Data Protection Regulation (GDPR) is designed to strengthen the safeguards around personal data and create a more uniform standard within the European Union (EU), while eIDAS is the European Regulation aimed at creating a framework for cross-border electronic identification and transactions across EU member countries.
Paperless vs. Privacy is a real issue facing business in the EU, and around the world. Both eIDAS and GDPR have global ramifications and affect a broad group of industries. Complying with both of these regulations can be a real hardship for some small to mid-size companies.
Please join us for our BrighTalk webinar where our resident Public Key Infrastructure expert, Eric Avigdor, will help you tread the waters of eIDAS vs. GDPR. Which one is most important for your business? What are the consequences of non-compliance? We will also discuss how to comply with multi-factor authentication, physical access, and encryption requirements.
Jean-Pierre Mistral, Director of Global Data Privacy and Alex Hanway, Encryption Product Marketing
Join us for a new webinar in our series focused on helping companies prepare for the upcoming global government regulations, like European General Data Protection Regulation (GDPR). Data sovereignty, especially for cloud-first companies, is becoming an important part of any security strategy as these data breach regulations go into effect next year. Being able to demonstrate best efforts to protect the privacy of an individual’s data will be a requirement and non-compliance will have hefty monetary ramifications.
This webinar will walk attendees through what Gemalto has already done and is doing to prepare for data privacy regulations from product management to sales operations and more. Our Director of Global Data Privacy, Jean-Pierre Mistral, will share how and what we have done, takeaways and timelines and Alex Hanway, Product Marketing, will cover the different technologies companies can use to mitigate the risk of non-compliance and what this means for business operations globally.
Join us to hear more about:
•What is GDPR?
•Case Study: A look at how Gemalto has prepared for GDPR
•The implications for local businesses and technologies that can help mitigate risk around complying with data privacy regulations
Join experts from Commvault, Fujitsu and Gemalto in this panel-style webinar to learn more about GDPR.
With the fast approaching May 25th deadline, the General Data Protection Regulation (GDPR) is on the mind of every IT department, as it will have a significant impact across all areas of every organisation.
To help you get prepared, we’ve got some industry experts from leading organisations with GDPR practices, for an online panel discussion on the practical steps IT departments will have to take to get their organisation ready. The panel includes Fujitsu’s GDPR lead for Ireland, a qualified DPO and security expert from Gemalto, plus a GDPR data management expert from Commvault.
•Practical IT challenges related to GDPR from security and data management perspectives
•Recommended steps to prepare for and meet GDPR requirements within the IT department
•Key tips, and things to watch out for
•How to get started and identify the gaps to be addressed
This session will include a live Q&A (via chat) with the presenters.
Danna Bethlehem, Director Product Marketing, Gemalto
The deadline to comply with Payment Card Industry Data Security Standard (PCI DSS) 3.2 is quickly approaching, leaving many businesses scrambling to understand and meet compliance requirements. Join us for an hour and learn more about the mandate and how you can prepare and be ready by February 2018.
This webinar will discuss and provide helpful information on the upcoming mandate including:
•Overview of PCI DSS 3.2
•What is new in PCI DSS 3.2 and what that means for your business
•Comprehensive solutions that will help you ensure compliance
•Mapping solutions to the needs of your department
Please visit our BrightTalk channel to register for the webinar.
Eric Hanselman, Chief Analyst at 451 Research and Michael Gardiner, Security Lead for CTO office, Gemalto
The cloud provides organizations with elasticity and speed and by 2018 60% of an enterprises’ workloads will run in the cloud says 451 Research. The amount of business operations running in the cloud means organizations have more cloud computing service providers, with a typical enterprise having roughly six. This requires companies to develop and implement a multi-cloud strategy, especially when it comes to security. But each CSP has its own security offerings and integrations sometimes making the process confusing and complex. Even prior to the cloud, encryption and key management have presented challenges for many organizations, but with encryption becoming ubiquitous – a strong key management strategy is key. This is especially important with industry mandates and government regulations like European General Data Protection Regulation (GDPR) and U.S state data breach disclosure laws.
In this joint webinar with 451 Research, we will cover topics including:
-Building a multi-cloud security strategy for encryption and key management
-Best practices, benefits and pitfalls of managing your own security
-Impact of regulations on data protection in the next few years
-Understanding the different CSP requirements for key management:
oCustomer-Supplied Encryption Key (CSEK)
oBring Your Own Key (BYOK)
oHold Your own Key (HYOK)
oGeneral cloud service provider key management services overview
Eric Avigdor, Director of Product Management at Gemalto
With the deadline for DFARS (Defense Federal Acquisition Regulation Supplement) quickly approaching, many business are scrambling to meeting compliance requirements. An important part of DFARS addresses the need for strong, two-factor authentication, as well as physical access controls to organizational information systems, equipment, and the respective operating environments to authorized individuals.
Are you prepared? If you’re like many other government contractors and subcontractors, a little advice may be needed to navigate the waters of physical and user access controls.
Gemalto’s Identity and Protection expert, Eric Avigdor, will be present and informative look at DFARS and what options are available to ensure compliance. What Eric will discuss:
•Overview of DFARS mandate
•Use cases – our experience from the field
•Comprehensive solutions that meet the multi-factor authentication and physical access controls required by the DFARS mandate
•Mapping solutions to the needs of your department
Blockchain technology is popping up everywhere from the currency market to smart contracts. The growth in the technology is evident from the investments being made, for example, PwC estimated that in the last nine last nine months of 2016, $1.4 billion had been invested globally in blockchain startups. This stems from its potential to enable efficiencies and cost-saving opportunities based on moving to a decentralized approach and away from the current centralized systems. With all the hype around blockchain, companies need to cut through the hype and ask the question - when does blockchain actually make business sense?
Blockchain is not a silver bullet and cannot solve every problem. There is also the added complexity of managing the security of many distributed nodes can only be justified by gaining business benefits from using blockchain. In this webinar, we will look at a business qualifying approach to blockchain to help you evaluate valid blockchain use cases and identify the security needs surrounding blockchain operations. Join us to learn more on:
•Securing blockchain from the edge to the core
•The operational benefits and pitfalls of blockchain technology
•Our 4 step qualification process for blockchain business opportunities:
1.Is there an established business process?
2.Are there more 3 parties involved – i.e. is it a distributed problem?
3.Is it important that the data being exchanged is trusted and considered to be factually accurate?
4.Would automation improve the performance of the process?
The explosion of cloud-based applications in the enterprise is making IT and security professionals rethink their cloud identity management strategy. By default, every cloud user creates an average of 17 cloud identities. But catering to 17 different user stores per employee or partner is simply not scalable from an administration perspective. And as if IT’s time is not precious enough, password resets account for 20% of helpdesk tickets. This adds to the compliance and security risks associated with cloud-based applications, which by default require only weak static passwords and offer no central point of management across disparate cloud-based services.
Join Stephen Allen, Gemalto Product Manager for Authentication and Access Management, and learn how deploying an Identity Provider enables:
•Cloud Single Sign-On for easy access to cloud apps
•Regulatory compliance with standards such as PCI DSS
•Reduced identity lifecycle overheads
•Centralized management of cloud access policies
•Increased security with step-up authentication
Nanda Mohan Shenoy, CAIIB, CISA - Bestfit Business Solutions and Prasun Srivastava - Solution Expert, IDP, Enterprise & Cyber
The India's Unique Identification numbers (UIDs), also named "Aadhaar numbers" contain Personally Identifiable Information (PII), the Unique Identification Authority of India (UIDAI) has mandated that the private cryptographic keys used to digitally sign and authenticate the UIDs must be stored in a Hardware Security Module (HSM).
In addition to HSMs, the UIDAI has also mandated the use of tokenization – replacing sensitive data with a token that can be securely stored, processed and transmitted as of August 2017.
Join this live webinar to know more about how to easily conform to the mandate:
•What is UIDAI's requirements?
•Why HSM and tokenization?
•How to ensure Aadhaar numbers are protected?
•What makes Gemalto's SafeNet Luna HSM and KeySecure unique?
•How to meet UIDAI's compliance mandates?
Adrian Davis, Managing Director, (ISC)² EMEA, Jan Smets, Certified Data Protection Officer, Gemalto
The introduction of GDPR is set to bring data protection to the top of businesses’ priority lists. So how can businesses ensure they are compliant and what steps do they need to take?
In this webinar, certified DPO Jan Smets with provide a six-step overview to help achieve compliance:
1) Understand the GDPR legal framework
2) Create a Data Register
3) Classify your data
4) Start with your top priority
5) Assess and document additional risks and processes
6) Revise and repeat
Law enforcement and defense organizations need secure access to sensitive data, and to provide services and to collaborate with others, while protecting the public, and any confidential information. Faced with these challenges, meeting compliance regulations such as Criminal Justice Information Services Security Policy (CJIS-SP) , is a priority for most organizations, especially as audits draw near.
Did you know that the Criminal Justice Information Services Security Policy (CJIS-SP) requires that data be encrypted when it is transmitted outside a secure facility, even within the same agency
“When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via cryptographic mechanisms (encryption)”
Join us for an informative webinar where you will learn how to secure your data in transit as it moves across your internal and external network, to help ensure compliance with the FBI mandate.
•Overview of CJIS-SP mandate
Network vulnerabilities and how Ethernet encryption can help secure data in motion
•Use cases – hear how various agencies have successfully deployed network encryption to secure their data and meet audit requirements
•Mapping solutions to the needs of your organization
For more information on dealing with multi-factor authentication in the CJIS audit, check our part one in the series: https://www.brighttalk.com/webcast/2037/258091
Data breaches in 2016 got even more personal with big hacks of adult entertainment sites and social media databases. Hackers mined these for gold, in other words, valuable data to create social engineering attacks, ransom operations and identity theft. According to Gemalto’s Breach Level Index, the number of stolen, compromised or lost records increase by 86% in 2016, while the number of breaches decreased by 4%. Hackers are going after more data than ever before, and they are finding it in large databases that are left relatively insecure.
Whether consciously or not, hackers have grasped the idea of situational awareness. They have figured out how to exploit these golden opportunities by keeping a pulse on what is going on. It seems too simple to be true, but it goes back to the age-old principle of information is power. Getting the information comes from being aware of one’s surroundings. To become situationally aware, companies need to change their mindset- building a walled garden isn’t an option anymore. During the webinar, we will look at the major data breach trends and findings from 2016 and discuss how this information can help develop your situational awareness. Join us as we cover topics like:
-What we can learn from Jason Bourne about knowing one’s surroundings
-What we can learn from hackers to better protect valuable data
-What we as security professionals can do by going back to the basics of accountability, integrity, auditability, availability and confidentiality
-How to change our mindset in a new era of a hacker driven gold rush
Helaine Leggat, an legal expert in data protection regulations and Graeme Pyper, Regional Director at Gemalto
The Gemalto’s Breach Level Index reported 1.4 billion data records compromised worldwide in 2016, up 86% from 2015. Closer to home, there were 44 & 16 voluntarily reported breaches in Australia and New Zealand respectively. With the new Privacy Amendment (Notifiable Data Breaches) Act 2017 in Australia, these numbers are expected to increase dramatically as organisations are required to declare any “eligible data breaches”.
Navigating these regulations such as the Australian Privacy Act and European General Data Protection Regulation (GDPR) and the impact they will have can be daunting. Organisations must start planning ahead to mitigate the potential risks of being non-compliant. The implications of a data breach can go beyond compliance. In 2014, the Target breach had a massive impact on the company’s brand reputation, while last year’s announcement of the Yahoo! data breach cost the company nearly $1.7 billion in stock market value.
During this webinar, Helaine Leggat, an legal expert in data protection regulations will discuss the Australian Privacy Act Amendment in detail, what it means for businesses in Australia and internationally. Graeme Pyper, Regional Director at Gemalto will provide recommendations to help prepare for the 2018 deadline. We will share industry best practices and methodologies companies can evaluate to simplify a government audit process. Join our experts to ask questions and learn more about:
•The local and global government data privacy regulations (Australia and Europe)
•Gauging the true cost of a data breach and how to reduce the scope of risk
•Understanding privacy by design throughout business
•Strategies for simplifying operations for regulation and internal audits
•Determining current industry compliance, which may be applicable to the APA and GDPR