Gemalto’s Three Step Approach

Every company has a Plan A for how to stop cyber criminals from getting into the network and stealing data. Build a wall around the data with next generation super-duper firewalls, throw in some AV and IDS, and sprinkle it all with some SIEM. It is a plan that has not changed much in the past 10 years. But even with newer APT and UTM security technologies, the bad guys continue to win. In fact, the problem is only getting worse because when it comes to data security, Plan A is often the only plan companies have.

What is really needed is a Plan B when Plan A fails. That way, there is a backup plan to contain the damage once hackers get past the perimeter defences.

MPA and Gemato / SafeNet offers a simple three step process to achieving a successful Plan B:

01: Where is your data?

Adversaries are after your data; take the time to identify all emerging threats to your organisation. You should move your security controls as close as possible to the data. By embedding protection on the assets themselves you ensure that even after the perimeter is breached, the information remains secure.

Whether structured or unstructured, data that exists in physical, virtualized and cloud environments can all be encrypted.

02: Where are your encryption keys?

At the heart of any data encryption solution are the secret cryptographic keys used for encrypting and decrypting sensitive data. Lost or stolen keys can take down the entire data and security infrastructure.

The volume and variety of data that needs to be encrypted in a secure breach environment involves potentially millions of encryption keys.

A crypto management platform enables centralized management of the entire key lifecycle across the extended enterprise. On-going rotation, storage, backup, deletion and creation of keys is required to avoid security vulnerabilities leading to exposed data.

Remember, encryption is only as strong as its crypto management platform.

03: Who is accessing your data?

Good crypto management will safeguard your sensitive data, but you also need to control who has access to it. The proliferation of mobile devices and cloud-based applications are creating points of vulnerability, warranting more stringent internal controls.

Relying on a simple username and password creates a false sense of security. This is not a strong method for protecting you, your company, your data or your customers. Strong authentication requires users to login to online resources with something they know – a username – combined with something they have – such as a onetime passcode that is generated on a separate token. Only users possessing a combination of both factors will be given access.

Sameer Shaikh -
Consultant  

Sameer has over 11 years of experience in sales and customer service roles in the technology, financial, wholesale trade and retail sector in India, UAE, United Kingdom and New Zealand.

At MPA Sameer is applying his expertise in customer management and business development to maintain existing business relationships as well as developing new business opportunities.

He also shares responsibility in the sales and purchase order entry and logistics areas.

Sameer has a Bachelor of Science degree.


Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
2014: The Year Encryption Comes of Age More >
The key to a secure BYOD-enabled enterprise More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >