• A Backdoor by Any Other Name 2017-11-13

    “I love strong encryption. Strong encryption is a great thing.” That’s what FBI Director James Comey had to say earlier this month in his keynote speech at a Boston cybersecurity conference. The quote might have surprised a few people, given last year’s confrontation between the FBI and Apple over cell phone encryption, and Comey’s public warnings that the FBI is increasingly unable to access encrypted information on phones, laptops, and other devices. Has the Director had a change of heart?

    Read more: A Backdoor by Any Other Name

  • Brexit and GDPR: What to Expect 2017-11-13

    When it rains, it pours. After the European Commission adopted the GDPR in April 2016, businesses around the world scrambled to make sense of the new data security law and the obligations it imposed. And then, less than two months later, came the Brexit referendum and the UK’s decision to leave the EU. Organizations who hadn’t yet come to terms with the GDPR were suddenly faced with the prospect of creating not one, but two new data protection strategies—one to meet the EU regulations, and another to comply with whatever rules would apply in the UK after its exit from the EU was complete. It was hardly surprising when companies in North America and elsewhere began to consider leaving the European market entirely, rather than dealing with the complexity and uncertainly that the legal developments had created.

    Read more: Brexit and GDPR: What to Expect

  • Client-Side Encryption vs. End-to-End Encryption: What’s the Difference? 2019-07-03

    In a world of proliferating cyber threats and constant data exchange, encryption continues to gain visibility as the single most important tool for long-term information security. In fact, a report from Forrester named data encryption as one of the top global cybersecurity trends of 2017. Now more than ever, individuals and businesses are looking for ways to use encryption to keep their sensitive information safe from data thieves, spies, and other cyber threats.

    Read more: Client-Side Encryption vs....

  • Cyber Wars: PKWARE Takes the Lead on Cybersecurity 2018-01-08

    It's easy to say that our society needs better cybersecurity. The daily barrage of cyber attacks against companies, government agencies, and individuals has made that that clear enough. The hard part is finding a path forward— developing a strategy that involves the right stakeholders, addresses the right threats, and strikes the right balance between privacy and security. It seems that for every step we take toward better security, we take a step back as politicians, law enforcement officials, and corporate leaders continue to pursue conflicting agendas.

    Read more: Cyber Wars: PKWARE Takes the Lead...

  • Data Discovery and Why It Matters 2017-11-13

    These are exciting days at PKWARE. On July 11, we launched Smartcrypt Data Discovery, one of our most significant product releases in recent history. With this enhancement, our already-unique Smartcrypt platform now lets customers take an entirely new approach to protecting their sensitive data.

    Read more: Data Discovery and Why It Matters

  • Data Protection Officer: Do You Need One? 2017-11-13

    Data protection is no longer the domain of the IT manager. Enterprise organizations are dealing with larger data volumes, more data-dependent business models, and more unpredictable cyber threats than ever before. These pressures, along with new regulations passed in response to them, have moved the conversation about data protection from the IT department to the boardroom. One of the most visible signs of this shift is the emergence of a new role at corporations and government agencies: the data protection officer.

    Read more: Data Protection Officer: Do You...

  • Do You Have an Entropy Problem? 2018-02-14

    Consider a typical AES encryption key: 256 binary digits, arranged into one of an unthinkably large number of possible combinations. You feel safe using that key, because you know that it would take every computer in the world, working nonstop for longer than the age of the universe, to produce that exact same combination of digits. Assuming you keep it protected, the only people who will ever know the key are the ones who are supposed to have it. But have you ever stopped to wonder where exactly that combination of digits came from? The people trying to steal your data may be wondering the same thing.

    Read more: Do You Have an Entropy Problem?

  • Encrypt from Day One: Data Protection for Startups 2017-11-13

    Before it has funding, a marketing campaign, customers, or even an office, a startup has one all-important asset: information. In fact, you could say that every startup begins its existence as information itself, in the form of a codebase, a blueprint, a business plan, or some other form of intellectual property. As a company grows, it will collect vast amounts of new information in a variety of forms—customer data, transaction records, plans for additional products—all of which are critical to its survival and success. Unfortunately, few startups recognize just how much protection their data requires. A strategy based on network and device security, no matter how sophisticated it might be, simply isn’t enough to keep data secure. Companies that fail to encrypt their data are taking an unnecessary risk that can rob them of their ability to grow and compete.

    Read more: Encrypt from Day One: Data...

  • GDPR Is a Year Away: Will You Be Ready? 2017-11-13

    In May 2018, the European Union’s new General Data Protection Regulation will take effect, forcing companies that do business in the EU to comply with strict new standards for data privacy and security. While it won’t have the force of law for another 14 months, the GDPR is already influencing data protection strategies around the globe.

    Read more: GDPR Is a Year Away: Will You Be...

  • Government Agencies Get Their Cybersecurity Marching Orders 2017-11-13

    After months of delays, the Trump administration has issued its first executive order on cybersecurity, signaling the direction that the federal government’s new strategy will take. The order addresses three broad topics: the security of federal networks, protections for critical infrastructure, and cybersecurity for the general public. Among its calls to replace outdated technology and to create a more capable cybersecurity workforce, the order contains one directive that will make an immediate difference in how the government manages its cybersecurity programs.

    Read more: Government Agencies Get Their...

  • Insider Threats and How to Survive Them 2017-11-13

    We’ve seen it in countless horror movies. The good guys, on the run from a homicidal maniac, barricade themselves inside a house. They booby-trap the yard, seal off the doors, and board up the windows, only to discover that the killer is already INSIDE THE HOUSE. As familiar as the plotline might be in slasher films, it’s even more common in the world of cybersecurity. Organizations spend millions on firewalls, intrusion detection systems, and other perimeter defenses, only to find that their sensitive data is being compromised by their own employees and business partners.

    Read more: Insider Threats and How to...

  • Is Runaway Encryption Sabotaging Your Security? 2017-11-13

    Sometimes, an organization’s biggest information security headaches come not from the ill-intentioned, but from employees who are trying to do the right thing. As companies and government agencies create and exchange unprecedented volumes of sensitive data, uncontrolled or “runaway” encryption is becoming a serious concern for organizations around the world.

    Read more: Is Runaway Encryption Sabotaging...

  • New York and the Future of Cybersecurity Legislation 2017-11-13

    Now that the first real cybersecurity law in US history is on the books, can we expect to see more of the same? New York’s cybersecurity law for the financial services industry, 23 NYCRR 500, took effect on March 1. The law is making headlines not because it creates a heavy new burden for compliance, but because it takes a broader view of information security than any previous state or federal law. As a highly visible attempt to set priorities and minimum standards, the New York regulations have the potential to influence the long-term direction of cybersecurity legislation in the United States.

    Read more: New York and the Future of...

  • PKWARE and Boldon James: Find It, Classify It, and Encrypt It 2017-12-14

    The rising epidemic of data breaches, the evolution of internal and external cyber threats, and increasingly demanding privacy regulations have put pressure on companies around the world to become more proactive about protecting sensitive information against loss, theft, and misuse. For many organizations, a proactive approach to information security means establishing data governance policies and creating an operational framework for encryption. Strong data encryption is the best way to secure data while allowing the right people to access it, and has become a must-have component of information security in the eyes of consumers, government regulators, and corporate boards. But encryption alone is rarely a complete solution.

    Read more: PKWARE and Boldon James: Find It,...

  • PKWARE Earns a Spot in the Cybersecurity 500 2017-11-13

    We're pleased to announce that once again, PKWARE has earned recognition as one of the world's most influential and innovative cybersecurity companies. The latest edition of the Cybersecurity 500, published by Cybersecurity Ventures, ranks PKWARE among the top information security firms worldwide.

    Read more: PKWARE Earns a Spot in the...

  • PKWARE Listed Prominently in Latest Gartner Hype Cycle 2017-11-13

    Even when you know you’re doing things right, it’s nice to get external validation, especially when it comes from experts in the field. That’s why we’re thrilled to report that PKWARE is listed three separate times in the latest Gartner Hype Cycle Reports for Threat-Facing Technologies. The Gartner report, which focuses on technologies that protect enterprise IT infrastructure against advanced cybersecurity threats, lists PKWARE by name in three categories: format-preserving encryption, enterprise key management, and database encryption.

    Read more: PKWARE Listed Prominently in...

  • Securing Our Infrastructure: Not Easy, But Not Optional 2017-11-13

    The world got a glimpse of the future in December 2015, when hackers—presumably Russian—shut down a Ukrainian power station, leaving hundreds of thousands of people without electricity. Although numerous reports had documented the vulnerability of power grids to cyber threats, the Ukraine breach was the first large-scale demonstration of the havoc a hostile organization can create with an attack on public infrastructure. In this case, power was restored after a few hours with relatively little lasting damage. The next time, things may be much worse.

    Read more: Securing Our Infrastructure: Not...

  • Stolen Trade Secrets, the Lack of Encryption, and Self-Driving Cars 2017-11-13

    A complicated—and ultimately unnecessary—lawsuit is winding its way through the California courts this year, as Waymo and Uber clash over stolen trade secrets. Here are a couple of undisputed facts: a Waymo employee stole 14,000 documents from Waymo servers pertaining to self-driving car technologies, and Uber hired the former Waymo employee. Now Waymo accuses Uber of using those stolen documents, and wants the courts to shut down its self-driving car research. Unfortunately for Waymo, the courts ruled that the stolen documents don’t meet the standards for trade secrets—and that Uber can keep moving forward on self-driving car research.

    Read more: Stolen Trade Secrets, the Lack of...

  • The Heathrow USB Drive Didn't Have To Be a News Story 2017-11-30

    What happens when someone sees a USB drive lying on the sidewalk? About half of the time, as multiple experiments have demonstrated, the person will pick up the drive, take it home, and plug it into his or her computer. What happens next depends on what’s on the drive. If it contains identifying information, the finder might return it to its rightful owner. If it contains malware, it might kick off a widespread cybersecurity crisis. If it contains a few gigabytes of classified airport security information, including patrol timetables and maps of the security facilities used by foreign dignitaries, it becomes one of the most embarrassing security breaches of the year.

    Read more: The Heathrow USB Drive Didn't...

  • The NYCRR 500 Transition Period Is Over – Are You In Compliance? 2017-11-13

    Six months ago, the New York State Department of Financial Services formally adopted a set of cybersecurity requirements for banks, insurance companies, and other financial services companies that operate in New York. These requirements, commonly known as NYCRR 500, represent the first real cybersecurity law in the United States. After an initial 180-day transition period, several of the law's provisions are now in effect.

    Read more: The NYCRR 500 Transition Period...

  • The RNC Data Breach - Important Lessons, Learned the Hard Way 2017-11-13

    Even as data breaches go, this one was ugly. Deep Root Analytics, a data analysis firm hired by the Republican National Committee to profile voters during the 2016 presidential campaign, left sensitive information on nearly 200 million American citizens on an unsecured web server. The data—more than a terabyte in all—included potential voters’ home addresses, phone numbers, and birthdates, as well as details on their religious preferences and ethnic backgrounds. Anyone with the URL for the server could download the files without needing to enter so much as a password.

    Read more: The RNC Data Breach - Important...

  • The UK's New Data Protection Bill - What Will It Mean For You? 2017-11-13

    The last two years have been challenging ones for organizations that do business in the UK. Last spring, when the UK was still part of the EU, the European Parliament adopted the General Data Protection Regulation, marking a fundamental shift in Europe's rules for collecting and processing personal data. Just two months later, UK voters passed the Brexit referendum, leaving companies and individuals in confusion as to which data protection laws would apply. Now, with the recently-announced Data Protection Bill, the UK government is taking steps to define the country's post-Brexit approach to data protection. As expected, the new law will implement most of the GDPR's provisions regarding individual rights and corporate responsibilities. However, the UK will deviate from the GDPR in at least a few areas, potentially creating a second set of requirements for companies that operate both in the UK and on the continent.

    Read more: The UK's New Data Protection Bill...

  • When They Ask If You're Encrypting, "I Don't Know" Is the Wrong Answer 2017-11-17

    Two months after it first disclosed the theft of 145 million consumers' personal information, Equifax is still finding ways to make the story worse. In the latest round of congressional hearings, Richard Smith, Equifax's former CEO, confirmed that the lack of encryption on the stolen data was not caused by an error or oversight, but by a conscious decision not to encrypt. That decision seems questionable, to say the least, given that the people whose data Equifax lost had essentially no say in whether their information was part of the database to begin with. As perplexing as Richard Smith's testimony may have been, it was the company's new interim CEO, Paulino do Rego Barros Jr., who provided the day's most difficult-to-believe sound bite.

    Read more: When They Ask If You're...