There are no absolutes, particularly when it comes to security, but the cloud can be a safe place to store sensitive personal and financial data if managed properly, according to a prominent data security firm.
Securing the cloud is not a slam dunk, but as an increasing number of companies look to the cloud as a means to reduce cost and increase agility, the need to secure the cloud is upon us. Unfortunately, the skills necessary for most IT professionals to assume responsibility for ensuring reliable cloud security are lacking, according to a new survey.
The 2011 RSA conference concluded this week in San Francisco with a sense that security is more important than ever given threats from hostile nations and organizations including al-Qaeda. Nevertheless, business is determined to move applications and data to the cloud because of the dramatic cost and flexibility advantages that the cloud promises. However, securing the cloud takes special skillsâskills that most IT security practitioners today don't possess.
A survey of more than 10,000 security professionals from 100 different countries conducted by Frost & Sullivan, the "2011 Global Information Security Workforce Study," indicated that nearly three-fourths of the respondents say they need new skills to deal with the cloud, and 90 percent say they require a more detailed understanding of how to secure cloud technology. Half of the respondents also say they need to improve their contract negotiation skills with cloud providers.
Regardless, the move to the cloud is quietly, but emphatically, taking place with more than half of survey respondents saying their organizations already use some type of cloud computingâwith about 16 percent using public cloud services and 42 percent using SaaS.
While cloud security may have been the predominant theme of the RSA conference, other sessions focused on mobile security, emerging threats from social media, cyberwarefare, and privacy. One company familiar to IBM midrange professionals, nuBridges, took the opportunity to announce its new cloud-based tokenization service, nuBridges Protect Tokenization as a Service (TaaS). The online service is designed for companies who want to protect personally identifiable information (PII) and electronic health records (EHR), as well as credit (payment) card data.
Intended to protect structured data at rest, such as social security numbers, national insurance numbers, drivers licenses, passports, salaries, addresses, and account numbers etc., nuBridges TaaS service enables users to connect via web services with the company's data vault, hosted by Verizon Business. It keeps all sensitive data in a single location while substituting tokens throughout the client company's various computer systems. nuBridges in turn manages the sensitive data, creates tokens, ensures the data is backed up, that service level agreements are met, and that encryption keys are rotated and managed properly. As with on-premise tokenization, TaaS reduces exposure of a company's sensitive data as well as the scope of its audits. Since computers that don't store sensitive data ordinarily aren't subject to audit, companies may find their audit expenses are reduced dramatically with a tokenization solution, according to nuBridges.
As a cloud-based solution, TaaS eliminates most up-front costs associated with implementing tokenization, including buying software and additional hardware. Solution costs are spread out over time while the burden on IT is also reduced over an on-premise solution. Implementation, operations and monitoring functions are all handled by the vendor, in this case, nuBridges.
MC Press Online spoke with Gary Palgon, nuBridges vice president of product management, about TaaS, and he explained why he thinks it will be a success as companies become ever more vigilant in protecting electronic health records and other personal information. While smaller companies use tokenization solutions provided by payment processors and gateway service providers, larger companies face challenges to adopting tokenization due to vendor lock-in and loss of control over their data. If a large company implements a tokenization solution, populates its data with tokens, then wants to change providers, traditionally it has created problems. Some solution providers only promise to store a company's data for two years, though most companies need to retain it for seven years for audit purposes.
nuBridges has recognized these impediments and believes it has addressed them, Palgon says. In the case of sensitive data, the company maps tokens to credit card or sensitive numbers, not to transactions, Palgon says. Because nuBridges maintains referential integrity between the data and the tokens, marketing analyses, fraud analytics, and other mission-critical business functions can still be performed on the data. The client retains the relationship between data and the token, even if the company wishes to change providers. nuBridges also is promising to keep customer data as long as necessary with its "limitless data retention" policy.
The TaaS service, available initially to North American businesses, will eventually be available in the U.K., where laws prevent sensitive data from being stored outside the country. The Verizon Business Cloud Computing Program is one of the few cloud providers today that is PCI compliant (and then, only for North America) and a leading reason why nuBridges uses it, according to Palgon (the Amazon cloud also is PCI compliant). The Verizon data vault in Atlanta, Ga., stores nuBridges' primary data, which is backed up in a second Verizon data vault in California. Despite Verizon's massive elastic cloud capabilities and capacity to scale up and provision at will, clients can determine whether they wish to be in nuBridges' multi-tenant environment or have their own token manager and data vault for complete segmentation. Transparent to the user, what is running under the covers on the cloud is nuBridges Protect Token Manager, nuBridges Protect Key Manager, and nuBridges data vault leased from Verizon.
When asked whether he believes the cloud today is a safe place to store sensitive data, Palgon replied: "Yes. There is a lot that goes into it, but yesâproviding that you are using reputable organizations to do it." He admits that many shops today appear to be less than fastidious when it comes to managing sensitive data, even on-premise data.
"They don't necessarily have the level of expertise that I wish were there," says Palgon. "Some organizations are much better than othersâbut their main priority is trying to run a business. That's where we want to play a key role over the next couple of years--offering the best security at a reasonable cost, because that's what we do."
nuBridges Protect Tokenization as a Service represents a milestone in cloud security and security in general. While aimed today toward medium and large businesses, the affordable cloud service suggests that, in future, a tokenization solution will be widely available to businesses of all sizes. Any neighborhood video rental shop, that wishes to protect sensitive consumer dataâincluding the ubiquitous socia
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online