Would you consider giving up personal data in exchange for a third-party app to show you what your ninety-year-old self will look like? The rise of social media brought lots of joy to consumers’ lives, allowing users to get glimpses of their future selves, to find out their horoscopes, and to communicate with others across the globe. Read more
Manufacturing involves multiple tiers of suppliers providing components that come together to create the end product. Each tier is an exercise in unique processes to the manufacturer and their third-party suppliers’ raw materials, production, inventory, and distribution. This complicated convergence of players, processes, and data creates a wicked infrastructure security problem.
The advent of 5G is an exciting development in connectivity for most businesses. From the farmer who can now remotely monitor field conditions to the global manufacturing leader dependent upon a digital supply chain, to mom-and-pop shops offering real-time-customer service, 5G is changing the way business gets done. And both owners and consumers are enjoying the benefits!
For most, 5G still lacks the true “100 times faster” connection that service providers touted it would bring in 2019. But still, its improvements to speed and lower latency over 4G LTE for business connectivity have already established it as a game changer.
Although 5G is one of the fastest growing technologies in history with adoption 4x as fast as LTE, it will be years before 5G networks blanket the globe. However, explosive adoption is already well underway in the automotive, manufacturing, utilities, and healthcare industries, all of which have been catalysts for a rush on new IoT devices for business efficiencies, enhanced customer service, the movement of large amounts of data, and more.
As 5G network availability grows, the potential for 5G IoT business devices has grown exponentially. Unfortunately, the security risks have grown with it
’tis the season to lose data
Overall consumer spending online remains dramatically elevated thanks to the pandemic, and no one is predicting a decline in post-holiday online sales. The sweet spot between Christmas and New Years that brings a frenzy of shoppers searching for year-end bargains isn’t just for those looking to use their gift cards. It’s also a special time of year for cybercriminals who ramp up efforts to phish, scam and hack their way into companies to gain access to valuable data.
Let us consider a scenario in which an organization, a general contractor utilizing at least one subcontractor, implements a production chain security strategy powered by encryption, but NEGLECTS the addition of a key management system. You’re the CISO, responsible for the cybersecurity strategy that ensures your organization’s information assets and technologies are adequately protected.
Your team implemented standards-based encryption across the board and provided a common software platform to your supply chain partners, allowing for data to be transferred securely between your organizations…or so you thought.
Suddenly, your organization gets word from a subcontractor that they’re experiencing unusual network activity. The cybersecurity strategy you spent months creating is clear; cut off your partner’s network, lock down your data, and as CISO, stay up all night hoping the bad actor wasn’t able to permeate your network’s exterior defenses. In the interim, your IT department heads begin the grievous task of pulling reports from various locations and mulling them over to better understand any potential impact.
In the early morning hours, you find out that there was indeed a breach, courtesy of your subcontractor’s less-than-robust “secure network.” A bad actor was able to breach your defenses through your subcontractor’s weaker network, grabbed your data, and basically left unnoticed until your subcontractor alerted you to a “possible problem.” You’ve already spent a good portion of the night calculating the estimated costs of just such a breach, and you’re now faced with explaining what happened to your CEO.
Now, rewind, and imagine that you are the CISO who went beyond just “checking the box” for data encryption
The CISO who went beyond just “checking the box” for data encryption when planning their security strategy slept like a baby while his IT department went home in time for dinner with their families. The subcontractor did experience a breach, but your organization was left unscathed. Thanks to the encryption key management system you integrated with your legacy system earlier in the year, the company’s data remained secure. With the automated, short-life periodic key rotations, and the system’s robust identity capabilities, applications, and storage services, the necessary insight and controls needed to thwart this sort of next generation attack were in place and all data remained secure.
Addressing the overall security of not only your enterprise, but also those in your supply or distribution chains, in a protection-centric approach, is the most cost-effective and simple solution you can add to your current security strategy to protect your data. Learn how one encryption key management solution like Fornetix® VaultCore™ can extend the reach and power of your encryption and better protect your data from attack.
For a deeper dive into understanding encryption key management and how CISOs, CTOs, and others tasked with implementing enterprise security strategy and securing data across multiple environments can utilize a key management system to better protect their data, click here to read The CISO’s Guide to Understanding Encryption Key Management.
FREDERICK, MARYLAND – Fornetix, a Nutanix partner, announced today that they will host a booth at Nutanix’s Global .NEXT Digital Experience conference September 8-11. Visit Fornetix’s digital booth and learn how Fornetix’s patented key encryption management technology, VaultCore™ integrates with the Nutanix platform to help companies:
- Reduce Costs by Executing & Scheduling Key Management Operations in Seconds
- Meet Compliance & Security Concerns with a Validated Solution
- Incorporate Key Management in Organizational Log Management Strategies
- Encrypt Virtual Machines Through Interoperability with vSphere 6.5
- Manage Keys Consistently Across Heterogeneous Environments
VaultCore is a highly scalable encryption key management solution that when coupled with Nutanix’s powerful, yet flexible, hyper-converged data center infrastructure creates a secure solution that orchestrates encryption strategy without hindering business productivity.
Nutanix applies a holistic approach to security throughout their solution which includes support for FIPS 140-2 compliant data-at-rest encryption, with options to leverage self-encrypting drives (SEDs) or software-based encryption using standard drives. This capability allows customers to encrypt data using strong encryption algorithms backed by enterprise grade key management.
With an integration made possible through the Key Management Interoperability Protocol (KMIP), Nutanix communicates with the Fornetix VaultCore™ Key Management System to ensure unification and control over encryption keys across the enterprise.
“We’re excited to be presenting our joint solution at the Nutanix .NEXT virtual conference,” says Mark Gilroy, CEO of Fornetix. “The combination of our innovative key management technology, VaultCore, and Nutanix’s storage software, provide a seamless solution at the largest scale available on the market to unify data control and security.”
The .NEXT Digital Experience will bring together visionaries, developers, and IT leaders from around the globe to share the latest in hybrid and multicloud computing, datacenter infrastructure, storage, end user computing, database and more. The interactive event will feature a virtual “expo floor” where attendees can explore and discover new ways to modernize and optimize their datacenter operations.
At Fornetix we understand that managing encryption in today’s complex environment can seem an impossible task. That is why we created VaultCore, a simplified, automated, and secure encryption key management solution designed to address security challenges arising from the proliferation of IoT, big distributed networks, and rapid cloud adoption. Our commitment to standards and interoperability enable us to join forces with leading technologies around the globe to provide smart and unified security solutions that bring order to the chaos of encryption management. To request a complimentary demo of VaultCore, click here.
For press inquiries and more information contact:
SVP Global Marketing
There is growing concern regarding the role that encryption on personal devices might play in the future of law enforcement activities. Strong encryption, which uses large keys that are controversially hard to crack, has caused complaints in recent years as manufacturers such as Apple and Google increasingly add these features to their devices. What these companies have done is not new technology, but the broader application of existing public-private key encryption in a way that’s easy to use for the average consumer. Read more
Companies and individuals are using cloud services more and more. Putting so much of our data into the cloud introduces a growing problem. The lines between public cloud, private cloud, and software-as-a-service (Saas) have rapidly blurred as new technology develops, redefining what “cloud” actually means. Some businesses put significant portions of their infrastructure into the cloud and choose to keep only a very small footprint in a traditional data center or office. More commonly, businesses will leverage SaaS to handle common IT requirements such as email, storage, CRM, and backups.
What is efail?
Efail is the name given by German Researchers to a potential attack against PGP or S/MIME encoded emails to take the encrypted contents and send them to a third-party actor.
How does efail work?
Efail requires an HTML encoded email to be manipulated by prepending an html image tag to the beginning of the email. This in turn forces the email client to send a request to a malicious domain looking for an image file that is the body of the encrypted email. Read more