State of CA – Split Personality Syndrome?

February 6, 2013 Leave a comment

It’s interesting to see that the state of CA has a split personality disorder! I wrote in a blog about a year ago how the state of CA is being a model citizen by forcing companies to protect consumer sensitive data by protecting the PII information (such as zipcodes and other sensitive information by classifying them as PII) and imposing penalties on companies that don’t comply. (Link here) But now, they sided with Apple stating that for on-line transactions the vendors can collect additional PII information that is not necessary for brick-and-mortar vendors. This means if you are an online retailer and collect such PII data, you need to have a mechanism to protect all this information you are collecting from your consumers, not just the PCI data but the PII data as well. In order to comply with this dual personality, you will need a solution that can encrypt and tokenize the sensitive information as necessary and as seamlessly as possible.

http://news.cnet.com/8301-13579_3-57567526-37/apple-wins-california-credit-card-privacy-case/

Filed under Cloud, PCI, PII, Privacy, Security, Tokenization Tagged with , , , , , , , , , , , , , ,

Part 2: Context aware Data Privacy

November 17, 2012 2 Comments

If you missed my Part 1 of this article, shame on you :). You can read it here when you get a chance (link).

As a continuation to part 1, where I discussed the issues with Data Protection, we will explore how to solve some of those issues in this article.

People tend to forget that the hackers are attacking your systems for one reason only: DATA. You can spin that any way you want, but at the end of the day, they are not attacking your systems to see how you have configured your workflow or how efficiently you processed your orders. They could care less. They are looking for the gold nuggets of information that either they can either resell or use to their own advantage to gain monetary benefits. This means your files, databases, data in transit, storage data, archived data, etc. are all vulnerable and will mean something to the hacker.

Gone are the old days when someone was sitting in mom’s basement and hacking into US military systems to boast their ability with small group of friends. Remember Wargames, an awesome movie? The modern day hackers are very sophisticated, well-funded, for profit organizations, backed by either big organized cyber gangs or by some entity of an organization.

So you need to protect your data at rest (regardless of how the old data is – as a matter of fact, the older the data, the chances are they are less protected), data in motion (going from somewhere to somewhere – whether it is between processes, services, between enterprises, or into/from the cloud or to storage), data in process/usage. You need to protect your data with your life.

Read more of this post

Filed under Cloud, PCI, PII, Privacy, Tokenization Tagged with , , , , , , ,