Abiding PCI DSS standards with biometrics
Any business that processes payment card information is required to comply with PCI DSS security standards. And with the support of biometric technology from Digitus, IT managers can swiftly attain relevant information pertaining to access control and ensure regulatory compliance.
PCI Council updates data security measure
The PCI Security Standards Council recently announced that it has revised its cardholder data security standard to better account for existing vulnerabilities. The group noted that the revision focuses on encryption protocol of the Secure Sockets Layer, which hasn’t been durable enough to provide consistent communication security in a network.
The National Institute of Standards and Technology deemed the previous version of the standard as unfit for comprehensive security of payment data, ushering in the addendum. While the revisions have already been implemented by the council, a sunset period ending on June 30 gives data center managers enough time to update their systems.
Stephen W. Orfei, the council’s general manager, said that the group is committed to the most effective standards that can help prevent data breaches in regards to payment data. He noted that industry and market feedback has helped support the ongoing development of these standards, and added that the update – PCI DSS 3.1 – provides organizations with a useful approach to infrastructure security.
“With the support of biometrics, IT managers can ensure regulatory compliance.”
The malleable nature of the security update
Troy Leach, the chief technology officer of the PCI Security Standards Council, spoke with eWEEK about the necessity of a revision for the payment data measure. He said that the Security Sockets Layer protocol wasn’t getting the job done, and this problem couldn’t be solved with a quick fix. Meanwhile, the widespread use of this encryption method only amplifies the need for an immediate update to version 3.1.
“The goal is to encourage merchants and others that haven’t yet addressed the Secure Sockets Layer and early Transport Layer Security issues to be aware of the risk and start addressing the problem sooner, rather than later,” Leach told the news outlet. “We understand it takes time to migrate, but it’s critical that in the meantime organizations understand the potential risk to their environment so they can mitigate them as much as possible.”
The publication reported that the council has already received encouraging feedback from tech industry representatives about the security revision. Don Brooks, a senior security engineer with Trustwave, a data protection agency, told the source that the update meets expectations and advises organizations to quickly follow suit. Biometric technology would be a great way to start.
Related Articles
Nothing found.
Biometrics and banking: Security for a targeted industry
The financial sector has become one of the most frequent targets of data breaches. However, many banks lag behind when it comes to the development of infrastructure security. Business leaders in this industry would be wise to consider biometric technology from Digitus, which would provide comprehensive access control for high-risk entities.
Verizon report highlights threats to financial institutions
Verizon recently unveiled its 2014 report on data breach investigations and found 79,790 security incidents and 2,122 confirmed data breaches in 61 countries, according to American Banker.
The news outlet analyzed the study and connected several of the most significant findings to the banking sector. For example, Verizon focused on the emergence of compound attacks – when one security breach is intended to precede another attack.
Bob Rudis, a managing principal at Verizon and an author of the report, said that denial of service has becoming an increasingly common motive for cyberattacks in the financial space, American Banker noted. He added that greater information sharing can be used as an effective way to boost access control awareness. The report found that 75 percent of cyberattacks move from the first victim to the second in a 24-hour time frame, and more than 40 percent of the breaches reach the second organization in one hour or less.
"It takes seconds or a few minutes for the attacker to compromise a system," Rudis told the news outlet. "Without information sharing, it takes hours, days or even weeks to detect a compromise."
"Many banks lag behind when it comes to developments of infrastructure security."
New York financial department aims to further secure bank data
The New York State Department of Financial Services noted that nearly 1 in 3 banks in the state do not mandate data breach notifications from third-party vendors. Benjamin Lawsky, the superintendent of financial services for the department, said that he intends to swiftly address the widespread oversight.
"A bank's cybersecurity is often only as good as the cybersecurity of its vendors," Lawsky said in the release. "Unfortunately, those third-party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data. We will move forward quickly, together with the banks we regulate, to address this urgent matter."
The department also found that about 20 percent of banks do not require minimum data security requirements from third-party vendors. Biometric security would be a natural advancement for the industry, which continues to face the ramifications of underdeveloped security measures.
Related Articles
Nothing found.
The role of biometrics with FISMA compliance
Complying with government standards and industry regulations can be a challenging task. There is often plenty of gray area involved with the effort, and it can include heaps of work for data logging and verification. That said, biometric technology provided by Digitus Biometrics can streamline this process, helping an agency meet regulatory standards and shore up its physical security.
Keeping pace with FISMA
One of the most vital kinds of regulation is derived from The Federal Information Security Management Act of 2002, commonly referred to as FISMA. This act establishes an expansive set of guidelines to protect government information from potential security threats as they continue to gain dependence on IT systems. FISMA sets up standards for categorizing information that must be protected. It also establishes baseline controls for security and consistent steps for upkeep. A FISMA-compliant agency performs risk-assessment procedures and thorough documentation, assesses system effectiveness and regularly monitors these implementations.
Without a comprehensive system in place, compliance can be a daunting hurdle. However, with biometric security, an agency can gain a strong understanding of its internal activity and meet FISMA regulations in a quick and efficient manner. Digitus uses DAS-SQL technology, which provides IT managers with descriptive audit reports on server access details, such as the day and time of entry.
FISMA is a necessary part of federal operations. And with biometric technology, it doesn't have to be a hindrance.
FISMA provides opportunities for IT enterprises
According to Lexology, FISMA covers not just government agencies, but also contractors and other sources that work with federal agencies. At the crux of the law is information security. The consistent need for oversight and diagnostics technology will create an emerging market for independent auditing firms and technology enterprises that can help transition these agencies into the digital age.
For many federal workers, the learning curve for cloud computing and other technologies is steep enough. Complying with stringent regulations, such as those enforced by FISMA, is something that often requires external assistance. The news outlet reported that commercial providers of high-performance diagnostics technology will find plenty of market demand in the coming years, especially as more and more agencies adopt digital technologies that could put important data at risk.
"Biometric security can make FISMA compliance all but second nature."
Streamlining the compliance process
Meeting industry standards and regulations can be an exhausting process, according to CSO. The news outlet noted that a number of organizations feel like they are trying to compensate for so many regulations that they are hampering other parts of their business. However, there are a number of different ways to streamline regulatory compliance efforts and get back to commercial operations.
"If you have 10,000 systems, do you think all of them legitimately have to handle regulated data? Probably not," Anton Chuvakin, a research director of security and risk management for Gartner, told the news outlet. "So reduce the scope, build walls around it, then implement compliance controls inside that 'walled garden.'"
Dennis Devlin, the chief information security officer and senior vice president of privacy practice for Savanture, said that regulatory policies require constant oversight so an agency can detect any deviations from standard procedures. One surefire way to keep pace with this requirement is to establish a comprehensive system of access control.
"[Compliance] is not a once a year affair," Pascual told the news outlet. "It needs to be baked in throughout the business. If you're not doing that, you won't be compliant and eventually you'll pay the price."
Biometric security can make FISMA compliance all but second nature. And by cleaning up the regulatory side of business, an agency can get back to the core of its operations without worrying about standards.
Related Articles
Nothing found.
Biometric technology secures intellectual property
As data breaches become an increasingly prevalent aspect of global commerce, intellectual property has emerged as one of the most common targets. Cyber criminals aren’t exclusively interested in private data related to identification – they are also focused on stealing valuable ideas that could net millions. Tapping into consumers’ personal information can have a limited potential gain compared to the opportunity of top-notch IP.
These cyberattacks can derive from a remote location or, as executives across the country continue to discover, an internal source as well. In-house employees can present businesses with some of the greatest threats to unreleased ideas, designs, names and images, among a host of other types of property.
Intellectual property theft through data breaches continues to permeate the business world, and biometric technology is an effective way to counter this type of threat.
High-profile tech hackers plead guilty
When considering intellectual property theft in the tech industry, look no further than a recent case involving Microsoft Corporation.
According to SC Magazine, four tech hackers pleaded guilty to stealing more than $100 million worth of intellectual property and proprietary data from Microsoft, Epic Games Inc., Zombie Studios and Valve Corporation. The theft took place between the spring of 2012 and April 2014, the Federal Bureau of Investigation noted. The hackers stole log-in data and used SQL injection to access trade secrets.
“The conspirators accessed and stole unreleased software, software source code, trade secrets, copyrighted and pre-release works and other confidential and proprietary information,” the FBI said in a statement, according to the news outlet. “Members of the conspiracy also stole financial and other sensitive information relating to the companies – but not their customers – and certain employees of such companies.”
The broad effects of a global IP case
A federal grand jury recently indicted Sinovel Wind Group Co., a Beijing-based wind turbine maker, on charges that it stole technology from American Superconductor Corp., a company based in Devens, Massachusetts. The news outlet noted that four of Sinovel’s wind turbines in Massachusetts contained software stolen from American Superconductor.
“[The case] illustrates the heavy baggage that some Chinese firms carry on their journey to global markets,” Thilo Hanemann, research director at Rhodium Group, a New York firm that tracks global investments, told the news outlet. “Their increasing business interests and investments abroad expose them to foreign courts and litigation. For competitors and business partners of Chinese firms, that’s good news.”
“While other forms of cybersecurity can help ward off threats, biometric technology is the most effective method of intellectual property security.”
This case could lead to broader effects on mergers and acquisitions between American and Chinese companies. The Committee on Foreign Investment in the U.S, a government panel, already heavily vets these kinds of deals to ensure national security. The alleged Sinovel theft could only deepen this process.
“You have industries that are technologically significant, that are significant to our security,” Thomas F. Holt Jr., a partner at K&L Gates, a Boston-based law firm, told the news outlet. “You add a dash of the [recent] hacking concerns – all of this could cause U.S. government officials to take a jaundiced view of Chinese investment in American-owned enterprises.”
The role of biometrics for IP
Businesses such as Microsoft and American Superconductor should emphasize biometric security to protect their intellectual property. This valuable type of information is frequently targeted by hackers because of the potential gain.
With its easy-to-use fingerprint reader, Digitus Biometrics allows users to keep a close watch on access control in a data center. Its technology stores a 384-byte fingerprint template that cannot be fooled by the wrong finger. While other forms of cybersecurity can help ward off threats, biometric technology is the most effective method of intellectual property security.
Related Articles
Nothing found.
The growing pertinence of biometric security
With the emergence of digital technologies at workplaces around the globe, the data centers and physical IT assets of businesses have never been at such great risk from both external and internal threats. While a number of data breaches take place from a remote location, a significant amount are inside jobs done by employees seeking proprietary information. Some have been known to pilfer this confidential data and use it as a catalyst to initiate a competing business.
A variety of cybersecurity solutions are gaining steam, such as data decentralization and encryption. However, perhaps no form of data center security is more effective than biometric technology.
Biometric security provides access control and regulatory compliance
With a combination of card access, PIN and biometric technologies – which require fingerprints and other types of personal identification – IT managers can ensure fail-safe access control for their data centers. Whether it's a small private data center or a major colocation facility, biometric security is the best way to prevent data breaches and keep track of internal activity.
One of the most beneficial aspects of biometric security is its ability to help data center operators achieve regulatory compliance of network and physical security under HIPAA, FISMA and PCI-DSS standards, among others. The technology also allows a security manager to get a read on all the details of access control, such as who entered the data center, when they did so and what they did there. This information can help a business overcome plausible deniability and eliminate penalties. If necessary, it may also be used as evidence to prosecute.
The data center security market is growing swiftly, and so too are the uses for biometrics. A rising number of IT managers and business leaders understand that preparation is a cogent security plan and are beginning to act accordingly.
A forecast for the security market
MarketsandMarkets, a global research firm, recently estimated that the worldwide data center security industry will grow from $4.74 billion in 2015 to approximately $8.13 billion by 2020 at a compound annual growth rate of 11.4 percent.
North America is projected to have the largest share of the data center security market at 37.05 percent, but the Asia-Pacific region is expected to record a higher compound annual growth rate of 16.6 percent.
The research firm attributed the growth in the North American and Asia-Pacific markets to the development of new data centers, the emergence of cloud computing and colocation solutions and the rising security demands in the financial, government and public sectors.
"The data center security market is growing swiftly, and so too are the uses for biometrics."
Clearing the way for biometrics
Acuity Market Intelligence noted that by 2020, every smartphone tablet and wearable device will contain an embedded biometric sensor, according to Bloomberg. Fewer than 7 percent of these technologies currently have a biometric sensor.
"The faster the adoption of biometrics, the more attempts we'll see, in the same way that cyber fraud started taking off when e-commerce was on the rise," Cyrille Bataller, a managing director with Accenture, a digital strategy consultancy, told the news outlet.
A number of major tech companies have already updated many of their offerings with biometrics, the news outlet reported. The newest versions of iPhones contain Apple's Touch ID fingerprint reader. PayPal has strengthened security on its mobile app by requiring fingerprint sensors. Fujitsu, a global provider of IT assets, has launched an iris-recognition camera that can be used in smartphones. Yet despite these advancements, mainstream consciousness still lags behind.
"There's a real problem, and we haven't dealt with it as a society yet," Jennifer Lynch, a senior staff attorney with the Electronic Frontier Foundation, a consumer advocacy group, told the news outlet.
Related Articles
Nothing found.
The value of an indisputable audit trail
Proactive thinking has always trumped reactive decision making when it comes to data center management. Regardless of the sector, many different kinds of businesses and agencies are subject to regular data breaches and the ensuing ramifications.
While some cyberattacks can be difficult to trace, an indisputable audit trail can be a great way to notice a discrepancy before the issue ripples throughout all aspects of the business. For example, if a security manager closely follows an audit trail and notices an unusual time of server access, they can act quickly to eradicate any potential threats.
Business leaders should keep in mind that government standards and industry regulations, such as PCI-DSS and HIPAA compliance, require a comprehensive auditing trail. By adhering to these standards, businesses can eliminate penalties.
The auditing process defines information such as the specific employee with access control, the day and time of entry and the duration of time spent accessing a server cabinet. By creating certainty when it comes to who accessed the control point and when they did so, businesses can establish evidence for prosecution and overcome plausible deniability.
"Biometric security is the most sure-fire way to conduct an indisputable audit trail."
Anthem pays for neglecting the auditing process
A recent security breach disclosed the personal information of approximately 80 million customers and employees of Anthem, a national health insurance provider, according to eSecurity Planet. The news outlet noted that the insurance company twice did not allow the Office of the Inspector General (OIG) with the federal Office of Personnel Management to perform vulnerability scans.
"Turning down the OIG doesn't change the fact that companies still get audited," Jayson E. Street, an information security manager with Pwnie Express, told the news outlet. "But instead of cleanly formatted findings to help improve security, attackers' audits end with breach notifications. Companies need to do their due diligence before and after breaches happen, and the way Anthem's leadership team has handled this is negligent."
Biometric technology trumps the competition
Help Net Security recently reported that IT auditing is an effective way to prove regulatory compliance. As federal agencies continue to expand their attention on the operations of data centers throughout the country, auditing will become increasingly vital. The process can provide businesses with reports for security, modification and comparison.
Biometric security is the most sure-fire way to conduct an indisputable audit trail. Physical data breaches are preventable. By incorporating fingerprint technology with other authentication factors such as PIN and verification cards, enterprises can ensure that only persons with the approved permission are accessing a server cabinet.
Related Articles
Nothing found.
The diverse applications of physical biometrics
Data breaches of all kinds – both physical and digital – are constantly putting enterprises at risk. Remote cyberattacks against healthcare entities, political agencies and major consumer brands can result in significant ramifications, such as the loss of valuable data or the disclosure of confidential information. The same can be said for physical data breaches that target an individual server cabinet or an entire data center.
Chief executives across the world recognize the severity of these threats and are responding accordingly. As a result, a wide range of security measures are rising to the forefront. And perhaps no tactic is gaining more ground in the business world than biometrics.
"The threat of physical data breaches cannot be underestimated."
Biometrics hits the banking sector
According to BBC News, biometric security is a rising focus in the banking sector. Considering the near-constant threat of a physical system breach, the Royal Bank of Scotland and NatWest recently announced that their customers may use their fingerprints to conduct business. Yet despite the advancements, functional hurdles remain.
"The expensive and inconvenient part is actually challenging the user," Dr. Neil Costigan, a cryptographer and a chief executive with Stockholm-based BehavioSec, told the news outlet. "When they're asking where's the calculator in the drawer, or can you confirm your first pet, the user gets annoyed. With every step of security causing users to do something, a lot of payments fall off."
US border agency initiates biometric program
The United States Customs and Border Protection Agency has launched a program at airports that will test the effectiveness of facial recognition technology to verify identities, Security Document World reported. This form of biometrics could counter identity fraud and eventually take the place of ID cards.
"The facial recognition software provides the [CBP Officers] with a match confidence score after the e-passport chip is scanned and the photo is taken," the agency said in a document, according to the news outlet. "The score is generated by algorithms designed to detect possible imposters."
The pertinence of biometrics
While much attention has been paid in recent months to the specter of cyberattacks, the threat of physical data breaches cannot be underestimated. To offset this security issue, businesses and agencies would be wise to use biometric technology.
This system requires personal identification, such as fingerprint or facial recognition, to enable access control to a limited number of staff members. And for arguably the most effective form of biometrics, these same entities should consider a dual-access system, which calls for two separate IDs at the same time.
Related Articles
Nothing found.
Digitus Security News Roundup: March 2015
Welcome to the Digitus February news Roundup. Last month was a busy one, with the U.S announcing heavy increases in its cybersecurity budget. The rise in BYOD policies for workplaces makes security simultaneously more difficult and more important. Thankfully, more companies are implementing mobile biometrics. It will be up to the rest of the technology world to follow suit.
The Obama administration will spend almost $14 billion on its federal government cybersecurity initiative, which is a $1 billion increase over previous budgets. Many Massachusetts data firms have commended the increase in funding, saying it will “definitely have an impact.” Many organizations are considering biometric scanners for workplaces in order to protect themselves.
With more businesses using BYOD policies, security is being stressed. Many groups want to use BYOD strategies in order to allow employees more personal freedoms at work. However, these devices may increase the possibility of a system’s security being breached. Using strict guidelines, including limited email retention and other measures is recommended. Biometrics and dual-access systems can also prevent malware infection.
In fact, there has been a rise in mobile Biometrics use by many organizations. USAA, a financial services company based in San Antonio, has begun using facial and vocal recognition through its mobile applications. Acuity Market Intelligence has suggested that, by 2020, smartphones will feature embedded biometric sensors as a standard feature.
One area that stands to benefit immediately from biometrics is data center design. Apple and Amazon have recently expanded their operations. Apple will be building a new data center in Mesa, Arizona, while Amazon will build up to 11 data centers in Oregon. These large tech companies stand to benefit from biometrics in an effort to keep their security tight. Data centers carry some of the most sensitive information of larger organizations, and keeping it from hackers is crucial.
Thanks for watching! To learn about how Digitus Biometrics guarantees center security, click the link at the end of this video or give us a call. See you next month!
Related Articles
Nothing found.
Digitus Security News Roundup: February 2015
Welcome back to another Digitus monthly news roundup. This time, we’ll discuss recent trends in cybersecurity and related legislation. We’ll also cover the future of data centers, and how they could solve the problem of IT skills shortages.
This has been a difficult year for security professionals. Hackers have managed to sneak in to many company’s servers. Some of these thieves have operated on their own, while other have been part of massive, state-backed resources. Heartbleed and Shellshock bugs crawled their way through many servers, resulting in 40 percent of organizations suffering a breach last year.
The response to this from the U.S. government has been slow, but President Barack Obama unveiled a new legislative proposal in December. Even as he announced it, however, hackers claiming affiliation with the Islamic State took control over U.S. Central Command social media accounts. While gaining access to the United States’ YouTube or Twitter account is embarrassing for that country, Peter Singer, a strategist and analyst with the New American Foundation in Washington told the Washington Post that, “Essentially what they did is for several minutes take control of the megaphone.”
IT professionals to fix these kinds of problems are in short supply, according to Network World. The study’s “problematic shortage of existing skills” category has had IT security listed at number one for four straight years. Damaging cyberattacks have continued against companies without the necessary security to protect themselves. Many organizations may make use of data centers in order to keep themselves from being breached. According to Data CEnter Dynamics, the global data center construction market is forecast to grow from $14.59 billion in 2014 to $22.73 billion by 2019. There will likely be more investment in these centers as a safe haven for information.
These data centers of the future are likely to make use of top-quality security features, including biometric technology. Taking advantage of physical attributes is an important way for companies to keep information out of the hands of hackers, and paying attention to physical security is just as important as digital security. Simultaneous fingerprint ID systems are the best in the business as centers move toward consolidation, building larger structures and bundling more data under one roof. Your data center should be protected by biometrics systems that can monitor elements like Irises, heart rates, and vein analysis for the best possible security.
Thanks for watching! Security can be made easy with Digitus Biometrics. Click the link at the end of this video, or call us to learn more. See you next month!
Related Articles
Nothing found.
Biometrics could benefit emerging tech locales
The advent of cloud computing, among a host of other workplace technologies, has led to a fertile hiring environment for tech engineers and IT managers. Business leaders who want to streamline their operations have enlisted these tech-savvy workers to ease the transition process.
Meanwhile, the upswing of the U.S. economy over the past few months has encouraged rampant activity from entrepreneurs and investors. This has resulted in even more employment opportunities for tech workers in cities across the country and, in turn, greater responsibilities within a company's infrastructure. As a result, cybersecurity has risen to the forefront of the tech world.
Dallas startups reshape the city
GeekWire reported that investors and entrepreneurs are flocking to the Dallas area to take advantage of the tax-friendly atmosphere and the historically strong business scene. This has included the tech sector, which is making a name for itself with young people in downtown Dallas.
"In the last 18 months, there's been an explosion of activity," Trey Bowles, CEO of the Dallas Entrepreneur Center, told the news source. "We're beginning to see something really interesting. The community is starting to come to a place of being really effective, and a place where it sustains itself long term."
Utah cities rate well for tech growth
The Brookings Institution recently ranked Provo, Ogden and Salt Lake City, Utah as some of the top cities in the country for tech job growth, according to Deseret News. The publication noted that Utah County is one of the top regions in the U.S. for advanced industry employment.
"They are industries that we can have long term economic competitiveness in," Scott Andes, a senior policy analyst for the Metropolitan Policy Program at the Brookings Institution, told the publication. "They pay twice as much as the average job and our research showed that almost half of advanced industry jobs are accessible to people with less than a bachelor's degree."
Tech-heavy cities should embrace biometrics
Whether it's in Texas, Utah or any other state, regions that emphasize technology and cloud computing should adopt biometric technology. This form of cybersecurity requires personal identification, such as fingerprints or vocal recognition, to enable access control to important company information. Data breaches are a fact of life, and biometrics have proven to be one of the most effective ways to prevent these harmful cyberattacks.
Dual-access systems are an even more surefire method to keep hackers at bay. This type of biometric security requires ID from two separate individuals at the same time.
Related Articles
Nothing found.