Archive for December, 2010

Lessons from Data Breaches of 2010

Tuesday, December 21st, 2010

SecurityWeek recently published “Lessons from the Most Interesting Data Breaches of 2010” and some of the article’s highlights may really surprise you. For example, the article states that there has been a 93.7% drop in the volume of data stolen from 2009 to 2010. An analysis from the Privacy Clearinghouse, a public database which records all breaches of personal and sensitive information belonging to US citizens, shows that about 230 million data records were taken in 2009 and only 13 million so far this year. It’s a positive number, but keep in mind that 2009 saw two major breeches with Heartland and the Veteran’s Administration. Of course, this drop also underscores the security investments companies have made over the past few years. Indeed, such efforts and investments have paid off in greatly enhanced security, helping to make data breaches extremely difficult.

Another interesting and key finding of the article touches on the value of data shifting from lower to higher. We here at XYPRO have seen this trend for quite some time!

2 Key Lessons from the article
So, what can be done to avoid data loss and breaches as we move into 2011?  Below are two key lessons to consider:

1.    Enforce data is accessed only by authorized parties.  At a minimum, they should block access from former staff and from employees attempting to access data beyond their need-to-know level.

XYGATE customers easily achieve this role-based access control goal with the Access PRO software solution.  Access PRO functionality provides the core of a well-secured HP NonStop system. With this software in use, Individual accountability with full keystroke audits is achieved, while restricting each user to a list of authorized actions based on that user’s job functions.

2.    Block access from any illegitimate application. Security controls should be able to block an unauthorized process (the malicious code).

XYGATE customers rely on the ability to restrict all NonStop SUPER and Sensitive user access to “least privilege” based on multiple criteria, including IP address.

Like many of our clients who use XYGATE, you too can implement XYGATE for Role Based Access Control, keystroke auditing, and SSO authentication. FIPS validated encryption and automated compliance analysis completes the solution. Indeed, as we enter a new year, it’s a great time to reflect on where your security measures stand now, and what you need to do to safeguard yourself in the future.

Companies from across the globe have relied on XYGATE to cover all of their HP NonStop security requirements. In fact, XYGATE is used by six of the world’s top 10 bank processors*.

Click here to read the entire SecurityWeek article.
*As reported in the 2010 FinTech 100