E-Crime Singapore: Data and Device Centric: The Two Security Strategies for your Enterprise

What better place to host the latest E-Crime & Information Security Series than steamy Singapore: The modern gateway to the Asia Pacific Rim. The Marriott Tang Plaza acted as a fitting host on the bustling and extravagant Orchard Road in the heart of Singapore.

The show was well attended from a variety of delegates across APAC to and including the financial sectors, gaming and hospitality, education and government to entertainment sectors.

XYPRO provided its part through a strong representation of two primary pillars of security; Data-Centric and Device-Centric Security through our product partnerships with HP Security Voltage and Device Authority.

Between topics of “Today’s Enterprise Security”, “Changing Landscape and Threats in Payment Security” to “Are your E-Payment Systems Vulnerable to fraud, laundering  and other financial crimes?”, the reoccurring themes kept popping up as pain points with Authentication and the security of data, most notably, your clients’ data! This is an important distinction in the fact that your customers are entrusting you with the protection of their data! We have all heard the numerous public breaches and the staggering financial costs both directly and indirectly but also of course the numerous fallout and repercussions to your business both financially and to your reputation.

It was therefore with great interest that a majority of the delegates were quite engaged with our offering and approach to Data and Device-Centric security. Taking a Data-Centric approach with HP Security Voltage is exactly what the name implies in that we protect the data itself by neutralizing a potential breach through the adoption of Tokenization and Format Preserving Encryption (FPE) of the Data, PANs and other valuable information. So regardless of whether our perimeter defenses fall under a calculated persistent attack; the intrinsic value and costly compromises with such a data breach are relegated as virtually innocuous.

Device Authority takes a novel approach to Authentication by utilizing the Device itself as the key. No more can we rely on Username and Password as the defining factor for gainful entry onto our critical systems. There needs to be a manner to which we can ensure access to not only the rightful individuals but also the devices to which they plan to gain entry with. Our devices provide a stable form factor to provide a unique and identifiable signature of the device itself linked with the credentials of a given user; thereby drastically reducing the threat surface by eliminating millions of risky entry points onto our systems through the provisioning of only a few trusted devices that are linked to our given credentials.

Today’s hackers penetrate through multiple layers of defense. Increasingly it is highlighted by security researchers that multi-layer protections need to be in place, to protect network, system, application and personal data. Regulatory bodies across the globe are also providing guidelines for layered security and compliance policies. Naturally delegates were so intrigued to discover the add-on of Device-Centric security to fend off threats from external systems prior to connection, and the flexibility of tokenization and FPE to ensure maximum data protection even after a breach has occurred.

In a typical payment system environment, XYPRO is already aiding numerous organizations’ security by enabling authentication, role based authorization, security policy and centralized log management for intrusion detection. These Device-Centric and Data-Centric solutions bring significant value to our comprehensive suite of solutions, additional options and greater security assurance to your ever expanding interconnections.

It was interesting to note from our discussions with the delegates that many were determining which approach to take? Secure Authentication protocols to ensure the Identity and the Integrity of users or shore up your Data defenses with Tokenization/Format Preserving Encryption to neutralize a breach before it occurs by rendering data useless in the wrong hands. As self-serving as the answer sounds, the answer of course is both. There is no magic bullet for security. A comprehensive approach to [Multifactor Authentication with Device Authority] and a [logical deployment of Tokenization / FPE with HP Security Voltage] is a sound investment across your enterprise and will continue to be a prominent focus for XYPRO and its clients.

Angelo Nicolaides
XYPRO Technology Corporation
Sales Executive

Leave a Reply