Security Insider - Podcast Edition

VMware and IBM's recent partnership lets customers migrate workloads back and forth between VMware-based private clouds and IBM SoftLayer. Join Patrick Townsend as he discusses what this partnership means (from a security perspective), compliance considerations, and how organizations can better secure their data in IBM SoftLayer. Download this podcast to learn about: Migrating your organization's VMware infrastructure to the cloud What the IBM/VMware partnership means to end users Challenges IBM i customers are facing regarding multi-factor authentication How Townsend Security is helping VMware users move to the cloud

Prior to version 3.2 of the PCI Data Security Standard (PCI DSS), remote users were required to use multi-factor authentication for access to all systems processing, transmitting, or storing credit card data. With version 3.2, this is now extended to include ALL local users performing administrative functions in the cardholder data environment (CDE). Download this podcast to learn about: What PCI DSS 3.2 means for IBM i administrators Why it is harder to identifiy an administrative user on the IBM i Challenges IBM i customers are facing regarding multi-factor authentication How Townsend Security is helping organizations meet PCI DSS 3.2 with multi-factor authentication

While the IBM DB2 Field Procedures (FieldProc) facility works quite well with native SQL applications, IBM i customers with legacy RPG applications have not been able to take full advantage of FieldProc to encrypt data in DB2 tables. In particular, the encryption of database columns, which are indexes, has been very difficult for IBM i customers using legacy RPG. This results with inability to use FieldProc encryption to protect sensitive data. Download this podcast to learn about: How IBM i customers with legacy RPG applications can deploy automatic DB2 encryption over sensitive data which are indexes How to leverage OAR capabilities to replace the legacy RPG file I/O with modern SQL operations What industries will benefit the most

Encryption of data at rest, along with good security policies, can help businesses meet compliance regulations like PCI DSS and HIPAA, safeguard enterprise IP, and protect customer PII. While MongoDB provides a mechanism to encrypt data, it is still up to the users to manage encryption keys. Download this podcast to learn about: When MongoDB users would need to deploy encryption and key management Encryption and key management best practices for MongoDB users How MongoDB fits into the larger set of open source and commercial databases The importance of KMIP

HIPAA requires covered organizations to implement technical safeguards to protect all electronic personal healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing, and monitoring of ePHI information. By knowing the relationship of HIPAA and HITRUST, covered entities and business associates can better understand their requirements for protecting ePHI. Download this podcast to learn about: The difference between HIPAA and HITRUST The difference between meeting compliance and managing security risk Protecting ePHI with encryption and key management How Townsend Security is helping covered entities protect ePHI

While Linux has a reputation as being secure, it is not immune to a data breach. Security administrators and application developers need to take a data-centric approach to protecting their private information – such as their employee data, intellectual property (IP), or customers’ PII. Without the proper controls in place, business applications and information are at risk. This podcast discusses: How developers can better secure their applications Choosing an encryption algorithm Encryption key management Resources for more information

As compliance regulations evolve, developers are finding themselves tasked with modifying existing applications to implement new, better security, as well as creating new applications that need to follow security best practices. Listen to this podcast to learn about: Meeting compliance requirements Writing code with a security perspective Encrypting data

Collecting real-time security events on the IBM i platform is different than other platforms - logs are stored in many different places in a proprietary IBM format. This presents a challenge for administrators who need to monitor their IBM i logs. Download this podcast to learn about: Real-time security event logging on the IBM i Monitoring your most critical data with IBM Security QRadar Meeting compliance requirements like PCI DSS, HIPAA, FFIEC, and more

As cloud storage becomes commonplace, the need to protect and encrypt data grows more important than ever. The critical question becomes, who has access to your encryption keys? Download this podcast to learn about: Download this 20-minute podcast to learn more about: Encrypting data in the cloud Why encrypted data in the cloud may not be as secure as you'd think Special considerations for managing encryption keys in the cloud

For SQL Server users in VMware environments, encryption and key management is easier than ever. With a ready-to-deploy OVA formatted solutions, VMware customers can launch an encryption key manager with standard VMware tools and begin securing their sensitive data in SQL Server within minutes. Download this 20-minute podcast to learn more about: • Encrypting data on Microsoft SQL Server in VMware environments • Using Transparent Data Encryption (TDE), Cell Level Encryption, and Extensible Key Management (EKM) • Encrypting data in SQL Server Enterprise and Standard editions

Every business is trying to save money and reduce complexity in their IT departments, and many are accomplishing this today by using virtual machines such as VMware. While these business's infrastructures are becoming virtual, their security threats are still very much real. Download this 20-minute podcast to learn more about: • Encrypting data in VMware • Encryption performance • Special encryption and key management concerns for VMware users

Data breaches are no longer a matter of “if” but “when”. When developing a data breach response plan it is important to consider the technologies you can implement to help mitigate a data breach, or prevent one from happening altogether. Download this 10-minute podcast to learn more about: * Managing risk by implementing the right technologies * What executives can learn from the latest data breaches * Asking the right data security questions * Encryption in the cloud

Amazon Web Services (AWS) is a deep and rich cloud platform supporting a wide variety of operating systems, services, and third-party applications. What can enterprises do to make sure their data is protected? Download this 20-minute podcast to learn more about: Protecting data in Amazon Web Services (AWS) Securing data in RDS, S3, EBS, and DynamoDB Strategies for deploying a key manager Meeting compliance regulations

Are there any special considerations for encryption and key management in VMware? This podcast discusses overcoming the challenges of encryption in VMware. Download this 15-minute podcast to learn more about: • Encryption and key management with VMware • How to avoid the common "gotchas" • The importance of certified solutions

Developing secure websites in Drupal can be a challenge, especially when it comes to encrypting sensitive data and meeting compliance. Download this 20-minute podcast to learn more about: • Encrypting data in Drupal • What data needs to be encrypted • Encryption key management • Townsend Security's Drupal Developer program

While Amazon Web Services (AWS) delivers a secure, scalable cloud computing platform, organizations may be required to deploy an additional layer of security to protect the data they store in the cloud. Download this 20-minute podcast to learn more about:• Protecting data in Amazon Web Services (AWS)• Best practices for deploying a key manager in the cloud• Meeting compliance regulations

Encrypting data in Microsoft SQL Server is often difficult to understand because of the different encryption options offered. Download this 20-minute podcast to learn more about: • Options for encrypting data in Microsoft SQL Server - TDE, Column-• Level, and with the .NET Framework • Managing encryption keys and using Extensible Key Management (EKM) • Automating encryption and key management without TDE & EKM

Expensive encryption and key management solutions, losing encryption keys, and difficult deployments are now a thing of the past. Download this 20-minute podcast to learn more about: • Encryption performance impacts • Why you shouldn't worry about losing an encryption key • How encryption and key management are now easier than ever

Drupal developers who need to protect sensitive data know that storing their encryption keys within the CMS puts their data at risk for a breach. Users who are currently encrypting sensitive data in Drupal are storing the encryption key locally in either a file protected on the server, in the database, or in Drupal’s settings file. None of these methods meet data security best practices or compliance regulations such as PCI DSS, HIPAA/HITECH, state privacy laws, etc. For this special podcast, Chris Teitzel, CEO of Cellar Door Media and Rick Hawkins, owner of Alchemy Web Solutions, join Patrick Townsend, CEO of Townsend Security, to talk about encrypting sensitive data in Drupal.

As organizations are moving their applications and sensitive data to Windows Azure and leaving behind the traditional data center, they are turning to virtual machines to run their IT infrastructure. Townsend Security recently release the first encryption key manager to run in Microsoft Windows Azure, solving the data security problem that has held many companies back. - Download this podcast to hear Patrick Townsend discuss: - Protecting data in Microsoft Windows Azure - Best practices for deploying a key manager in the cloud - Meeting compliance regulations