Security Insider - Podcast Edition

User names and passwords are no longer good enough. To protect sensitive data, businesses need another layer of security and are often turning to two factor authentication. By deploying a two factor authentication solution organizations can easily enhance their security in a cost-effective way, as well as meet compliance regulations and recommendations.

With encryption key management now being offered on hardware, virtualized, and cloud platforms, is it simply just a matter of preference or is one option better than another? Download this 20-minute podcast to learn more about: • Deploying encryption key management as an HSM, Cloud HSM, Virtual Appliance (VMware, Hyper-v, Xen) or in the cloud (Windows Azure, Amazon Web Services, vCloud, etc.) • Factors to consider when deciding which option is right or you • What compliance regulations say about the different options • Challenges for applications running in the cloud or virtual environments

Organizations who encrypt data in the cloud regularly report that loss of control of cryptographic keys is a top concern. Advances in encryption technology have made protected sensitive data easier than ever. However, encryption key management has remained a challenge. Organizations are now able to address this problem with the recent introduction of encryption key management in the cloud. Joining us today is Patrick Townsend, CEO of Townsend Security. We will discuss why encryption key management has been difficult for organizations who store their data in the cloud, special considerations for meeting compliance regulations, and what to look for when considering a cloud key management solution.

As more enterprises begin to outsource hosting and move confidential data to the cloud, the protection of encryption keys become the number one action that determines the true effectiveness of their encryption strategy. In this podcast, Patrick Townsend discusses the information security CIA triad (confidentiality, integrity, and availability) and how it relates to encryption key management, what compliance regulations say about managing encryption keys, and how encryption and key management arm enterprises with a strong, defense-in-depth approach to data security.

Is Your Property Management System Really Secure? According to a new report by British insurance firm WIllis Group Holdings, insurance claims for data theft worldwide jumped 56% last year, with 38% of those attacks targeting hotels, resorts, and casinos. Property Management Systems (PMS) contain a deep well of Personally Identifiable Information (PII), such as credit card numbers, phone numbers, email addresses, etc., which is often not properly secure within a PMS - leaving users at risk for a breach. Download this podcast to learn: How Property Management Systems can better secure guest data Why the hospitality industry is a target for data thieves How PMS vendors can boost their own security posture How ISVs and Solution Providers can gain additional revenue by offering stronger data security

Encryption and key management are now industry standards and work across both legacy and newer business systems, multi-platform and multi-tenant networks, remote access workstations, geographical offices, data centers, and third-party business partners. But how do you know what to take into consideration when deciding on an encryption key manager? Download this podcast to hear Joan Ross, CEO, discuss: "Must Haves" when evaluating an encryption key manager Just because data is encrypted, it doesn't necessarily mean it is safe Principles of effective encryption key management Special considerations for companies who are moving their data into the cloud

PGP encryption has become the de facto standard for securing data in motion on the IBM i. It can help businesses meet compliance regulations such as PCI DSS by encryption credit cards and other PII as it is in transit to your trading partners. In this podcast, Patrick Townsend discusses the differences between Open PGP and Commercial PGP, which version a company who faces compliance regulations should use, and how Townsend Security is helping IBM i users secure their data with PGP encryption.

Server virtualization has been a game-changing technology for IT, providing efficiencies and capabilities that have previously been impossible for organizations constrained in a physical world. Now Organizations can deploy servers in both their data centers and the cloud using virtualization technologies such as VMware. Download this podcast to hear Patrick Townsend discuss: • The benefits of virtualized encryption key management • How organizations can use virtualized servers in their data centers and the cloud • Special compliance considerations for enterprises who virtualize their infrastructure • What Townsend Security is doing to help organizations deploy virtualized encryption key management

As a data security company, we see plenty of organizations think they are doing the right things to keep their data safe, but are falling down on a few key areas. For this special podcast, Patrick Botz of Botz and Associates joins Patrick Townsend to present their top three IBM i security tips to help keep your IBM i secure and data safe.

While payment application vendors are required to certify their payment applications with PCI, compliance regulations are not set in stone and likely to change. Retail ISVs need to be aware of this, and that just because their solution was certified yesterday, their encryption and key management practices might not suffice during their next certification. Join Patrick Townsend, Founder and CEO, as he discusses: • The challenges that POS and Payment Application Vendors have with securing their customers’ data • Why meeting compliance regulations is really the low-bar for data security • How Townsend Security has re-defined what it means to partner with a security company

Data security is a huge concern for retail companies who expect their point of sale (POS) system vendors to protect their customers’ data. Although POS vendors are required to certify their POS devices with the Payment Card Industry (PCI), many still scrape by with poor encryption and key management practices in their payment applications. Join Patrick Townsend, Founder and CEO, as he discusses: • The challenges that POS vendors have with securing their customers’ data • Why meeting compliance regulations is really the low-bar for data security • How Townsend Security has re-defined what it means to partner with a security company

Until recently, password management has been a challenge for TrueCrypt encryption users. Enterprises can now encrypt sensitive data for any Windows application or folder with TrueCrypt and create cryptographically strong passwords with Alliance Key Manager, a FIPS 140-2 compliant key management HSM. In this 15-minute podcast Patrick Townsend discusses: Why an organization would use TrueCrypt encryption Meeting the challenges of managing TrueCrypt passwords What Townsend Security is doing to help organizations manage TrueCrypt passwords

With the push to make more data and business applications accessible to workers from their mobile devices, administrators have new security concerns. Security expert Patrick Botz joins us to discuss how to keep valuable data secure in the face of mobility and to offer suggestions on how to simplify this complex issue.

Patrick Townsend discusses data security and the technologies available to protect your IBM i – from tokenization to various types of encryption. You’ll discover the uses for each, and which best fit your data protection strategy. Includes tips on choosing the right technology.

The Department of Health and Human Services (HHS) recently released an update to its meaningful use policies about encrypting patient information. They made one thing perfectly clear – the only way to avoid the data breach notification requirement, and potential fines, is to encrypt the data. With small and mid-sized businesses increasingly the target of cyber attacks, the time to address encrypting personal health information (PHI) is now.

Sensitive data can now be automatically encrypted using Townsend Security's NIST-certified encryption libraries and developers can use cross-platform PHP to easily communicate with modern systems. Additionally, PHP can be used to transform complicated green screens into a familiar, simple user interface. For this special podcast, Eric Nies from NSC Software Solutions joins Patrick Townsend, Founder and CEO of Townsend Security, to discuss data security with PHP on the IBM i.

Meeting compliance regulations doesn't need to be complex or costly - as long as you are using the correct key management tools. Listen to this podcast to hear Patrick Townsend, Founder & CEO, discuss what compliance requirements require key management, identify the barriers to good key management, and what to look for when evaluating an encryption key manager.

Password management continues to be a challenge for all organizations - large and small. Poor management leads to insecure passwords and inconsistent policies – and these lead to more data breaches. For this special podcast, Patrick Botz joins us to talk about Single Sign On on the IBM i and how it can be used to easily and securely manage user accounts and passwords.

File Integrity Monitoring (FIM) tools allow administrators to selectively monitor data access and change activity at the column or field level - without changing applications or user accounts. Join Patrick Townsend as he discusses why implementing FIM tools is a best practice and compliance requirement, how administrators are using them, and what makes the Townsend Security solution unique.

As organizations adopt Microsoft’s Azure cloud offering, one of the top questions we hear is “How do I protect my sensitive data?” In this podcast, Patrick Townsend discusses protecting sensitive data in Azure with encryption and key management, performance considerations, best practices for managing encryption keys, and what to look for when deciding on an encryption key management solution. Additionally, we discuss the importance of having a key management strategy that lines up with the various compliance regulations.