MFT Secures Both Secrets and Data

7 04 2010

In a new report published by Forrester Research, entitled, “The Value of Corporate Secrets: How Compliance and Collaboration Affect Enterprise Perceptions of Risk,” 90 percent of enterprises surveyed agreed that compliance with PCI-DSS, data privacy laws, data breach regulations and existing security policies is the primary driver of their secure data programs.  Additionally, nearly 70 percent of enterprises said that compliance with internal security policies has caused them to spend more time, money or effort protecting their data.

So, what data are they focusing on?

Enterprises surveyed are putting a higher value on “corporate secrets” such as proprietary knowledge or any information a company wants to keep under wraps. The report states, “secrets tend to be messily and abstractly described in Word documents, embedded in presentations and enshrined in application-specific formats like CAD.” Custodial data, in essence, customer, medical and payment card information, “has little intrinsic value in and of itself.” However, when a data breach occurs, the “benign” data becomes harmful as it has adverse effects via fines, negative press, a tarnished reputation and customer complaints.

While the report finds that most respondents put more value on corporate secrets, shouldn’t there be a solution for both corporate secrets and custodial data? I would think both stolen corporate secrets and data breach headlines would provide equal parts drama. Moreover, one of the conclusions drawn from the study is that most enterprises do not actually know whether their data security programs work or not.

Whether it’s an ad-hoc file transfer (those messy PowerPoints) or thousands of files of customer and partner information (credit cards, Social Security numbers, etc,), there is a solution to ensuring all data is protected.


PCI DSS and Managed File Transfer

18 02 2010

As a small business owner or CEO of a large organization, do you know if you are PCI DSS (Payment Card Industry Data Security Standard) compliant? While the requirements were designed to help businesses prevent credit card fraud, does it prevent data breaches? The Heartland Payment Processing Systems Breach is an example of a PCI DSS compliant company that compromised millions of card numbers.

The Security of Your Customer's Credit Cards is in Your Hands

PCI DSS requirements state to protect stored card holder data, a business must, “Encrypt transmission of card holder data across open, public networks.” Additionally, PCI DSS requires business to implement strong access control measures by assigning a unique ID to each person with computer access. For the full scope of requirements, visit the PCI DSS Web site.

There is a solution to adhere to requirements: Managed File Transfer (MFT). A MFT solution meets and exceeds the PCI DSS requirements by providing data encryption to all information transfer while being able to track and monitor all access of network resources and card holder data.

As previously mentioned, The Heartland breach proved to have severe fallout for the company, its reputation and most importantly, its customers.

How do you achieve compliance?