On gmail, cybersecurity and passwords - Key Management Insights

About

Welcome to the Thales Key Management digital media news centre.
As companies look to protect their customer data and other sensitive information, encryption is being deployed more widely. Yet if an encryption key is lost then that data cannot be recovered. Avoiding this problem demands formalized processes and robust technologies for key management making the protection, management and secure use of cryptographic keys a fundamental component of modern IT security.

This Thales media center provides information on international industry issues and trends relating to the general topic of key management. There's a also a Q & A page here which aims to answer some of the frequently asked questions on the subject. Key management affects organizations across all sectors and this site includes information on global best practices, regulation, technology, deployment scenarios and key management strategy.

Thales leads in the provision of information and communication systems security solutions for government, defence, critical infrastructure, enterprise and the finance industry. Thales’s comprehensive portfolio of security products and services protect electronic information – safeguarding transactions, IT operations and information transfers within highly sensitive and regulated environments.

Subscribe by email

Subscribe by RSS

Find out more at www.thalesgroup.com/iss

Visit our payments site at www.paymentssecurity.com

Contributors

Richard Moulds
EVP of product strategy for the information systems security activities of Thales

Jon Geater
Director of Technical Strategy

Steve Brunswick
Strategy Manager
Thales Information Systems Security

Key Management for Dummies

Resources

Case Studies
Follett Corporation

Webinars
2009 Encryption and Key Management Benchmark Report

Database Encryption for Microsoft SQL Server 2008

Key Management - The Hype and The Reality

Key Management for Tape Encryption

White Papers
Database Encryption and Key Management for Microsoft SQL Server 2008

Best Practices for Storage Encryption and Key Management

2008 Encryption & Key Management Benchmark Survey

Key Management for Dummies

Latest press releases

Thales and Ponemon Institute PCI DSS survey reveals encryption is the most effective means for end-to-end protection March 1, 2010

Thales and IBM deliver secure encryption key management for storage February 22, 2010

Certicamara selects Thales Time Stamp Server to verify accuracy of electronic documents February 16, 2010

Thales Thales adds multipoint capability to Datacryptor Ethernet Layer 2 Encryptors February 8, 2010

Thales in the press

The role of encryption in database security May 15, 2009 Help Net Security

Key Exchange May 14, 2009 eWeek podcast

The key to encryption is how you control it May 5, 2009 Secure IT

Database encryption strategy guide from Thales April 30, 2009 Pro Security Zone

Thales addresses encryption key management April 16, 2009 InfoStor

Events diary

Webinar: MPLS Ethernet Encryption
March 18, 2010

Secure World Expo - Compliance Panel
March 23, 2010 to March 24, 2010

Secure World Expo - Compliance Panel
April 27, 2010 to April 28, 2010

« Data classification – learning to walk before we run with cloud computing | Main | Hackers say unencrypted data is there for the asking »

June 02, 2011

On gmail, cybersecurity and passwords

Another day, another cyber security headline. This time it’s the attack on personal gmail accounts which has left hundreds of US government and military personnel (along with other high-value targets) potentially exposed...

There’s not a lot to say about this that I didn’t say in my Advanced Persistent Threat post (and related articles) except to note that widespread reporting of this issue has been refreshingly plain and understanding. I fully expected to see tales of cyber war, Google-bashing and condemnation of Cloud Security arising from this but instead it seems people (by which I mean mainstream media) are starting to get the idea about things like Spear Phishing, and understand this attack for what it was.

Insidious, yes. Worrying, certainly. Important too but the point is this specific attack is not where the damage is being done: that comes later when the information harvested is exploited. That people are beginning to understand these subtleties of online security is truly a good thing.

Now all we need to do is fix the systems that make these attacks so easy on all but the most wary of prey. So that’s just DNS, HTTP, web browsers, HTML email… Hmm. I wonder if this will get a special mention at this week’s Cyber Security Summit.

Jon Geater

Posted at 17:41 in Current Affairs, Data breach notification regulation, Encryption, End-to-end encryption | Permalink

Key Management Q&A

Want to know more about key management? This Q & A might help provide some answers

Key management resources

Encryption key management news
IEEE
Implementing the Payment Card Industry Data Security Standards (PCI DSS)
NIST
PCI Security Standards
SC Magazine
Visa's list of PCI DSS validated service providers

Categories

Auditing and compliance
Data breach notification regulation

Security
End-to-end-encryption

Standards
Future-regulation
PCI DSS

Technologies
Cloud computing

Usage and deployment
Storage

Archives

Subscribe to this blog's feed

Press contact

Liz Harris
Thales
+44 (0)1223 723612

Image library

www.flickr.com