Expert(s):
Product Manager feature_status*/ ?>
comforte AG

Comments Dotted : 22
December 10, 2020

Expert Insight On Ransomware Forces Hosting Provider Netgain To Take Down Data Centers
All enterprises should take away from this incident a very simple lesson.
The ransomware attack affecting the cloud hosting service provider Netgain must be of concern to its customers. All indications show that Netgain has been working very proactively to isolate and mitigate the situation while keeping the customer base fully informed. This response is appropriate and admirable given the situation. In the wake of these types of data security incidents, the best-case scenario is that the service disruptions are a nuisance but that sensitive data remains protected. .....Read More
The ransomware attack affecting the cloud hosting service provider Netgain must be of concern to its customers. All indications show that Netgain has been working very proactively to isolate and mitigate the situation while keeping the customer base fully informed. This response is appropriate and admirable given the situation. In the wake of these types of data security incidents, the best-case scenario is that the service disruptions are a nuisance but that sensitive data remains protected. All enterprises should take away from this incident a very simple lesson. If your business relies on cloud services for data handling, processing, and storing, you are responsible for the protection of sensitive data. If regulations are broken, your business must answer for the way that you handle and protect peoples’ sensitive data in the cloud. This should not inspire fear but rather should encourage you to reassess how you are protecting your customers’ most sensitive, private information no matter where that data is. Are you relying on more traditional perimeter- and access-focused methods of data protection, or are you taking a more data-centric approach that protects the data itself? If incidents like this can cause you to rethink your strategy and ask yourself questions like this, then that is a good outcome for your business.  Read Less
November 23, 2020

Expert Insights: Faith App Pray.com Exposes Millions Through Cloud Misconfiguration
Organizations should consider data-centric protection methods.
The unintentional but unfortunate exposure of personal data for which Pray.com is responsible for care-taking should remind every organization to rethink their data security for cloud-based applications and storage. The assumption that cloud providers take care of every aspect of security for their enterprise customers is a faulty one—each organization bears the responsibility to provide an adequate level of data protection for information they process or store in their cloud repositories......Read More
The unintentional but unfortunate exposure of personal data for which Pray.com is responsible for care-taking should remind every organization to rethink their data security for cloud-based applications and storage. The assumption that cloud providers take care of every aspect of security for their enterprise customers is a faulty one—each organization bears the responsibility to provide an adequate level of data protection for information they process or store in their cloud repositories. Because data within the cloud is frequently in motion, more traditional perimeter-based mechanisms can fall far short of effective. Organizations should consider data-centric protection methods such as tokenization and format-preserving encryption because they travel with the data while still obfuscating the sensitive information being protected. If protected sensitive data falls into the wrong hands, threat actors cannot compromise the tokenized or encrypted information.  Read Less
November 19, 2020

What Expert Says On New Canadian Privacy Law
Steeper fines only add to the incentive for companies to comply with data privacy mandates.
The introduction of Canada’s proposed Digital Charter Implementation Act continues the trend toward tighter governmental regulation of businesses handling and processing consumers’ private and sensitive data. Steeper fines only add to the incentive for companies to comply with data privacy mandates, joining other negative outcomes such as tarnished brand reputation and loss of trust in the offending business. The move should serve as a strong reminder to businesses located or operating.....Read More
The introduction of Canada’s proposed Digital Charter Implementation Act continues the trend toward tighter governmental regulation of businesses handling and processing consumers’ private and sensitive data. Steeper fines only add to the incentive for companies to comply with data privacy mandates, joining other negative outcomes such as tarnished brand reputation and loss of trust in the offending business. The move should serve as a strong reminder to businesses located or operating in Canada that data security is paramount to doing business in the country. Each organization should rethink how they protect sensitive data throughout its entire lifecycle, including knowing where this data is within their infrastructure, the level of sensitivity, and the right way to protect sensitive information. Data-centric security measures such as tokenization and format-preserving encryption are far more effective than perimeter-based methods, facilitating data freedom of movement that businesses need in order to use that information effectively while complying with strong data privacy regulations such as this proposed act.  Read Less
November 16, 2020

Expert Insight: Info Of 27.7 Million Texas Drivers Exposed In Vertafore Data Breach
The best part is that data-centric security travels with the data.
The Vertafore data breach, in which the personally identifiable information of millions of Texas drivers was revealed, reinforces the weaknesses inherent in a perimeter-only strategy. The breach was reported to have occurred due to the sensitive data being transferred to an unsecured external storage device. If that data itself had been secured, rather than relying on the security mechanisms of the storage device or the perimeter around it (or lack thereof), then the data essentially would be.....Read More
The Vertafore data breach, in which the personally identifiable information of millions of Texas drivers was revealed, reinforces the weaknesses inherent in a perimeter-only strategy. The breach was reported to have occurred due to the sensitive data being transferred to an unsecured external storage device. If that data itself had been secured, rather than relying on the security mechanisms of the storage device or the perimeter around it (or lack thereof), then the data essentially would be useless to anybody trying to leverage the stolen information. This style of defence, known as data-centric security, includes methods such as tokenization, which replaces sensitive information with meaningless representational tokens. The best part is that data-centric security travels with the data, so even if it winds up in an unsecured location, as happened in the Vertafore breach, peoples’ most sensitive personal information will still be protected.  Read Less
October 29, 2020

Enel Group Hit Again By Ransomware And Netwalker Demands $14 Million
A data-centric approach means applying strong security mechanisms.
When multinational companies are hit by attacks and data breaches, it’s very easy and tempting to dismiss the situation as something that could never happen to our own organization. Whether this complacency is due to over-confidence in our data security strategy or unwillingness to entertain the possibility at all, complacency itself becomes an opening and a weak spot in your defenses. The recent ransomware attack suffered by Enel Group—the second one this year—shouldn’t lead to.....Read More
When multinational companies are hit by attacks and data breaches, it’s very easy and tempting to dismiss the situation as something that could never happen to our own organization. Whether this complacency is due to over-confidence in our data security strategy or unwillingness to entertain the possibility at all, complacency itself becomes an opening and a weak spot in your defenses. The recent ransomware attack suffered by Enel Group—the second one this year—shouldn’t lead to comparisons and assumptions that “it could never happen in my organization.” Rather, it should be a clarion call for every serious and responsible organization to reassess and make appropriate course corrections. What does a reassessment of your data security strategy mean? It means making sure that you not only shore up your entire data environment and the defensive perimeters around it but also consider how to secure your sensitive organizational data if it happens to be apprehended and brought outside that protected perimeter. A data-centric approach means applying strong security mechanisms such as format-preserving encryption or tokenization to your sensitive data so that threat actors cannot compromise that data if they manage to breach your perimeter. Tokenization in particular replaces sensitive data with benign tokens that don’t convey any real meaning, so sensitive information cannot be understood or compromised. Data-centric security travels with the data, and it’s a perfect complement to strong perimeter defenses. It renders stolen data worthless to attackers. Enel Group will no doubt engage in this type of reassessment—typically attacks have this effect. The rest of us can sympathize with them and turn that eye of scrutiny inward to make sure the same doesn’t happen to the rest of us.  Read Less
September 14, 2020

Expert commentary: Razer Gaming Fans Caught Up in Data Leak From misconfigured Elasticsearch
Data-centric security addresses the need for security to travel with the data it protects.
Managing and securing customer data is no game – the breach at Razer is another testament that privacy requires organizations to take data security seriously and move beyond reinforcing perimeter and access controls. This is not to say that they need to neglect perimeter security. However, no matter how much effort and investment are poured into securing the borders of their data environment, sensitive data inevitably will wind up in the wrong hands—either through intentional intrusion and.....Read More
Managing and securing customer data is no game – the breach at Razer is another testament that privacy requires organizations to take data security seriously and move beyond reinforcing perimeter and access controls. This is not to say that they need to neglect perimeter security. However, no matter how much effort and investment are poured into securing the borders of their data environment, sensitive data inevitably will wind up in the wrong hands—either through intentional intrusion and theft, unintentional distribution, or pure lack of oversight. Data-centric security addresses the need for security to travel with the data it protects (rather than merely securing the boundaries around that data). Standard encryption-based security is one way to do this, but encryption methods come with sometimes-complicated administrative overhead to manage keys. Also, many encryption algorithms can be easily cracked. Tokenization, on the other hand, is a data-centric security method that replaces sensitive information with innocuous representational tokens. This means that, even if the data falls into the wrong hands, no clear meaning can be derived from the tokens. Sensitive information remains protected, resulting in the inability of threat actors to monopolise on the breach and data theft. Had this highly sensitive personal data been tokenized in the Razer environment, none of it would have had the potential to compromise individual users. This type of preventative helps keep organisations within compliance regulations and helps to avoid other liability-based repercussions.  Read Less
September 11, 2020

Expert Insight: Data center giant Equinix discloses ransomware incident
If you don’t have the in-house knowledge, then you should consult with data-centric security experts.
Equinix’s recent disclosure of a ransomware incident appears to be hopeful in that the exposure of any sensitive information seems to be mitigated and the situation is under control. What this incident reveals—and what every organisation should take away from it—is that if an IT leader such as Equinix can experience this, so can any other business or organisation. Fortunately, Equinix has the in-house knowledge and resources to handle sensitive data effectively and remain in compliance.....Read More
Equinix’s recent disclosure of a ransomware incident appears to be hopeful in that the exposure of any sensitive information seems to be mitigated and the situation is under control. What this incident reveals—and what every organisation should take away from it—is that if an IT leader such as Equinix can experience this, so can any other business or organisation. Fortunately, Equinix has the in-house knowledge and resources to handle sensitive data effectively and remain in compliance with regulatory mandates, but not every enterprise can claim that. Therefore, being attentive to know where all your sensitive data is located, being secure in your perimeter and access defenses, but also implementing data-centric security that can travel with the data no matter where it goes, all are part of an end-to-end data security strategy. If you don’t have the in-house knowledge, then you should consult with data-centric security experts who can provide the right guidance to keep your sensitive enterprise data secure  Read Less
September 01, 2020

Expert On Report: Cost Of Cybercrime Per Minute Expected To Reach $11.4 Million By 2021
This has a decidedly sweeping and negative effect that can be quantified, too.
The costs of a data breach, as indicated by the RiskIQ report, are mind-boggling when you think of the aggregate effect on economies overall and how those costs ultimately can trickle down to all organizations. When an attacker successfully targets an organization, the costs can have a serious negative effect on the business’s bottom line. Yet another often-overlooked cost is what these successful attacks can do to any organization’s brand reputation and the customer loyalty it has.....Read More
The costs of a data breach, as indicated by the RiskIQ report, are mind-boggling when you think of the aggregate effect on economies overall and how those costs ultimately can trickle down to all organizations. When an attacker successfully targets an organization, the costs can have a serious negative effect on the business’s bottom line. Yet another often-overlooked cost is what these successful attacks can do to any organization’s brand reputation and the customer loyalty it has invested so much into building. Customers and business partners place faith in an organization by sharing vital and sensitive data—if the business does not do everything it can to guard and protect that data, the contract of trust is breached, too. This has a decidedly sweeping and negative effect that can be quantified, too, in customers or partners who abandon the company. And that means lost business and income. The best way to avoid all these costs is to make sure that all sensitive data is protected, not just the environment and perimeter around that data. A data-centric approach such as tokenization, which replaces sensitive data with meaningless tokens and thus cannot be compromised, is the best place to start when seriously investigating how to avoid all these detrimental effects.  Read Less
August 13, 2020

ProctorU Breach: Expert Commentary
But the most damaging part of any data breach is the loss of trust and the brand reputation which can result from a data breach.
The mission of ProctorU is a good and beneficial one, ensuring that test-taking is fair and conforms to the rules. The irony in this data breach is that ProctorU specializes in monitoring (the testing process), but they overlooked the risks to their own data environment. Unfortunately, peoples’ private data is now compromised, and ProctorU must exert time, effort, and expenses in an attempt to mitigate the situation. But the most damaging part of any data breach is the loss of trust and the.....Read More
The mission of ProctorU is a good and beneficial one, ensuring that test-taking is fair and conforms to the rules. The irony in this data breach is that ProctorU specializes in monitoring (the testing process), but they overlooked the risks to their own data environment. Unfortunately, peoples’ private data is now compromised, and ProctorU must exert time, effort, and expenses in an attempt to mitigate the situation. But the most damaging part of any data breach is the loss of trust and the brand reputation which can result from a data breach. The cautionary tale here is to make sure that data itself is protected before a breach occurs. Perimeter-based defensive methods only go part of the way toward protecting data. Why? Threat actors always find a way around perimeter defenses and into a sensitive data environment. Therefore, responsible organizations should consider data-centric methods of security such as tokenization, which replaces sensitive data with meaningless representational tokens, to obfuscate the sensitive aspects of any data which falls into the wrong hands. The real strength of data-centric security like tokenization is that it travels with the data, so even if a threat actor winds up with it, nothing private and sensitive can be derived from it. It is worthless to those cheaters who would leverage it for their own gain.  Read Less
July 23, 2020

Expert On Family Tree Maker Exposing Users’ Private Information
Many encryption algorithms can be easily cracked.
As the Family Tree Maker scenario clearly displays, security administrators, need to move beyond reinforcing their perimeter boundaries and access mechanisms. This is not to say that they need to neglect perimeter security. However, no matter how much effort and investment are poured into securing the borders of their data environment, sensitive data inevitably will wind up in the wrong hands—either through intentional intrusion and theft, unintentional distribution, or pure lack of.....Read More
As the Family Tree Maker scenario clearly displays, security administrators, need to move beyond reinforcing their perimeter boundaries and access mechanisms. This is not to say that they need to neglect perimeter security. However, no matter how much effort and investment are poured into securing the borders of their data environment, sensitive data inevitably will wind up in the wrong hands—either through intentional intrusion and theft, unintentional distribution, or pure lack of oversight. Data-centric security addresses the need for security to travel with the data it protects (rather than merely securing the boundaries around that data). Standard encryption-based security is one way to do this, but encryption methods come with sometimes-complicated administrative overhead to manage keys. Also, many encryption algorithms can be easily cracked. Tokenization, on the other hand, is a data-centric security method that replaces sensitive information with innocuous representational tokens. This means that, even if the data falls into the wrong hands, no clear meaning can be derived from the tokens. Sensitive information remains protected, resulting in the inability of threat actors to monopolize on the breach and data theft. Had this highly sensitive personal data been tokenized in the Family Tree Maker environment, none of it would have had the potential to compromise individual users. This type of preventative helps keep organizations within compliance regulations and helps to avoid other liability-based repercussions.  Read Less