Security Insider - Podcast Edition

By many, encryption is considered the hardest part of data security, and key management the hardest part of encryption. As such, it is far too common to see businesses not properly storing their encryption keys - for example, keeping them in a database in the clear or even burned into their application’s code. This podcast discusses the latest trends and perspectives around encryption key management and how to better protect your data. Download this podcast to learn about: The current state of encryption key management Databases/applications that natively support encryption key management Meeting evolving compliance requirements

Over the last several years, encryption key management has attained “essential infrastructure” status. When done properly, key management can protect encrypted data - and in the event of a data breach, can even provide a company with an exemption for a breach notification. Download this podcast to learn about: What enterprises should look for in an encryption key manager The importance of standards (FIPS 140-2, PCI DSS validation, etc.) Meeting data security compliance (PCI DSS, GDPR, HIPAA, etc.) requirements with encryption key management KMS (Key Management Server) vs. KMS (Key Management Service)

VMware virtualization has been a game-changing technology for IT, providing efficiencies and capabilities that have previously been impossible for organizations constrained within a traditional IT data center world. With vSphere version 6.5 and vSAN version 6.6 VMware customers now have the ability to encrypt VMware managed virtual machines and virtual disk. Join Patrick Townsend, Founder and CEO of Townsend Security, as he talks about how to protect data in VMware with encryption and key management. Download this podcast to learn about: vSphere and vSAN encryption Deploying multiple, redundant key servers as a part of the KMS Cluster configuration Meeting compliance regulations and security best practices (PCI DSS, GDPR, etc.)

The European General Data Protection Regulation (GDPR) is radically transforming the information technology space. Organizations of all sizes and types, and cloud service providers large and small, must adjust to the notion that people now fully own information about themselves. Join Patrick Townsend, Founder and CEO of Townsend Security, as he talks about how to use encryption and key management to help meet GDPR, the right of erasure, also known as the right to be forgotten, and how to avoid bad key management practices which will result in GDPR compliance failures. Download this podcast to learn about: Data security requirements of GDPR Right of erasure (also known as "the right to be forgotten") Meeting GDPR with encryption and key management The importance of standards and best practices

PCI DSS requiress two factor authentication (also known as multifactor authentication) - something you know and something you have. For IBM i users, this usually means a password and an authentication code provided to a token or mobile device. However, tokens are expensive and are frequently lost - and SMS messages to mobile devices have become a deprecated method. Join Patrick Townsend, Founder and CEO of Townsend Security, as he discusses the PCI recommendations, how to meet 2FA compliance requirements with a mobile based solution, and how Townsend Security is helping IBM i users meet the latest two factor authentication compliance requirements. Download this podcast to learn about: PCI DSS and NIST requirements for two factor authentication Protecting critical data on the IBM i with two factor authentication Mobile based authentication with Twilio's Authy Introduction to Alliance Two Factor Authentication

It is difficult to say big data without instantly thinking about MongoDB. As enterprises adopt MongoDB, they also bring security concerns with them. Depending on their business, they may have multiple government (HIPAA, GDPR, FFIEC, etc.) or business (PCI DSS, etc) security regulatory standards with which they need to comply. Join Patrick Townsend, Founder and CEO of Townsend Security, as he talks about leveraging the WiredTiger storage engine, achieving a strong security posture with key management, and how to easily begin encrypting data in MongoDB Enterprise. Download this podcast to learn about: Encryption using the WiredTiger storage engine - no need to buy 3rd party encryption! Easily generate a master encryption key and begin encrypting database keys using native command line operations Meeting compliance requirements (PCI DSS, HIPAA, GDPR, etc.) The importance of KMIP

While the IBM i (AS/400) is considered by many to be a secure platform, it is not immune to data breaches. For this special podcast, Clayton Weise of KeyInfo joins us to discuss running the IBM i in the cloud, maintaining a strong security posture, and common questions about cloud/on-prem hybrid networks. Download this podcast to learn about: IBM i, security, and why customers are moving to the cloud Improving IBM i security posture by moving to cloud Meeting compliance requirements in the cloud Future proofing your IBM i platform

Cyber criminals attempt to escalate their level of privilege by stealing and using administrative credentials. Because IBM i servers are accessed from user PCs across internal and external networks, credential stealing from these exposed PCs and networks is the preferred mechanism for compromising an IBM i server. Download this podcast to learn about: Identifying escalated privilege attacks on the IBM i Determining the true level of authority of a user profile Controlling and monitoring administrative level users Setting email alerts to include critical job and security information

The financial world is rapidly changing. Innovations in technology are impacting payments, lending, insurance, and even compliance. With huge amounts of private data being dealt with on a daily basis, data security is a top concern - and the best way to protect it is with encryption. Download this podcast to learn about: Encryption and key management Meeting the various compliance requirements Fintech in cloud environments Advice on selecting and evaluating a fintech vendor

The finance industry is increasingly being held accountable for the security, confidentiality and integrity of non-public customer information. By protecting nonpublic personal information (NPI) and personally identifiable information (PII), businesses in the banking and financial services industry can protect private information including: customer financial records, social security number, income, and account numbers. Organizations that experience a data breach where un-encrypted data is lost can suffer fines reaching into the millions of dollars, as well as face indirect costs like brand damage and customer loss. Download this podcast to learn about: Meeting data security compliance requirements (GLBA, FFIEC, PCI DSS, etc.) Examples of NPI and PII that need to be encrypted Encryption and key management How to take advantage of the GLBA’s “safe harbor” protection for privacy notices

As Covered Entities take electronic Protected Health Information (ePHI) move to the cloud, they need to understand the important role of having a Business Associate Agreement (BAA) in place and how to ensure that they are meeting HIPAA compliance when ePHI is outside of their walls. Download this podcast to learn about: What is considered electronic Protected Health Information (ePHI) The role of Business Associates (BA) as defined by the Department of Health and Human Services Storing ePHI in the Cloud and meeting HIPAA compliance Key takeaways that vendors can implement today for improved security

Active monitoring (sometimes referred to as Continuous Monitoring) is one of the most effective security controls that an organization can deploy - and can often detect a data breach before any information is lost. As the IBM i continues to evolve, so do sources of security logs. With logs being created from so many different sources, it is important to collect and monitor them in real-time to detect security events. Download this podcast to learn about: Current status of security logging on the IBM i The future of log collection and monitoring New logging sources in IBM i V7R3 Elements of an effective active monitoring strategy

Active monitoring (sometimes referred to as Continuous Monitoring) is a critical security control for all organizations and is one of the most effective security controls you can deploy. The large majority of security breaches occur on systems that have been compromised days, weeks, or even months before sensitive data is lost. With the release of V7R3, IBM i administrators have additional security logs to collect and monitor. Download this podcast to learn about: Log collection and monitoring on the IBM i New logging sources in IBM i V7R3 System log formats and standards Elements of an effective active monitoring strategy

Once data is encrypted, private information depends on key management to stay safe. As enterprises move to the cloud, it is important for key management solutions to provide high-availability, centralized key management to a wide range of applications and databases. Download this podcast to learn about: Encryption key management options in AWS (Key Management Service, Cloud HSM, third-party options) The different approaches to managing encryption keys Resources available to developers and managed service providers (MSPs) How Townsend Security is helping AWS customers protect their encryption keys with centralized key management

VMware and IBM's recent partnership lets customers migrate workloads back and forth between VMware-based private clouds and IBM SoftLayer. Join Patrick Townsend as he discusses what this partnership means (from a security perspective), compliance considerations, and how organizations can better secure their data in IBM SoftLayer. Download this podcast to learn about: Migrating your organization's VMware infrastructure to the cloud What the IBM/VMware partnership means to end users Challenges IBM i customers are facing regarding multi-factor authentication How Townsend Security is helping VMware users move to the cloud

Prior to version 3.2 of the PCI Data Security Standard (PCI DSS), remote users were required to use multi-factor authentication for access to all systems processing, transmitting, or storing credit card data. With version 3.2, this is now extended to include ALL local users performing administrative functions in the cardholder data environment (CDE). Download this podcast to learn about: What PCI DSS 3.2 means for IBM i administrators Why it is harder to identifiy an administrative user on the IBM i Challenges IBM i customers are facing regarding multi-factor authentication How Townsend Security is helping organizations meet PCI DSS 3.2 with multi-factor authentication

While the IBM DB2 Field Procedures (FieldProc) facility works quite well with native SQL applications, IBM i customers with legacy RPG applications have not been able to take full advantage of FieldProc to encrypt data in DB2 tables. In particular, the encryption of database columns, which are indexes, has been very difficult for IBM i customers using legacy RPG. This results with inability to use FieldProc encryption to protect sensitive data. Download this podcast to learn about: How IBM i customers with legacy RPG applications can deploy automatic DB2 encryption over sensitive data which are indexes How to leverage OAR capabilities to replace the legacy RPG file I/O with modern SQL operations What industries will benefit the most

Encryption of data at rest, along with good security policies, can help businesses meet compliance regulations like PCI DSS and HIPAA, safeguard enterprise IP, and protect customer PII. While MongoDB provides a mechanism to encrypt data, it is still up to the users to manage encryption keys. Download this podcast to learn about: When MongoDB users would need to deploy encryption and key management Encryption and key management best practices for MongoDB users How MongoDB fits into the larger set of open source and commercial databases The importance of KMIP

HIPAA requires covered organizations to implement technical safeguards to protect all electronic personal healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing, and monitoring of ePHI information. By knowing the relationship of HIPAA and HITRUST, covered entities and business associates can better understand their requirements for protecting ePHI. Download this podcast to learn about: The difference between HIPAA and HITRUST The difference between meeting compliance and managing security risk Protecting ePHI with encryption and key management How Townsend Security is helping covered entities protect ePHI

While Linux has a reputation as being secure, it is not immune to a data breach. Security administrators and application developers need to take a data-centric approach to protecting their private information – such as their employee data, intellectual property (IP), or customers’ PII. Without the proper controls in place, business applications and information are at risk. This podcast discusses: How developers can better secure their applications Choosing an encryption algorithm Encryption key management Resources for more information

As compliance regulations evolve, developers are finding themselves tasked with modifying existing applications to implement new, better security, as well as creating new applications that need to follow security best practices. Listen to this podcast to learn about: Meeting compliance requirements Writing code with a security perspective Encrypting data

Collecting real-time security events on the IBM i platform is different than other platforms - logs are stored in many different places in a proprietary IBM format. This presents a challenge for administrators who need to monitor their IBM i logs. Download this podcast to learn about: Real-time security event logging on the IBM i Monitoring your most critical data with IBM Security QRadar Meeting compliance requirements like PCI DSS, HIPAA, FFIEC, and more

As cloud storage becomes commonplace, the need to protect and encrypt data grows more important than ever. The critical question becomes, who has access to your encryption keys? Download this podcast to learn about: Download this 20-minute podcast to learn more about: Encrypting data in the cloud Why encrypted data in the cloud may not be as secure as you'd think Special considerations for managing encryption keys in the cloud

For SQL Server users in VMware environments, encryption and key management is easier than ever. With a ready-to-deploy OVA formatted solutions, VMware customers can launch an encryption key manager with standard VMware tools and begin securing their sensitive data in SQL Server within minutes. Download this 20-minute podcast to learn more about: • Encrypting data on Microsoft SQL Server in VMware environments • Using Transparent Data Encryption (TDE), Cell Level Encryption, and Extensible Key Management (EKM) • Encrypting data in SQL Server Enterprise and Standard editions

Every business is trying to save money and reduce complexity in their IT departments, and many are accomplishing this today by using virtual machines such as VMware. While these business's infrastructures are becoming virtual, their security threats are still very much real. Download this 20-minute podcast to learn more about: • Encrypting data in VMware • Encryption performance • Special encryption and key management concerns for VMware users

Data breaches are no longer a matter of “if” but “when”. When developing a data breach response plan it is important to consider the technologies you can implement to help mitigate a data breach, or prevent one from happening altogether. Download this 10-minute podcast to learn more about: * Managing risk by implementing the right technologies * What executives can learn from the latest data breaches * Asking the right data security questions * Encryption in the cloud

Amazon Web Services (AWS) is a deep and rich cloud platform supporting a wide variety of operating systems, services, and third-party applications. What can enterprises do to make sure their data is protected? Download this 20-minute podcast to learn more about: Protecting data in Amazon Web Services (AWS) Securing data in RDS, S3, EBS, and DynamoDB Strategies for deploying a key manager Meeting compliance regulations

Are there any special considerations for encryption and key management in VMware? This podcast discusses overcoming the challenges of encryption in VMware. Download this 15-minute podcast to learn more about: • Encryption and key management with VMware • How to avoid the common "gotchas" • The importance of certified solutions

Developing secure websites in Drupal can be a challenge, especially when it comes to encrypting sensitive data and meeting compliance. Download this 20-minute podcast to learn more about: • Encrypting data in Drupal • What data needs to be encrypted • Encryption key management • Townsend Security's Drupal Developer program

While Amazon Web Services (AWS) delivers a secure, scalable cloud computing platform, organizations may be required to deploy an additional layer of security to protect the data they store in the cloud. Download this 20-minute podcast to learn more about:• Protecting data in Amazon Web Services (AWS)• Best practices for deploying a key manager in the cloud• Meeting compliance regulations

Encrypting data in Microsoft SQL Server is often difficult to understand because of the different encryption options offered. Download this 20-minute podcast to learn more about: • Options for encrypting data in Microsoft SQL Server - TDE, Column-• Level, and with the .NET Framework • Managing encryption keys and using Extensible Key Management (EKM) • Automating encryption and key management without TDE & EKM

Expensive encryption and key management solutions, losing encryption keys, and difficult deployments are now a thing of the past. Download this 20-minute podcast to learn more about: • Encryption performance impacts • Why you shouldn't worry about losing an encryption key • How encryption and key management are now easier than ever

Drupal developers who need to protect sensitive data know that storing their encryption keys within the CMS puts their data at risk for a breach. Users who are currently encrypting sensitive data in Drupal are storing the encryption key locally in either a file protected on the server, in the database, or in Drupal’s settings file. None of these methods meet data security best practices or compliance regulations such as PCI DSS, HIPAA/HITECH, state privacy laws, etc. For this special podcast, Chris Teitzel, CEO of Cellar Door Media and Rick Hawkins, owner of Alchemy Web Solutions, join Patrick Townsend, CEO of Townsend Security, to talk about encrypting sensitive data in Drupal.

As organizations are moving their applications and sensitive data to Windows Azure and leaving behind the traditional data center, they are turning to virtual machines to run their IT infrastructure. Townsend Security recently release the first encryption key manager to run in Microsoft Windows Azure, solving the data security problem that has held many companies back. - Download this podcast to hear Patrick Townsend discuss: - Protecting data in Microsoft Windows Azure - Best practices for deploying a key manager in the cloud - Meeting compliance regulations

User names and passwords are no longer good enough. To protect sensitive data, businesses need another layer of security and are often turning to two factor authentication. By deploying a two factor authentication solution organizations can easily enhance their security in a cost-effective way, as well as meet compliance regulations and recommendations.

With encryption key management now being offered on hardware, virtualized, and cloud platforms, is it simply just a matter of preference or is one option better than another? Download this 20-minute podcast to learn more about: • Deploying encryption key management as an HSM, Cloud HSM, Virtual Appliance (VMware, Hyper-v, Xen) or in the cloud (Windows Azure, Amazon Web Services, vCloud, etc.) • Factors to consider when deciding which option is right or you • What compliance regulations say about the different options • Challenges for applications running in the cloud or virtual environments

Organizations who encrypt data in the cloud regularly report that loss of control of cryptographic keys is a top concern. Advances in encryption technology have made protected sensitive data easier than ever. However, encryption key management has remained a challenge. Organizations are now able to address this problem with the recent introduction of encryption key management in the cloud. Joining us today is Patrick Townsend, CEO of Townsend Security. We will discuss why encryption key management has been difficult for organizations who store their data in the cloud, special considerations for meeting compliance regulations, and what to look for when considering a cloud key management solution.

As more enterprises begin to outsource hosting and move confidential data to the cloud, the protection of encryption keys become the number one action that determines the true effectiveness of their encryption strategy. In this podcast, Patrick Townsend discusses the information security CIA triad (confidentiality, integrity, and availability) and how it relates to encryption key management, what compliance regulations say about managing encryption keys, and how encryption and key management arm enterprises with a strong, defense-in-depth approach to data security.

Is Your Property Management System Really Secure? According to a new report by British insurance firm WIllis Group Holdings, insurance claims for data theft worldwide jumped 56% last year, with 38% of those attacks targeting hotels, resorts, and casinos. Property Management Systems (PMS) contain a deep well of Personally Identifiable Information (PII), such as credit card numbers, phone numbers, email addresses, etc., which is often not properly secure within a PMS - leaving users at risk for a breach. Download this podcast to learn: How Property Management Systems can better secure guest data Why the hospitality industry is a target for data thieves How PMS vendors can boost their own security posture How ISVs and Solution Providers can gain additional revenue by offering stronger data security

Encryption and key management are now industry standards and work across both legacy and newer business systems, multi-platform and multi-tenant networks, remote access workstations, geographical offices, data centers, and third-party business partners. But how do you know what to take into consideration when deciding on an encryption key manager? Download this podcast to hear Joan Ross, CEO, discuss: "Must Haves" when evaluating an encryption key manager Just because data is encrypted, it doesn't necessarily mean it is safe Principles of effective encryption key management Special considerations for companies who are moving their data into the cloud

PGP encryption has become the de facto standard for securing data in motion on the IBM i. It can help businesses meet compliance regulations such as PCI DSS by encryption credit cards and other PII as it is in transit to your trading partners. In this podcast, Patrick Townsend discusses the differences between Open PGP and Commercial PGP, which version a company who faces compliance regulations should use, and how Townsend Security is helping IBM i users secure their data with PGP encryption.

Server virtualization has been a game-changing technology for IT, providing efficiencies and capabilities that have previously been impossible for organizations constrained in a physical world. Now Organizations can deploy servers in both their data centers and the cloud using virtualization technologies such as VMware. Download this podcast to hear Patrick Townsend discuss: • The benefits of virtualized encryption key management • How organizations can use virtualized servers in their data centers and the cloud • Special compliance considerations for enterprises who virtualize their infrastructure • What Townsend Security is doing to help organizations deploy virtualized encryption key management

As a data security company, we see plenty of organizations think they are doing the right things to keep their data safe, but are falling down on a few key areas. For this special podcast, Patrick Botz of Botz and Associates joins Patrick Townsend to present their top three IBM i security tips to help keep your IBM i secure and data safe.

While payment application vendors are required to certify their payment applications with PCI, compliance regulations are not set in stone and likely to change. Retail ISVs need to be aware of this, and that just because their solution was certified yesterday, their encryption and key management practices might not suffice during their next certification. Join Patrick Townsend, Founder and CEO, as he discusses: • The challenges that POS and Payment Application Vendors have with securing their customers’ data • Why meeting compliance regulations is really the low-bar for data security • How Townsend Security has re-defined what it means to partner with a security company

Data security is a huge concern for retail companies who expect their point of sale (POS) system vendors to protect their customers’ data. Although POS vendors are required to certify their POS devices with the Payment Card Industry (PCI), many still scrape by with poor encryption and key management practices in their payment applications. Join Patrick Townsend, Founder and CEO, as he discusses: • The challenges that POS vendors have with securing their customers’ data • Why meeting compliance regulations is really the low-bar for data security • How Townsend Security has re-defined what it means to partner with a security company

Until recently, password management has been a challenge for TrueCrypt encryption users. Enterprises can now encrypt sensitive data for any Windows application or folder with TrueCrypt and create cryptographically strong passwords with Alliance Key Manager, a FIPS 140-2 compliant key management HSM. In this 15-minute podcast Patrick Townsend discusses: Why an organization would use TrueCrypt encryption Meeting the challenges of managing TrueCrypt passwords What Townsend Security is doing to help organizations manage TrueCrypt passwords

With the push to make more data and business applications accessible to workers from their mobile devices, administrators have new security concerns. Security expert Patrick Botz joins us to discuss how to keep valuable data secure in the face of mobility and to offer suggestions on how to simplify this complex issue.

With IBM ending support on V5R4 of the IBM i later this year, many organizations are in the process of upgrading their systems to V7R1. In V7R1, IBM introduced support for automatic, field-level encryption in the DB2 database called FIELDPROC (short for "Field Procedures"). This allows IBM i users to now deploy encryption without making any program changes. Listen to this podcast to hear Patrick Botz, former lead security architect for IBM, and Patrick Townsend, Founder & CEO, discuss encryption, key management, and meeting compliance regulations on the IBM i.

The Department of Health and Human Services (HHS) recently released an update to its meaningful use policies about encrypting patient information. They made one thing perfectly clear – the only way to avoid the data breach notification requirement, and potential fines, is to encrypt the data. With small and mid-sized businesses increasingly the target of cyber attacks, the time to address encrypting personal health information (PHI) is now.

Sensitive data can now be automatically encrypted using Townsend Security's NIST-certified encryption libraries and developers can use cross-platform PHP to easily communicate with modern systems. Additionally, PHP can be used to transform complicated green screens into a familiar, simple user interface. For this special podcast, Eric Nies from NSC Software Solutions joins Patrick Townsend, Founder and CEO of Townsend Security, to discuss data security with PHP on the IBM i.

Meeting compliance regulations doesn't need to be complex or costly - as long as you are using the correct key management tools. Listen to this podcast to hear Patrick Townsend, Founder & CEO, discuss what compliance requirements require key management, identify the barriers to good key management, and what to look for when evaluating an encryption key manager.