Data Security Breaches: Case in Point

There are a lot of breach statistics to choose from across the web. Verizon DBIR, Ponemon, PwC ,and ITRC are just some of the surveys we’ve come across and have used as reference points for our own understanding of data security. Statistics are of course important, but reviewing actual cases helps reveal the truth behind…

Continue Reading

Boston University Selects Varonis for Data Protection

Varonis is proud to announce that it is helping Boston University bolster its data loss prevention strategy. Having initially investigated traditional DLP technologies, BU found that the majority of the solutions could only answer one aspect of DLP — where sensitive data was located — but couldn’t determine who had access to it or who…

Continue Reading

Real-time Alerting and Monitoring with Varonis DatAlert

Today we’re happy to announce Varonis Data Governance Suite 5.9 beta, which includes the launch of Varonis DatAlert.  DatAlert improves your ability to detect possible security breaches, misconfigurations, and other issues, by providing customizable alerts in real-time. With DatAlert you can: Monitor sensitive configuration files on Windows and UNIX/Linux servers Detect changes made outside of…

Continue Reading

Top 10 InfoSec People to Follow on Twitter

Twitter is an excellent place to get curated security news from the people on the ground, so to speak. Here’s my personal top 10 InfoSec people to follow on Twitter. This list will give you a really good mix–from attacking SSL to data leaks to web app security best practices–these prolific folks are full of…

Continue Reading

Big Data Best Privacy Practices, FTC-style

Did you miss the keynote address given by FTC Commissioner Ramirez at the Aspen Forum? No worries, you can find the full text here, and it will make good iPad reading while you’re at the beach. Titled “The Privacy Challenges of Big Data: A View from the Lifeguard’s Chair”, the Commissioner’s speech turned into a…

Continue Reading

Data Protection for IaaS

Running an Infrastructure as a Service (IaaS) business comes with its fair share of technical challenges: availability, multi-tenancy, redundancy, scalability, etc.  Running an IaaS for the financial services sector presents even more complexity, especially with respect to data protection. Options, global provider of IaaS for the financial services sector, has over 130 financial services clients…

Continue Reading

PCI DSS 3.0: Get With the Program

Earlier this month, the folks at the Payment Card Industry released a preview of their long awaited Data Security Standard version 3, better known as PCI DSS 3.0. In a nine-page document, the PCI standards group sketched out the high points of their proposed changes, 12 in all, that will be finalized in November. What…

Continue Reading

New PII Discovered: License Plate Pictures

After finishing up some research on personally identifiable information I thought, mistakenly, that I was familiar with the most exotic forms of PII uncovered in recent years, including zip code-birth date, movie ratings and other consumer preference information, social network relationships, and facial images. And then I came across an article in Forbes that forced…

Continue Reading

Government’s New Mobile Code of Conduct: PIIs Get Noticed

You know those short notices that pop up right before you install a mobile app? That’s the splash screen that provides some information about what functions are being accessed and, in general terms, what information is being collected from users. After studying this matter for about a year and getting input from the usual stakeholders…

Continue Reading

HIPAA’s Teeth: What happens when you’re non-compliant?

Here’s how the regulation describes the penalties: Civil penalties can reach $50,000 per violation with annual maximum of $1.5 million Criminal can include fines and up to 5 years in prison So what really happens if we fail to comply with HIPAA or suffer a data breach?  Let’s look at some real world examples: 2003…

Continue Reading