The Hot Aisle Logo
Fresh Thinking on IT Operations for 100,000 Industry Executives
« Previous: Is there a DIY approach to Green Data Centers?
Next: An Alternative to VDI and Thin Clients »
Published by Steve O'Donnell on Saturday 30th August 2008, 21:03 | Related | Filed Under

I have been catching up on press releases that have come in since I have been on holiday and picked up one from Secerno.

Perimeter application firewall requirement leaves customer data vulnerable to growing insider threat, claims database security expert

Secerno’s products are designed to protect the database by implementing a set of perimeter controls and rules that are designed to offer data protection rather than the equipment protection that firewalls provide. 

Here is the rest of the article:

Secerno, a global technology leader in data security, today issued a warning to retailers and consumers alike regarding section 6.6 of the PCI standard that takes effect on June 30th. The measures that the update requires – either installing firewalls around Internet-facing applications or having all customer application code reviewed for common vulnerabilities – are undoubtedly a useful step, forwarding any security strategy. However, Secerno argues that, with its perimeter focus, the section fails completely to provide any safety provisions against the rising and detrimental threat of insider breaches and theft of data. The insider threat covers everything from employees who have financial or other motives to obtain and sell data through to criminals who infiltrate an organisation with the sole intention of stealing information.

Retailers, which have seen consumer confidence eroded by a series of well-publicised breaches, are viewing PCI as a means to win back trust and alleviate fears of having consumer data stored internally. However, in the face of increasing insider threats, the PCI Requirement 6.6 and the overall standard remain ineffective for security. Even as a prescription for external attack prevention, PCI falls short – allowing cyber-criminals access to data that they can immediately use. The Hannaford breach is a perfect example of data being targeted and stolen specifically for fraudulent means. By the time the breach was realised, 4.2 million credit cards had been compromised, despite the supermarket chain being fully PCI compliant.

Secerno is calling on the retail industry to do the following:

  • Mandate more stringent controls at the database itself, to actually achieve what PCI intends – protect stored credit card and other consumer financial data
  • Mandate a universal definition of a data breach that works to the consumer’s benefit. The definitions and reporting requirements for data loss vary widely and many times the consumer learns about the breach months after its occurrence
  • Do not fall victim to believing in only one type of threat – and that it is external. Internal threats are on the rise, and the PCI standard does not take private networks into account

“The PCI Data Security Standard has the best intentions, but as is the case with many compliance directives, it barely addresses the most immediate and upcoming threats to consumer data,” said Paul Davie, Founder of Secerno. “PCI was historically written for ecommerce rather than general retailers where breaches have actually been taking place. It is generally inadequate for addressing the sort of internal threat that can be exploited easily, such as by general or privileged users. The standard says nothing about any malware other than viruses, it says nothing about encrypting internal data, it says nothing about protecting data on private networks and it says nothing about securing the database. Unfortunately, the internal threat is PCI’s blind spot.”

  • Share/Bookmark

Post a Response

Download Full Movie Online Bromocriptine Manderlay download movie Godzilla vs. mothra download movie See spot run download movie Postal download movie Alone in the dark download movie Naughty stewardesses download movie Young guns ii download movie free ringtones on rant free ringtones for voyager ringtones compatible with metro pcs tv theme ringtones Yôtôden download movie Triggermen download movie You and Your Stupid Mate download movie Stuey download movie The Void download movie Pit Fighter download movie Rolling Kansas download movie Crusader download movie Pavement: Slow Century download movie Big Bully download movie Red Rock West download movie Final Destination 2 download movie Lethal Weapon download movie A Bunch of Amateurs download movie Red-Headed Woman download movie Toby Tortoise Returns download movie Dough and Dynamite download movie Love. Blood. Kryptonite. download movie Lifeguard download movie Super Sucker download movie Flying By download movie Killer Diller download movie Away from Her download movie Sacrifice download movie Oscar download movie Man on the Moon download movie Twin Town download movie Bureau of Missing Persons download movie The Rookie download movie Baggage Buster download movie Bambi download movie Fired Up download movie The Russell Girl download movie Where Eagles Dare download movie Ernest Goes to Camp download movie Blood Diamond download movie Yôtôden download movie Triggermen download movie You and Your Stupid Mate download movie Stuey download movie The Void download movie Pit Fighter download movie Rolling Kansas download movie Crusader download movie Pavement: Slow Century download movie

Switch to our mobile site