Regain control of cryptographic keys in large organisations with centralised key management

This article describes from a CISO perspective how to manage and protect security assets in large organisations, i.e. the cryptographic keys and suggests adequate procedures and systems.

2/3 of organizations with public facing vulnerable to hacker attacks

The Heartbleed security vulnerability, publicised in March 2014, received an abundance of media attention as it exposed over 1 million web servers worldwide relying on OpenSSL version 1.0.1. The bug was corrected shortly after the leak with the release of OpenSSL v1.0.1g on April 7th 2014. However, estimates suggest that around 2/3 of organisations with public-facing systems are still vulnerable to the attack.

Read more

How to protect mobile banking and payment apps from malicious app attacks

We are constantly reminded by news stories how complex it can be to secure mobile banking and payments apps. A recent study has found that 11% percent of Android banking apps are suspicious, which is enough to frighten many banking app service

Read more

Signing in the Cloud

Introduction

What is driving Electronic Commerce and e-Government solutions? The answer is simple: useful applications and user-friendly yet secure solutions that can deliver operational cost savings. Smartcards, used for providing digital signatures for Electronic Commerce (EC), never caught on in any significant volume for the mere fact that there are very few smartcard readers around, which makes such solutions very expensive. However, there is an alternative

Read more

Business Requirements for Crypto Key Management - Marketplace Dynamics

We live in an information age where customers demand access to your organisations services anytime, from anywhere and via almost any medium. Invariably services are on-line and if you fail to provide them, your competitors will. The rate of change and innovation is unprecedented.

Read more

Is Your Crypto Due a Service?

Recent revelations in the press have caused industry experts to question just how much trust can be placed in existing cryptographic standards or even in certain methods of generating key material. Companies must be prepared to respond quickly and effectively to such changes in the security landscape, else they risk reputational damage and significant costs in the event of a breach.

To understand why this preparation is challenging, we should consider how cryptography is commonly deployed within a business.

Read more

Secure Mobile Transactions – Fact or Fiction? Part 2 of 2

...continued from Part 1

The threat model

Malicious mobile device hackers have a variety of goals. Foremost is monetary gain, but retribution, anarchy, curiosity and perceived public good can all be part of the motivation. The attackers can be grouped by resource levels and goals, as illustrated in table 1.

Table 1: An example of how mobile security attackers can be categorised by resources and goals.

Understanding the motivation of a hacker highlights that a good mobile security strategy must not only defend both against specific mobile threats, but also more generic threats such as reputational or ethical attacks.

Read more

Secure Mobile Transactions – Fact or Fiction? Part 1 of 2

With mobile devices being used for more credentialing based activities, the question of mobile security is becoming increasingly important. The mobile security landscape, however, is still immature, so how can service providers successfully deliver secure mobile services today?

Read more

Enabling HSM Cryptography as an Integrated Service - Part 3 of 3

An updated version of this article is available under this link.

To date the deployment of encryption services and the techniques used to achieve interoperability and technical standards have always lagged behind what businesses have actually needed, or for that matter, what regulators or certain schemes are enforcing.

Read more

Enabling HSM Cryptography as an Integrated Service - Part 2 of 3

An updated version of this article is available under this link.

Development Projects Situations     

This second decade since the Millennium is seeing a major uplift in the use of cryptography in existing and new business systems. This uplift is likely to be disproportionately greater than the actual increase in business transaction volumes.

Read more