CSO Magazine has a nifty little slide show of the worst data security breaches in the first half of the year. Of particular note are numbers 4, 12 and 16, all which could have prevented with the use of Cicada Security Technology
Monthly Archives: July 2012
Interesting view on two-factor authentication
Over at the WiKIDBlog, Nick and Eric ponder how secure various two-factor authentication processes really are, and how best to guarantee that they stay 100% secure
Protecting large physical assets
Over in England, the Telegraph reports on a ring of car thieves who would hack into the onboard computers of luxury cars and bug them with GPS tracking devices in order to find the best time/place combination to steal them.
Encryption – guess again
So, Android has full-disk encryption, but anyone who breaks into your Google account can remotely install apps with no confirmation. Sigh.
— Josh Triplett (@josh_triplett) July 7, 2012
And how difficult is it to break into your Google account if you leave your laptop open and lying about?
How to handle a security breach
One of the most common methods to breach data that is supposed to be kept secure is the theft or loss of the physical assets containing secure data. All too often people leave portable computers, mobile devices and the like open and accessible for just about anyone. Claudiu Popa writes a simple five-step guide on what to do if and when you suspect privacy has been is breached.
Needless to say one extremely easy method to prevent privacy breaches is the use of Cicada Security Technology on all your computing devices.
Expanding the vision of security – -The importance of gaining visibility to physical threat.
Mention physical security to an IT professional, chances are that the first thing they will think of is a laptop cable restraint device. The cable lock, an industry standard for the protection of mobile computing assets is a dumb device which often is left in the bag, and rarely if ever used, despite company policy or best practice.
This device gets little respect from both users and asset administrators, as users find it cumbersome, and admins know it provides limited protection. But what if physical security was intelligent? And its usage and security policy could be audited, and it had the intelligence to detect physical threat in real time, and were able to invoke deterrent and protective actions? The value of physical security would have a whole new set of values.
Recognizing the value intelligent physical security Cicada Security Technology Inc., A Montreal based company, developed a platform independent USB based physical security device designed to identify threat, and invoke protective actions on the host computer. Using a policy based model, the Cicada can be configured to operate non-invasively to common user work habits, and monitors multiple environmental triggers for deviations from the administrator defined thresholds. Initially devices as a means to protect assets from theft, it soon became evident that the technology had a much greater value for the protection of confidential data, and as an enabling technology for other end point security platforms.
Once triggered, the Cicada invokes user defined protective actions which can include locking the host to the operating login screen, activating a siren on both the device and the host, dismounting an encrypted volume, and in more extreme cases, brick the host, or even destroy cryptographic keys. As can be imagined, as the protective action occurs the moment the threat is detected, and any information stored on, or is accessible from the active host is instantly protected, and the possibility of exposure of confidential information is minimized.
The prospect of adding the ability to audit the presence and status of an intelligent physical security technology opens up a whole new aspect of security where usage compliance can now be validated and enforced both at the local level, as well as at the security perimeter. When connecting remotely to a trusted environment, an external device can now be validated for compliance to the prescribed security policy, including the status of the physical security on the device. Considering the value to enterprise, and environments deploying federated identity gateways, the value is truly significant.
Additional applications of intelligent physical threat detection technology can be applied to the protection of kiosk based computing platforms such as automated teller or gaming systems where in the event of physical disturbance, latent transaction data can be flushed, or crypto keys can be purged rendering the memory of these devices void of any valuable or usable data.