By Mark Bower, VP, Voltage Security
Yet again, the attackers have gained access to sensitive data. The industry has to understand that incomplete approaches to protecting data that leave it exposed at some vulnerable point in its life will result in a breach. It’s merely a matter of time. Traditional defenses leave too many exploitable gaps that present an opportunity for compromise. Data breaches are unstoppable, but it’s entirely possible to neutralize their impact using new defenses that leading retailers and payment processors have already adopted successfully with the double benefit of risk and compliance cost reduction.
Today, the attackers are armed with the ability to penetrate IT architectures despite the presence of traditional perimeter defenses, monitoring, and scanning. Trying to stay ahead of the latest attack vectors is a costly arms race that’s always one step behind the attackers.
The good news is there are ways to mitigate these threats, which are setting the new standard in best practice in data security: data-centric or end-to-end protection. Attackers go after high value data. Strong data level encryption and isolated key management with the ability to retain the business use of the data in protected form provides a powerful defense against these threats.
The problem is not all encryption is created equal. Methods that merely encrypt the disk only address threats to data when the system is powered off do nothing to mitigate these kinds of advanced attacks. Retail systems and e-commerce systems are 24/7 platforms — so data is at risk after capture, in flight, in use and in active storage. Until the magnetic strip credit card system and static credit card data is replaced, which is a long way off, retail payment protection has to be about the full lifecycle of the credit and debit card data from the instant it is captured to its hand-off to the card brands.
Mark Bower is VP of Voltage Security, which delivers data-centric security software solutions to protect data across enterprise, cloud, mobile devices, and big data environments.
Bashas’ upgrades to LED lighting
DURHAM, N.C. — Bashas’, a family owned and operated supermarket retailer in the western United States, recently installed energy-efficient LED lighting from Cree, to better illuminate its Tempe, Ariz., location.
The newly renovated store features luminaires powered by Cree TrueWhite technology, delivering superior light quality that helps make products more attractive to customers, while enjoying the benefits of a quick payback and an anticipated energy savings of 47% over the store’s previous design.
“Shopping is a highly visual experience and it’s critical to showcase products in their most appetizing colors,” said Scott Murphy, construction manager for Bashas’. “When we decided to remodel the Tempe location, we initially chose fluorescent T8s and CFL downlights until we were introduced to Cree LED lighting. Cree luminaires not only deliver the best LED lighting in the industry but also provide significant energy and maintenance savings compared to outdated technologies. In the grocery store industry, it’s all about margins and Cree helped add green to our bottom line.”
Two senators ask Target CEO for more information on data breach
Washington, D.C. — Two U.S. senators have written to Target CEO Gregg Steinhafel seeking "detailed information” on the data breach that occurred during the holiday shopping season, Reuters reported.
"We ask that Target’s information-security officials provide a briefing to committee staff regarding your company’s investigation and latest findings,” John Rockefeller, chairman of the Senate Commerce Committee, and Claire McCaskill, chair of the Commerce subcommittee on consumer protection, wrote to Steinhafel.
The Democratic senators’ Jan. 10 letter to Steinhafel was released on Tuesday.
"We have received the chairmen’s letter and are continuing to work with them and other elected officials to keep them informed and updated as our investigation continues," Target spokeswoman Molly Snyder said in an email to Reuters.