Category


Latest Blogs

All Blogs »

February 23, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By David Etue, IANS Faculty

 Best Practices for Managing Keys

There is no one-size-fits-all approach to key management, and the solutions available today vary based on security and the types of keys they can manage. In this Ask-an-Expert written response, IANS Faculty David Etue assesses the current key management solution landscape and details some common pitfalls organizations face when it comes to storing and managing their keys. 

Read More »


February 16, 2017 | Cloud Access Security Brokers
By George Gerchow, IANS Faculty

 Deciphering the Dynamic CASB Marketplace

The cloud access security broker (CASB) market continues to mature. In this report, IANS Faculty George Gerchow provides an update, detailing the relevant vendors, their latest capability sets and the various deployment models available. He also offers some guidance on choosing the right CASB for your needs and cloud maturity level, as well as trends to expect in the future.

Read More »


December 13, 2016 | Encryption, Digital Signatures, Certificates, Tokenization
By Davi Ottenheimer, IANS Faculty

 Detailing Technical Considerations For Implementing Tokenization Solutions

Although the concept of tokenization in IT can be easily explained, it can be complicated to architect and deploy these tokens for safe and reliable use. In this Ask-an-Expert written response, IANS Faculty Davi Ottenheimer offers a list of technical considerations to ease the process of selecting and implementing tokenization solutions.

Read More »


November 14, 2016 | Data Classification
By Kevin Beaver, IANS Faculty

 Where, Exactly, Is Your Information?

Do you know where all of your critical data is located? Studies show that few information security pros do. In this report, IANS Faculty Kevin Beaver underscores the importance of data classification and offers tips to not only find exactly where sensitive information is located, but establish the right controls to ensure you always know where it is and that it’s secured effectively.

Read More »


October 20, 2016 | Encryption, Digital Signatures, Certificates, Tokenization
By Dave Shackleford, IANS Faculty

 Assessing Key Management Services Within AWS

There are a number of key management tools and services that organizations can use within the AWS cloud. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford breaks down some of the major players in the space, including Amazon's own key management service, HyTrust DataControl and Vault.

Read More »


August 2, 2016 | IT Asset Disposal (ITAD)
By Chris Poulin, IANS Faculty

 IT Asset Management Tools and Best Practices

IT asset management is an ongoing process that requires continual maintenance and dedicated resources. In this Ask-an-Expert written response, IANS Faculty Chris Poulin provides an overview of the tools required for building and tracking an inventory, and offers best practices for managing an organization's physical and virtual assets.

Read More »


July 18, 2016 | Encryption, Digital Signatures, Certificates, Tokenization
By Dave Shackleford, IANS Faculty

 The Death of SSL/TLS and Rise of Blockchain: Considering Future Models of Trust

Current trust models that depend on SSL/TLS and certificate authorities were fine for the client/server era, but new modes of trust are required to handle mobile/cloud/IoT. In this report, IANS Faculty Dave Shackleford examines emerging trust models and consider what this new future of trust might look like.

Read More »


June 30, 2016 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 Encrypting Data at Rest With Pre-Boot Authentication

When it comes to encrypting data at rest on a laptop or desktop, enterprises can choose to employ software-, hardware- or user-driven pre-boot authentication (PBA) methods. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details each approach and explains why using Trusted Platform Modules (TPMs) is likely the most effective strategy.

Read More »


February 19, 2016 | Encryption, Digital Signatures, Certificates, Tokenization
By Debra Farber, IANS Faculty

 Developing an Electronic Signature Policy

The use of electronic signatures is gaining steam in a number of industries, but how can organizations ensure they are not sacrificing security for ease-of-use? In this Ask-an-Expert written response, IANS Faculty Debra Farber explains the difference between e-signatures and digital signatures, and offers some best practices and sample policies.

Read More »


February 18, 2016 | Data Loss Prevention (DLP)
By Adam Ely, IANS Faculty

 Privacy and Compliance Best Practices for DLP

Balancing data loss prevention (DLP) efforts and employee privacy can be a tricky challenge for organizations to navigate. In this Ask-an-Expert written response, IANS Faculty Adam Ely explains that when implementing DLP solutions, it's critical to inform users that systems are being monitored for the sake of data protection and to fine-tune DLP policies so that any monitoring is tied to business risks and does not invade user privacy.

Read More »


January 4, 2016 | Big Data
By Dave Shackleford, IANS Faculty

 Big Data and Security: Where Do We Stand?

Big data holds promise, but how practical is it for security today? In this report, IANS Lead Faculty Dave Shackleford takes a look at what’s out there in terms of platforms, how useful big data is (or isn’t) in security and what it takes to make the most of big data analytics in a typical security organization.

Read More »


October 22, 2015 | Encryption, Digital Signatures, Certificates, Tokenization
By Gunnar Peterson, IANS Faculty

 Managing Certificates Across Multiple Platforms

Streamlining certificate management across the enterprise can be a complicated challenge when multiple platforms (including Windows, Ubuntu and Red Hat Linux) are involved. In this Ask-an-Expert written response, IANS Faculty Gunnar Peterson details the certificate management process from generation to refresh and revoke and offers specific tools for supporting this process, including Microsoft's Certificate Services, Entrust and SafeNet.

Read More »


October 20, 2015 | Authentication
By Jennifer Minella, IANS Faculty

 Using 802.1x and Certificates for Device Authentication vs. Profiling

The use of certificates and profiling technologies are two popular ways for companies to identify various devices attempting to access their network. In this Ask-an-Expert written response, IANS Faculty Jennifer Minella offers a detailed examination of the pros and cons of using 802.1x certificates for device authentication and lists some of the major technologies to watch in the space, including IEEE 802.1x, TPM and MACSec.

Read More »


August 17, 2015 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 SSL Decryption Best Practices

Today, the majority of organizations with mature information security programs have implemented SSL decryption. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the SSL decryption process, from first steps like sampling the network traffic to analyzing the data and selecting a potential vendor platform.

Read More »


August 12, 2015 | Encryption, Digital Signatures, Certificates, Tokenization
By Davi Ottenheimer, IANS Faculty

 Using Tokenization to Address Your Risk Profile

Following a significant breach, organizations have a number of possible steps they can take in an effort to prevent future incidents. In this Ask-an-Expert written response, IANS Faculty Davi Ottenheimer highlights how tokenization has become a requirement for organizations in the wake of high-profile breaches and outlines the various methods of deploying tokens to ensure primary account numbers (PANs) are protected.

Read More »


August 12, 2015 | Fraud Detection
By Gunnar Peterson, IANS Faculty

 Reducing the Risk of Fraud Stemming from Synthetic Identities

Synthetic identities pose a risk to organizations, particularly through their ability to access mobile applications. In this Ask-an-Expert written response, IANS Faculty Gunnar Peterson details the characteristics of synthetic identities and offers recommendations for reducing these risks, including through strong identity proofing, access control review and risk-based analytics.

Read More »


July 22, 2015 | Encryption, Digital Signatures, Certificates, Tokenization
By Dave Shackleford, IANS Faculty

 Sponsored Report: Encryption as an Enterprise Strategy

In the last ten years, the number of data breaches and major cases involving sensitive data exposure have grown dramatically. Starting in 2005 with the ChoicePoint breach, we’ve seen a steady increase of data breaches that have exposed payment card information, healthcare records, personally identifiable information (PII), passwords and other authentication details, and more.

Read More »


May 28, 2015 | Encryption, Digital Signatures, Certificates, Tokenization
By Dave Shackleford, IANS Faculty

 Can Encryption Be Trusted?

Provide Perimeter-less Data Protection: Encryption is never perfect, as evidenced by the string of recent high-profile vulnerabilities like Heartbleed and FREAK. In this report, IANS Lead Faculty Dave Shackleford surveys the current state of the encryption landscape and offers insight into improving encryption at the enterprise level.

Read More »


April 29, 2015 | Encryption, Digital Signatures, Certificates, Tokenization
By Ed Moyle, IANS Faculty

 Choosing a PAN Discovery Solution

Tame Compliance: In this Ask-an-Expert written response, IANS Faculty Ed Moyle examines the various approaches to primary account number (PAN) discovery as well as the pros and cons of each.

Read More »


April 24, 2015 | Encryption, Digital Signatures, Certificates, Tokenization
By Ed Moyle, IANS Faculty

 Evaluating Tokenization Vendors

Provide Perimeter-less Data Protection: In this Ask-an-Expert written response, IANS Faculty Ed Moyle offers insight into choosing an effective solution for tokenizing credit card data.

Read More »