News release :2012-08-26 15:27:30 Source: Frost & Sullivan
ID Control, specialist in strong authentication and One Time Passwords (OTP) has been added to the Frost & Sullivan analyses of the worldwide OTP market as a market contender.
ID Control differentiates itself from the market by offering one platform with a wide range of authentication and OTP solutions and enabling their customers to choose which solution suits their personal requirements.
The platform consists of hard- and software solutions such as:
Hardware: USB Token based OTP with PKI, OTP hardware keys, credit card sized OTP keys.
Software: SMS OTP (MessageID), OTP mobile app (HandyID), ID Control gives its customers the option to send OTPs via an encrypted email message through its MailID product. Before entering the internet bank, a MaillD PDF with an OTP inside which is PIN protected is sent to the user’s email address This avoids the cost associated with hardware and SMS OTP’s
Attractive pricing. By offering their products either in an on-premise model or a monthly / yearly subscription model ID Control is able to serve every company or organisation a solution for their security needs no matter what the budget is.
ID Control has a strong focus in the financial vertical but also develops their solutions to be user-friendly for all vertical types.
News release: 25 October 2012 Source: ICO.gov.uk
The Information Commissioner’s Office (ICO) is reminding organisations that sensitive personal information should be encrypted when being stored and sent electronically.
The news comes as Stoke-on-Trent City Council receives a monetary penalty of £120,000 following a serious breach of the Data Protection Act that led to sensitive information about a child protection legal case being emailed to the wrong person.
Stephen Eckersley, Head of Enforcement at the ICO, said:
“If this data had been encrypted then the information would have stayed secure. Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure.
“It is particularly worrying that a breach in 2010 highlighted similar concerns around encryption at the authority, but the issue was not properly resolved.
“The council has now introduced new measures to improve the security of information sent electronically, as well as signing a legal notice to improve the data protection training provided to their staff. This should limit the chances of further personal information being lost.”
The breach happened on 14 December 2011 when 11 emails were sent by a solicitor at the authority to the wrong address. The emails included highly sensitive information relating to the care of a child and further information about the health of two adults and two other children. The emails should have been sent to Counsel instructed on a child protection case.
While the authority was able to establish that the email address used was valid, the recipient failed to respond when asked to delete the emails.
The ICO’s investigation found the solicitor was in breach of the council’s own guidance which confirmed that sensitive data should be sent over a secure network or encrypted. However, the council had failed to provide the legal department with encryption software and knew that the team had to send emails to unsecure networks. The council also provided no relevant training.
When reaching today’s decision, the ICO also took account of the undertaking previously signed by the authority in early 2010. During this incident sensitive data relating to a childcare case was lost after being stored on an unencrypted memory stick. At the time the council agreed to introduce improvements to keep people’s data secure, including the introduction of encryption for portable devices used to store personal data.
By Kenneth Corbin
September 19, 2012 10:12 AM ET
CIO - In response to a White House mandate, the agencies and departments of the federal government are gradually moving their IT operations to the cloud in a shift that could save billions of dollars, while also raising serious security concerns.
In a new survey of federal IT managers, MeriTalk, an online community dedicated to government technology, charted the progress of agencies that have been shifting "mission-critical" applications to the cloud.
Read more: Cloud Will Save U.S. Government Billions, But Security Concerns Persist
Respondents flagged security as a chief area of concern in migrating to the cloud, with 73 percent indicating that issues such as data vulnerabilities and threat vectors are a primary barrier in shifting mission-critical apps to the cloud.
Perhaps it follows then that the largest proportion of the study participants said that they prefer a private cloud over a hybrid or public model. Thirty-eight percent of the respondents told MeriTalk that they have shifted a mission-critical application to a private cloud, compared to just 11 percent who have made a similar move to a hybrid cloud and 10 percent who have engaged with a public cloud.
“Online banking fraud losses totalled £21.6 million during January to June 2012 – a 28 per cent increase on the 2011 half-year figure. This has been driven by a huge increase in the number of phishing websites set up by criminals as part of a scam to trick customers into visiting these fake websites and disclosing their online banking login details. Losses in this area also reflect the trend in card fraud, with deception scams resulting in increases. Online banking customers are being tricked into divulging their online login details and passwords over the phone to someone they believe is from their bank but is actually a fraudster.”
The complete UK Cards Association report can be found here.
Passwords aren't working, and replacement technologies haven't caught on. Why can't we develop a simple way to secure our data?
By Howard Baldwin
August 15, 2012 06:00 AM ET
Computerworld - Passwords weren't the only fail in last week's widely publicized "epic hack" of tech journalist Mat Honan -- Amazon, Apple and, to a lesser extent, Google and Honan himself share the blame.
But passwords played a part in the perfect storm of user, service provider and technology failures that wiped out Honan's entire digital life. As he concluded in his account of the hack, "Password-based security mechanisms -- which can be cracked, reset and socially engineered -- no longer suffice in the era of cloud computing."
The essential problem is this: The more complex a password is, the harder it is to guess, and the more secure it is. But the more complex a password is, the more likely it is to be written down, shared or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.