FREDERICK, MARYLAND – Fornetix, Inc., an industry pioneer in enterprise encryption management technology, announces the appointment of Richard C. Schaeffer, Jr. to the company’s Board of Directors. Mr. Schaeffer is a former Senior Executive with the National Security Agency (NSA) and brings over 40 years of experience from roles throughout the defense and intelligence communities. His career includes extensive leadership, management, and technical expertise in the areas of information security and assurance, helping to safeguard many of the nation’s most critical and sensitive assets.

Thank you to Cyphre for contributing this guest post to our blog as we focus on GDPR compliance!

Now that European Union’s General Data Protection Regulation (GDPR) is set to become law, companies must establish policies and technology controls to securely store and transfer personal data of any person residing in the EU. Data that can be used to identify a person, such as physical address, IP address, and more, as well as genetic data, information about religious and political views, sexual orientation, and more must be encrypted or made anonymous. Individuals have the right to erase their personal data by withdrawing consent or when it is no longer being used for its original purpose.

Back in June, Kevin Mooney wrote an excellent piece on The Strong Case for Interoperability. Getting back to that subject matter, in perhaps not the most ideal of circumstances, we are going to talk about standards, interoperability, and transition as it pertains to resolving systemic issues. This is being driven by faults in 802.11 as described in Mathy Vanhoef’s and Frank Piessens’ paper on key reinstallation attacks released today.

Adobe's Product Security Incident Response Team (PSIRT) accidentally posted their private key to the internet allowing anyone with access to either side of a conversation with the PSIRT to be able to decrypt the messages.  The Adobe security team was quick to revoke the PGP key, but it has left people with encrypted messages to Adobe in the clear.  How did it happen?

Equifax made news recently for being the victim of a hack; their systems were compromised and data was accessed by person(s) that weren’t authorized to have it. Unfortunately, this is not an uncommon occurrence these days. Hacks happen all the time, to companies both large and small. Individual hacks aren’t really noteworthy any more. But what is particularly noteworthy about this incident is the data that was accessed: the personal (and supposed-to-be private) information of roughly half of the US population.

The Telephonic Treatment

Like most people who own one, we love our smartphones.  We love that we can use Activator to keep my phone from automatically playing music, even over Bluetooth.  We love that we can select text and move the cursor without leaving the keyboard.  We love having five icons on the dock, speeding up the OS’s animations, and running a terminal session on my phone.

What we don’t love is running an old version of the OS so we don’t lose our jailbreak, and thus, all the above features.

Patented solution covers systems and methods for encryption key management, federation, and distribution via an interconnected, orchestrated security ecosystem.

Today, HBO announced publicly that they have experienced a “cyber incident which resulted in the compromise of proprietary information.” Like many other companies, HBO also stated that “data protection is a top priority” and yet we have seen a common theme that has become more prevalent in recent years. Large companies have trouble protecting their data.

Over the past several weeks we’ve seen three newsworthy stories where sensitive information finds its way onto Amazon's S3 cloud storage service: NGA, WWE, and Verizon.

A Republican National Committee data analytics firm, Deep Root Analytics, disclosed that as many as 198 million U.S. citizens’ names, dates of birth, home addresses, phone numbers, and other identifiable information were exposed to the internet due to a database misconfiguration. Many firms are hastily moving to the cloud without fully understanding the security implications of doing so. By rolling new cloud implementations, data collection and analysis problems become simpler tasks. However, without a proper security framework around it, data is accessible to the internet and more likely to be retrieved.