Articles

 

Automating Data Protection Across the Enterprise

The DEI is the logical evolution to make data-protection an ubiquitous service on the network, accessible to systems and applications through a uniform interface, with the ability to address diverse data-security regulations while leveraging the cloud for business benefits.

Published in http://www.infoq.com on Feb 07, 2013


Analysis of the PCI-DSS 3.0 Encryption & Key Management Analysis

The Payment Card Industry (PCI) Security Standards Council recently released the Data Security Standard (DSS) version 1.2 on October 01, 2008. StrongAuth, Inc. analyzes the Encryption and Key Management requirements from the DSS and presents what covered entities must do in this white-paper.

A StrongAuth, Inc. White-Paper published on, August 12, 2012


Introduction to Public Key Cryptography

For those interested in understanding some simple mechanics of how digital certificates work, why are they necessary and how they can protect you, a good introductory paper can be found at this link.

Mozilla Developer Network


Regulatory Compliant Cloud Computing (RC3)

This white-paper presents an architecture for building the next generation of web-applications. This architecture allows you to leverage emerging technologies such as cloud-computing, cloud-storage and enterprise key-management (EKM) to derive benefits such as lower costs, faster time-to-market and immense scalability with smaller investments – while proving compliance to PCI-DSS, HIPAA/HITECH and similar data-security regulations. We call this Regulatory Compliant Cloud Computing, or RC3.

A StrongAuth, Inc. White-Paper published on, March 15, 2011


Data Protection for Companies

In 2003, California passed Senate Bill 386, requiring companies to report reaches of computerized systems resulting in access to sensitive information about a California resident. With the subsequent assage of similar laws in nearly 40 other U.S. states, it is now evident that our computer infrastructure is far more porous than we previously imagined. Selected as one of The Best Articles Published by the ABA

Published in the ABA SciTech Lawyer, Volume 5 Issue 1, Summer 2008


Symmetric Key Management Systems

Most security professionals are familiar with symmetric key-based cryptography when presented with terms such as Data Encryption Standard (DES), Triple DES (3DES) and the Advanced Encryption Standard (AES). Some are also familiar with Public Key Infrastructure (PKI) as an enterprise-level solution for managing the life-cycle of digital certificates used with asymmetric-key cryptography. However, the term Symmetric Key Management System (SKMS) – which refers to the discipline of securely generating, escrowing, managing, providing access to, and destroying symmetric encryption keys – will almost always draw blank stares.

Published in the ISSA Journal, February 2007


Successful PKI implementations

Contrary to what you might have heard, or read in the Information Technology (IT) press, companies have built Public Key Infrastructures (PKI) successfully, and use them daily to solve day-to-day business problems. What is little known, however, is the magic potion these companies used to make their PKIs successful. This paper will attempt to demystify some of that magic and provide you guidance that can help you navigate the pitfalls as you deploy your PKI.

Published in the ISSA Journal, September 2005


Blueprint for managing SB 1386 compliance

Businesses need to address SB 1386 compliance effectively by implementing this four-part solution. This document presents an overview of what companies need to address, when putting their SB 1386 compliance infrastructure together.

Published in the ISSA Journal, May 2003