Security Insider - Podcast Edition

State of Encryption Key Management - 2020

Mon, 13 April 2020 09:39:31 -0700

By many, encryption is considered the hardest part of data security, and key management the hardest part of encryption. As such, it is far too common to see businesses not properly storing their encryption keys - for example, keeping them in a database in the clear or even burned into their application’s code. This podcast discusses the latest trends and perspectives around encryption key management and how to better protect your data.

Download this podcast to learn about:

The current state of encryption key management

Databases/applications that natively support encryption key management

Meeting evolving compliance requirements

Key Management in IBM Cloud for VMware

Fri, 06 Dec 2019 09:39:31 -0700

Running VMware in IBM Cloud provides businesses a way to consolidate legacy infrastructures onto an automated and centrally managed, software-deﬁned data center - and quickly address current resource constraints by deploying workloads. One of the things they are doing differently is providing enhanced security with bare metal servers in a hosted private cloud with provider-managed encryption of data at rest.

Download this podcast to learn about:

Securing data in IBM Cloud for VMware

The benefits of running VMware in the Cloud

Encryption key management

SQL Server Standard Edition and TDE

Fri, 06 Dec 2019 09:35:31 -0700

Like Microsoft SQL Server Enterprise Edition users, Microsoft SQL Server 2019 Standard Edition users can now easily meet compliance (PCI DSS, GDPR, CCPA, etc.) and protect private data like customer PII and intellectual property without modifying existing applications or the database. By using the database’s Transparent Data Encryption (TDE), coupled with an encryption key manager, organizations can protect their private data at a lower cost.

Download this podcast to learn about:

Encryption and key management in SQL Server 2019

Deploying Transparent Data Encryption (TDE) along with Extensible Key Management (EKM)

Encryption key management in the cloud

Living on the Edge

Tues, 19 Nov 2019 09:35:31 -0700

As the world of edge computing becomes more distributed, billions of connected devices live on the edge, which need to be secured, managed and automated. For many businesses, this means deploying a VMware and cloud infrastructure and using VMware vSphere, for example, to encrypt private information. While it is easy enough to encrypt data on the edge, key management has proven to be somewhat of a challenge.

Download this podcast to learn about:

What is special about edge computing

Security considerations with edge computing

Compliance considerations with edge computing

MySQL Encryption & Managing Keys

Tues, 19 Nov 2019 09:35:31 -0700

MySQL is the world’s most popular open-source database and consequently stores enormous amounts of sensitive data. MySQL Enterprise Edition includes standards based encryption, along with KMIP support for key management. With the combination of these two, MySQL users can be confident that they are protecting their private data against a breach and meeting compliance requirements and security best practices.

Download this podcast to learn about:

Leveraging MySQL Enterprise encryption to protect PII and IP

Other ways that businesses can better secure their private data - including IP and customer information

California Consumer Privacy Act (CCPA) - What You Need to Know

Thu, 17 Oct 2019 15:35:31 -0700

The California Consumer Privacy Act (CCPA) is a big deal. Almost no one is ready for it, so you are not alone if you are just getting familiar with the CCPA requirements. While similar to GDPR, CCPA is quite broad and extends into areas not covered under GDPR and other regulations.

Join Patrick Townsend, Founder and CEO of Townsend Security, as he discusses the California Consumer Privacy Act (CCPA), which organizations are required to meet the law, rights granted to consumers, and what information it covers.

Download this podcast to learn about:

Which organizations are required to meet CCPA

What companies can do to better protect customer information

Data that needs protected under CCPA

Don’t Let Your Application or Database Limit Your Encryption Strategy

Thu, 19 Sep 2019 15:08:31 -0700

With the introduction of vSphere encryption in 6.5 and vSAN 6.6, it has become much easier - and cost-effective - for businesses to encrypt private data. By deploying encryption to protect sensitive workloads in VMware, using the advanced cryptographic permissions in vCenter Server organizations can protect their sensitive information in their internal applications or databases that don’t natively support transparent encryption.

Join Patrick Townsend, Founder and CEO of Townsend Security, as he talks about how to protect data in VMware’s vSphere and vSAN with encryption and key management.

Download this podcast to learn about:

Encrypting applications and databases that don't natively support encryption

Encryption performance

KMIP and encryption key management

Don’t Forget FIPS and Other Fundamental Key Management Features

Mon, 21 Jan 2019 16:01:05 -0800

Over the last several years, encryption key management has attained “essential infrastructure” status. When done properly, key management can protect encrypted data - and in the event of a data breach, can even provide a company with an exemption for a breach notification.

Download this podcast to learn about:

What enterprises should look for in an encryption key manager

The importance of standards (FIPS 140-2, PCI DSS validation, etc.)

Meeting data security compliance (PCI DSS, GDPR, HIPAA, etc.) requirements with encryption key management

KMS (Key Management Server) vs. KMS (Key Management Service)

Protecting Data with vSphere & vSAN Encryption

Thu, 20 Sep 2018 16:12:03 -0700

VMware virtualization has been a game-changing technology for IT, providing efficiencies and capabilities that have previously been impossible for organizations constrained within a traditional IT data center world. With vSphere version 6.5 and vSAN version 6.6 VMware customers now have the ability to encrypt VMware managed virtual machines and virtual disk.

Join Patrick Townsend, Founder and CEO of Townsend Security, as he talks about how to protect data in VMware with encryption and key management.

Download this podcast to learn about:
vSphere and vSAN encryption

Deploying multiple, redundant key servers as a part of the KMS Cluster configuration

Meeting compliance regulations and security best practices (PCI DSS, GDPR, etc.)

GDPR, Encryption, & Right of Erasure

Thu, 29 Mar 2018 15:59:29 -0700

The European General Data Protection Regulation (GDPR) is radically transforming the information technology space. Organizations of all sizes and types, and cloud service providers large and small, must adjust to the notion that people now fully own information about themselves.

Join Patrick Townsend, Founder and CEO of Townsend Security, as he talks about how to use encryption and key management to help meet GDPR, the right of erasure, also known as the right to be forgotten, and how to avoid bad key management practices which will result in GDPR compliance failures.

Download this podcast to learn about:

Data security requirements of GDPR
Right of erasure (also known as "the right to be forgotten")
Meeting GDPR with encryption and key management
The importance of standards and best practices

IBM i, Two Factor Authentication, and PCI DSS

Fri, 16 Feb 2018 10:39:24 -0800

PCI DSS requiress two factor authentication (also known as multifactor authentication) - something you know and something you have. For IBM i users, this usually means a password and an authentication code provided to a token or mobile device. However, tokens are expensive and are frequently lost - and SMS messages to mobile devices have become a deprecated method.

Join Patrick Townsend, Founder and CEO of Townsend Security, as he discusses the PCI recommendations, how to meet 2FA compliance requirements with a mobile based solution, and how Townsend Security is helping IBM i users meet the latest two factor authentication compliance requirements.

Download this podcast to learn about:
PCI DSS and NIST requirements for two factor authentication
Protecting critical data on the IBM i with two factor authentication
Mobile based authentication with Twilio's Authy
Introduction to Alliance Two Factor Authentication

Big Data, MongoDB, & Encryption

Tue, 23 Jan 2018 10:13:47 -0800

It is difficult to say big data without instantly thinking about MongoDB. As enterprises adopt MongoDB, they also bring security concerns with them. Depending on their business, they may have multiple government (HIPAA, GDPR, FFIEC, etc.) or business (PCI DSS, etc) security regulatory standards with which they need to comply.

Join Patrick Townsend, Founder and CEO of Townsend Security, as he talks about leveraging the WiredTiger storage engine, achieving a strong security posture with key management, and how to easily begin encrypting data in MongoDB Enterprise.

Download this podcast to learn about:

Encryption using the WiredTiger storage engine - no need to buy 3rd party encryption!
Easily generate a master encryption key and begin encrypting database keys using native command line operations
Meeting compliance requirements (PCI DSS, HIPAA, GDPR, etc.)
The importance of KMIP

Securing the IBM i in the Cloud

Fri, 11 Aug 2017 08:12:55 -0700

While the IBM i (AS/400) is considered by many to be a secure platform, it is not immune to data breaches. For this special podcast, Clayton Weise of KeyInfo joins us to discuss running the IBM i in the cloud, maintaining a strong security posture, and common questions about cloud/on-prem hybrid networks.

Download this podcast to learn about:
IBM i, security, and why customers are moving to the cloud

Improving IBM i security posture by moving to cloud

Meeting compliance requirements in the cloud

Future proofing your IBM i platform

Identify Escalated Privilege Attacks on IBM i

Tue, 27 Jun 2017 08:25:44 -0700

Cyber criminals attempt to escalate their level of privilege by stealing and using administrative credentials. Because IBM i servers are accessed from user PCs across internal and external networks, credential stealing from these exposed PCs and networks is the preferred mechanism for compromising an IBM i server.

Download this podcast to learn about:
Identifying escalated privilege attacks on the IBM i

Determining the true level of authority of a user profile

Controlling and monitoring administrative level users

Setting email alerts to include critical job and security information

Why Encryption is Critical to Fintech

Mon, 12 Jun 2017 16:06:24 -0700

The financial world is rapidly changing. Innovations in technology are impacting payments, lending, insurance, and even compliance. With huge amounts of private data being dealt with on a daily basis, data security is a top concern - and the best way to protect it is with encryption.

Download this podcast to learn about:

Encryption and key management

Meeting the various compliance requirements

Fintech in cloud environments

Advice on selecting and evaluating a fintech vendor

Encryption Requirements for Banks & Financial Services

Thu, 30 Mar 2017 15:14:46 -0700

The finance industry is increasingly being held accountable for the security, confidentiality and integrity of non-public customer information. By protecting nonpublic personal information (NPI) and personally identifiable information (PII), businesses in the banking and financial services industry can protect private information including: customer financial records, social security number, income, and account numbers. Organizations that experience a data breach where un-encrypted data is lost can suffer fines reaching into the millions of dollars, as well as face indirect costs like brand damage and customer loss.

Download this podcast to learn about:

Meeting data security compliance requirements (GLBA, FFIEC, PCI DSS, etc.)
Examples of NPI and PII that need to be encrypted
Encryption and key management
How to take advantage of the GLBA’s “safe harbor” protection for privacy notices

HIPAA Compliance, Business Associates, and Data Security

Fri, 17 Feb 2017 07:46:13 -0800

As Covered Entities take electronic Protected Health Information (ePHI) move to the cloud, they need to understand the important role of having a Business Associate Agreement (BAA) in place and how to ensure that they are meeting HIPAA compliance when ePHI is outside of their walls.

Download this podcast to learn about:
What is considered electronic Protected Health Information (ePHI)

The role of Business Associates (BA) as defined by the Department of Health and Human Services

Storing ePHI in the Cloud and meeting HIPAA compliance

Key takeaways that vendors can implement today for improved security

The Future of Security Logging on the IBM i

Tue, 10 Jan 2017 09:41:55 -0800

Active monitoring (sometimes referred to as Continuous Monitoring) is one of the most effective security controls that an organization can deploy - and can often detect a data breach before any information is lost. As the IBM i continues to evolve, so do sources of security logs. With logs being created from so many different sources, it is important to collect and monitor them in real-time to detect security events.

Download this podcast to learn about:

Current status of security logging on the IBM i

The future of log collection and monitoring

New logging sources in IBM i V7R3

Elements of an effective active monitoring strategy

IBM i 7.3 Security: New Logs to Collect and Monitor

Mon, 17 Oct 2016 13:23:15 -0700

Active monitoring (sometimes referred to as Continuous Monitoring) is a critical security control for all organizations and is one of the most effective security controls you can deploy. The large majority of security breaches occur on systems that have been compromised days, weeks, or even months before sensitive data is lost. With the release of V7R3, IBM i administrators have additional security logs to collect and monitor.

Download this podcast to learn about:
Log collection and monitoring on the IBM i

New logging sources in IBM i V7R3

System log formats and standards

Elements of an effective active monitoring strategy

Protecting Enceryption Keys in AWS

Tue, 09 Aug 2016 11:42:10 -0700

Once data is encrypted, private information depends on key management to stay safe. As enterprises move to the cloud, it is important for key management solutions to provide high-availability, centralized key management to a wide range of applications and databases.

Download this podcast to learn about:
Encryption key management options in AWS (Key Management Service, Cloud HSM, third-party options)
The different approaches to managing encryption keys
Resources available to developers and managed service providers (MSPs)
How Townsend Security is helping AWS customers protect their encryption keys with centralized key management

Encrypting Data in IBM SoftLayer

Thu, 09 Jun 2016 15:51:34 -0700

VMware and IBM's recent partnership lets customers migrate workloads back and forth between VMware-based private clouds and IBM SoftLayer. Join Patrick Townsend as he discusses what this partnership means (from a security perspective), compliance considerations, and how organizations can better secure their data in IBM SoftLayer.

Download this podcast to learn about:

Migrating your organization's VMware infrastructure to the cloud
What the IBM/VMware partnership means to end users
Challenges IBM i customers are facing regarding multi-factor authentication
How Townsend Security is helping VMware users move to the cloud

IBM i, PCI DSS 3.2, and Multi-Factor Authentication

Wed, 01 Jun 2016 16:00:11 -0700

Prior to version 3.2 of the PCI Data Security Standard (PCI DSS), remote users were required to use multi-factor authentication for access to all systems processing, transmitting, or storing credit card data. With version 3.2, this is now extended to include ALL local users performing administrative functions in the cardholder data environment (CDE).

Download this podcast to learn about:

What PCI DSS 3.2 means for IBM i administrators
Why it is harder to identifiy an administrative user on the IBM i
Challenges IBM i customers are facing regarding multi-factor authentication
How Townsend Security is helping organizations meet PCI DSS 3.2 with multi-factor authentication

FIELDPROC Encryption with Legacy RPG Applications on IBM i

Mon, 23 May 2016 15:53:56 -0700

While the IBM DB2 Field Procedures (FieldProc) facility works quite well with native SQL applications, IBM i customers with legacy RPG applications have not been able to take full advantage of FieldProc to encrypt data in DB2 tables. In particular, the encryption of database columns, which are indexes, has been very difficult for IBM i customers using legacy RPG. This results with inability to use FieldProc encryption to protect sensitive data.

Download this podcast to learn about:

How IBM i customers with legacy RPG applications can deploy automatic DB2 encryption over sensitive data which are indexes
How to leverage OAR capabilities to replace the legacy RPG file I/O with modern SQL operations
What industries will benefit the most

Securing Data in MongoDB

Fri, 06 May 2016 11:42:51 -0700

Encryption of data at rest, along with good security policies, can help businesses meet compliance regulations like PCI DSS and HIPAA, safeguard enterprise IP, and protect customer PII. While MongoDB provides a mechanism to encrypt data, it is still up to the users to manage encryption keys.

Download this podcast to learn about:

When MongoDB users would need to deploy encryption and key management
Encryption and key management best practices for MongoDB users
How MongoDB fits into the larger set of open source and commercial databases
The importance of KMIP

HIPAA, HITRUST, Security, and their Relationships

Mon, 11 Apr 2016 13:37:02 -0700

HIPAA requires covered organizations to implement technical safeguards to protect all electronic personal healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing, and monitoring of ePHI information. By knowing the relationship of HIPAA and HITRUST, covered entities and business associates can better understand their requirements for protecting ePHI.

Download this podcast to learn about:

The difference between HIPAA and HITRUST
The difference between meeting compliance and managing security risk
Protecting ePHI with encryption and key management
How Townsend Security is helping covered entities protect ePHI

Defending Data on Linux

Mon, 28 Mar 2016 16:13:00 -0700

While Linux has a reputation as being secure, it is not immune to a data breach. Security administrators and application developers need to take a data-centric approach to protecting their private information – such as their employee data, intellectual property (IP), or customers’ PII. Without the proper controls in place, business applications and information are at risk. This podcast discusses:

How developers can better secure their applications
Choosing an encryption algorithm
Encryption key management
Resources for more information

Compliance for Coders - Securing Sensitive Data

Tue, 02 Feb 2016 08:45:23 -0800

As compliance regulations evolve, developers are finding themselves tasked with modifying existing applications to implement new, better security, as well as creating new applications that need to follow security best practices.

Listen to this podcast to learn about:

Meeting compliance requirements

Writing code with a security perspective

Encrypting data

Monitoring IBM i Security Logs with IBM QRadar

Wed, 28 Oct 2015 15:10:47 -0700

Collecting real-time security events on the IBM i platform is different than other platforms - logs are stored in many different places in a proprietary IBM format. This presents a challenge for administrators who need to monitor their IBM i logs.

Download this podcast to learn about:

Real-time security event logging on the IBM i
Monitoring your most critical data with IBM Security QRadar
Meeting compliance requirements like PCI DSS, HIPAA, FFIEC, and more

How Secure is Encrypted Data in the Cloud?

Tue, 24 Mar 2015 10:11:04 -0700

As cloud storage becomes commonplace, the need to protect and encrypt data grows more important than ever. The critical question becomes, who has access to your encryption keys? Download this podcast to learn about:

Download this 20-minute podcast to learn more about:

Encrypting data in the cloud
Why encrypted data in the cloud may not be as secure as you'd think
Special considerations for managing encryption keys in the cloud

VMware and SQL Server Encryption

Fri, 05 Dec 2014 10:18:48 -0800

For SQL Server users in VMware environments, encryption and key management is easier than ever. With a ready-to-deploy OVA formatted solutions, VMware customers can launch an encryption key manager with standard VMware tools and begin securing their sensitive data in SQL Server within minutes.

Download this 20-minute podcast to learn more about:
• Encrypting data on Microsoft SQL Server in VMware environments
• Using Transparent Data Encryption (TDE), Cell Level Encryption, and Extensible Key Management (EKM)
• Encrypting data in SQL Server Enterprise and Standard editions

Protecting Data with Encryption in VMware

Fri, 05 Dec 2014 08:57:38 -0800

Every business is trying to save money and reduce complexity in their IT departments, and many are accomplishing this today by using virtual machines such as VMware. While these business's infrastructures are becoming virtual, their security threats are still very much real.

Download this 20-minute podcast to learn more about:
• Encrypting data in VMware
• Encryption performance
• Special encryption and key management concerns for VMware users

Encryption, Key Management, & GRC

Mon, 20 Oct 2014 16:40:32 -0700

Data breaches are no longer a matter of “if” but “when”. When developing a data breach response plan it is important to consider the technologies you can implement to help mitigate a data breach, or prevent one from happening altogether.

Download this 10-minute podcast to learn more about:
* Managing risk by implementing the right technologies
* What executives can learn from the latest data breaches
* Asking the right data security questions
* Encryption in the cloud

Encryption & Key Management in Amazon Web Services (AWS)

Mon, 29 Sep 2014 16:41:08 -0700

Amazon Web Services (AWS) is a deep and rich cloud platform supporting a wide variety of operating systems, services, and third-party applications. What can enterprises do to make sure their data is protected?

Download this 20-minute podcast to learn more about:
Protecting data in Amazon Web Services (AWS)
Securing data in RDS, S3, EBS, and DynamoDB
Strategies for deploying a key manager
Meeting compliance regulations

Virtualized Encryption & Key Management with VMware

Mon, 08 Sep 2014 11:44:09 -0700

Are there any special considerations for encryption and key management in VMware? This podcast discusses overcoming the challenges of encryption in VMware.
Download this 15-minute podcast to learn more about:

• Encryption and key management with VMware
• How to avoid the common "gotchas"
• The importance of certified solutions

Fundamentals of Encryption in Drupal

Tue, 26 Aug 2014 14:22:43 -0700

Developing secure websites in Drupal can be a challenge, especially when it comes to encrypting sensitive data and meeting compliance. Download this 20-minute podcast to learn more about: • Encrypting data in Drupal • What data needs to be encrypted • Encryption key management • Townsend Security's Drupal Developer program

Encryption & Key Management in AWS

Wed, 13 Aug 2014 16:26:24 -0700

While Amazon Web Services (AWS) delivers a secure, scalable cloud computing platform, organizations may be required to deploy an additional layer of security to protect the data they store in the cloud.

Download this 20-minute podcast to learn more about:
• Protecting data in Amazon Web Services (AWS)
• Best practices for deploying a key manager in the cloud
• Meeting compliance regulations

SQL Server Encryption Options

Mon, 11 Aug 2014 14:50:49 -0700

Encrypting data in Microsoft SQL Server is often difficult to understand because of the different encryption options offered.

Download this 20-minute podcast to learn more about:

• Options for encrypting data in Microsoft SQL Server - TDE, Column-• Level, and with the .NET Framework
• Managing encryption keys and using Extensible Key Management (EKM)
• Automating encryption and key management without TDE & EKM

Encryption Performance, Losing Keys, and Other Encryption Concerns

Wed, 21 May 2014 16:46:19 -0700

Expensive encryption and key management solutions, losing encryption keys, and difficult deployments are now a thing of the past.

Download this 20-minute podcast to learn more about:
• Encryption performance impacts
• Why you shouldn't worry about losing an encryption key
• How encryption and key management are now easier than ever

Securing Sensitive Data in the Drupal CMS

Thu, 23 Jan 2014 15:00:39 -0800

Drupal developers who need to protect sensitive data know that storing their encryption keys within the CMS puts their data at risk for a breach.

Users who are currently encrypting sensitive data in Drupal are storing the encryption key locally in either a file protected on the server, in the database, or in Drupal’s settings file. None of these methods meet data security best practices or compliance regulations such as PCI DSS, HIPAA/HITECH, state privacy laws, etc.

For this special podcast, Chris Teitzel, CEO of Cellar Door Media and Rick Hawkins, owner of Alchemy Web Solutions, join Patrick Townsend, CEO of Townsend Security, to talk about encrypting sensitive data in Drupal.

Encryption Key Management in Windows Azure

Thu, 16 Jan 2014 15:34:36 -0800

As organizations are moving their applications and sensitive data to Windows Azure and leaving behind the traditional data center, they are turning to virtual machines to run their IT infrastructure. Townsend Security recently release the first encryption key manager to run in Microsoft Windows Azure, solving the data security problem that has held many companies back.

- Download this podcast to hear Patrick Townsend discuss:
- Protecting data in Microsoft Windows Azure
- Best practices for deploying a key manager in the cloud
- Meeting compliance regulations

Two Factor Authentication on the IBM i

Thu, 09 Jan 2014 09:39:56 -0800

User names and passwords are no longer good enough. To protect sensitive data, businesses need another layer of security and are often turning to two factor authentication. By deploying a two factor authentication solution organizations can easily enhance their security in a cost-effective way, as well as meet compliance regulations and recommendations.

Encryption Key Management - Hardware, Virtualized, and Cloud Compared

Wed, 18 Dec 2013 11:37:38 -0800

With encryption key management now being offered on hardware, virtualized, and cloud platforms, is it simply just a matter of preference or is one option better than another?

Download this 20-minute podcast to learn more about:
• Deploying encryption key management as an HSM, Cloud HSM, Virtual Appliance (VMware, Hyper-v, Xen) or in the cloud (Windows Azure, Amazon Web Services, vCloud, etc.)
• Factors to consider when deciding which option is right or you
• What compliance regulations say about the different options
• Challenges for applications running in the cloud or virtual environments

Securing Data with Encryption Key Management in the Cloud

Mon, 28 Oct 2013 16:32:11 -0700

Organizations who encrypt data in the cloud regularly report that loss of control of cryptographic keys is a top concern. Advances in encryption technology have made protected sensitive data easier than ever. However, encryption key management has remained a challenge.

Organizations are now able to address this problem with the recent introduction of encryption key management in the cloud.

Joining us today is Patrick Townsend, CEO of Townsend Security. We will discuss why encryption key management has been difficult for organizations who store their data in the cloud, special considerations for meeting compliance regulations, and what to look for when considering a cloud key management solution.

Guidelines for Effective Encryption Key Management

Tue, 08 Oct 2013 15:47:24 -0700

As more enterprises begin to outsource hosting and move confidential data to the cloud, the protection of encryption keys become the number one action that determines the true effectiveness of their encryption strategy.

In this podcast, Patrick Townsend discusses the information security CIA triad (confidentiality, integrity, and availability) and how it relates to encryption key management, what compliance regulations say about managing encryption keys, and how encryption and key management arm enterprises with a strong, defense-in-depth approach to data security.

Gambling with Guests - The House Doesn't Win with Unsecure PII

Tue, 24 Sep 2013 11:40:06 -0700

Is Your Property Management System Really Secure?

According to a new report by British insurance firm WIllis Group Holdings, insurance claims for data theft worldwide jumped 56% last year, with 38% of those attacks targeting hotels, resorts, and casinos. Property Management Systems (PMS) contain a deep well of Personally Identifiable Information (PII), such as credit card numbers, phone numbers, email addresses, etc., which is often not properly secure within a PMS - leaving users at risk for a breach.

Download this podcast to learn:

How Property Management Systems can better secure guest data
Why the hospitality industry is a target for data thieves
How PMS vendors can boost their own security posture
How ISVs and Solution Providers can gain additional revenue by offering stronger data security

Must Haves in an Encryption Key Manager

Fri, 06 Sep 2013 16:41:48 -0700

Encryption and key management are now industry standards and work across both legacy and newer business systems, multi-platform and multi-tenant networks, remote access workstations, geographical offices, data centers, and third-party business partners. But how do you know what to take into consideration when deciding on an encryption key manager?

Download this podcast to hear Joan Ross, CEO, discuss:

"Must Haves" when evaluating an encryption key manager
Just because data is encrypted, it doesn't necessarily mean it is safe
Principles of effective encryption key management
Special considerations for companies who are moving their data into the cloud

PGP Encryption on the IBM i - Securing Data in Motion

Wed, 14 Aug 2013 10:58:49 -0700

PGP encryption has become the de facto standard for securing data in motion on the IBM i. It can help businesses meet compliance regulations such as PCI DSS by encryption credit cards and other PII as it is in transit to your trading partners.

In this podcast, Patrick Townsend discusses the differences between Open PGP and Commercial PGP, which version a company who faces compliance regulations should use, and how Townsend Security is helping IBM i users secure their data with PGP encryption.

Reducing Your IT Footprint with Virtualized Encryption Key Management

Wed, 03 Jul 2013 11:43:57 -0700

Server virtualization has been a game-changing technology for IT, providing efficiencies and capabilities that have previously been impossible for organizations constrained in a physical world. Now Organizations can deploy servers in both their data centers and the cloud using virtualization technologies such as VMware.

Download this podcast to hear Patrick Townsend discuss:
• The benefits of virtualized encryption key management
• How organizations can use virtualized servers in their data centers and the cloud
• Special compliance considerations for enterprises who virtualize their infrastructure
• What Townsend Security is doing to help organizations deploy virtualized encryption key management

Top IBM i Security Tips with Patrick Botz and Patrick Townsend

Fri, 14 Jun 2013 14:32:41 -0700

As a data security company, we see plenty of organizations think they are doing the right things to keep their data safe, but are falling down on a few key areas.

For this special podcast, Patrick Botz of Botz and Associates joins Patrick Townsend to present their top three IBM i security tips to help keep your IBM i secure and data safe.

Got Security? How Retail ISVs Can Improve Their Payment Applications

Mon, 03 Jun 2013 08:57:28 -0700

While payment application vendors are required to certify their payment applications with PCI, compliance regulations are not set in stone and likely to change. Retail ISVs need to be aware of this, and that just because their solution was certified yesterday, their encryption and key management practices might not suffice during their next certification.

Join Patrick Townsend, Founder and CEO, as he discusses:
• The challenges that POS and Payment Application Vendors have with securing their customers’ data
• Why meeting compliance regulations is really the low-bar for data security
• How Townsend Security has re-defined what it means to partner with a security company

Stepping Up Security: Easy Ways POS Vendors Can Better Protect Their Customers

Mon, 03 Jun 2013 08:39:17 -0700

Data security is a huge concern for retail companies who expect their point of sale (POS) system vendors to protect their customers’ data. Although POS vendors are required to certify their POS devices with the Payment Card Industry (PCI), many still scrape by with poor encryption and key management practices in their payment applications.

Join Patrick Townsend, Founder and CEO, as he discusses:
• The challenges that POS vendors have with securing their customers’ data
• Why meeting compliance regulations is really the low-bar for data security
• How Townsend Security has re-defined what it means to partner with a security company

Managing TrueCrypt Encryption Passwords

Mon, 20 May 2013 15:57:09 -0700

Until recently, password management has been a challenge for TrueCrypt encryption users. Enterprises can now encrypt sensitive data for any Windows application or folder with TrueCrypt and create cryptographically strong passwords with Alliance Key Manager, a FIPS 140-2 compliant key management HSM.

In this 15-minute podcast Patrick Townsend discusses:

Why an organization would use TrueCrypt encryption
Meeting the challenges of managing TrueCrypt passwords
What Townsend Security is doing to help organizations manage TrueCrypt passwords

Mobile Security – Protecting Sensitive Data

Fri, 03 May 2013 11:36:36 -0700

With the push to make more data and business applications accessible to workers from their mobile devices, administrators have new security concerns. Security expert Patrick Botz joins us to discuss how to keep valuable data secure in the face of mobility and to offer suggestions on how to simplify this complex issue.

FIELDPROC Encryption on the IBM i

Fri, 03 May 2013 08:59:01 -0700

With IBM ending support on V5R4 of the IBM i later this year, many organizations are in the process of upgrading their systems to V7R1. In V7R1, IBM introduced support for automatic, field-level encryption in the DB2 database called FIELDPROC (short for "Field Procedures"). This allows IBM i users to now deploy encryption without making any program changes.

Listen to this podcast to hear Patrick Botz, former lead security architect for IBM, and Patrick Townsend, Founder & CEO, discuss encryption, key management, and meeting compliance regulations on the IBM i.

HIPAA/HITECH Act Breach Notification Meaningful Use Update

Wed, 06 Mar 2013 11:27:25 -0800

The Department of Health and Human Services (HHS) recently released an update to its meaningful use policies about encrypting patient information. They made one thing perfectly clear – the only way to avoid the data breach notification requirement, and potential fines, is to encrypt the data. With small and mid-sized businesses increasingly the target of cyber attacks, the time to address encrypting personal health information (PHI) is now.

Extending the Life of Your IBM i with PHP

Thu, 10 Jan 2013 10:57:26 -0800

Sensitive data can now be automatically encrypted using Townsend Security's NIST-certified encryption libraries and developers can use cross-platform PHP to easily communicate with modern systems. Additionally, PHP can be used to transform complicated green screens into a familiar, simple user interface.

For this special podcast, Eric Nies from NSC Software Solutions joins Patrick Townsend, Founder and CEO of Townsend Security, to discuss data security with PHP on the IBM i.

Simplifying Encryption Key Management - Removing Complexity and Cost

Wed, 19 Dec 2012 15:13:14 -0800

Meeting compliance regulations doesn't need to be complex or costly - as long as you are using the correct key management tools.

Listen to this podcast to hear Patrick Townsend, Founder & CEO, discuss what compliance requirements require key management, identify the barriers to good key management, and what to look for when evaluating an encryption key manager.

IBM i Has Single Sign On (SSO) - You Just Have to Enable It!

Tue, 27 Nov 2012 08:52:24 -0800

Password management continues to be a challenge for all organizations - large and small. Poor management leads to insecure passwords and inconsistent policies – and these lead to more data breaches.

For this special podcast, Patrick Botz joins us to talk about Single Sign On on the IBM i and how it can be used to easily and securely manage user accounts and passwords.

File Integrity Monitoring (FIM) on the IBM i

Wed, 31 Oct 2012 13:38:06 -0700

File Integrity Monitoring (FIM) tools allow administrators to selectively monitor data access and change activity at the column or field level - without changing applications or user accounts. Join Patrick Townsend as he discusses why implementing FIM tools is a best practice and compliance requirement, how administrators are using them, and what makes the Townsend Security solution unique.

Microsoft Azure - Securing Data with Encryption and Key Management

Fri, 12 Oct 2012 13:19:56 -0700

As organizations adopt Microsoft’s Azure cloud offering, one of the top questions we hear is “How do I protect my sensitive data?”

In this podcast, Patrick Townsend discusses protecting sensitive data in Azure with encryption and key management, performance considerations, best practices for managing encryption keys, and what to look for when deciding on an encryption key management solution. Additionally, we discuss the importance of having a key management strategy that lines up with the various compliance regulations.

Higher Education Under Attack - Data Privacy 101

Fri, 24 Aug 2012 10:25:57 -0700

Recently colleges and universities have become a target for data thieves and are suffering an increased number of data breaches. This podcast discusses why these organizations are experiencing a higher level of attacks, as well as what they can do to protect themselves. Additionally, learn four things to increase your data security that you can get started with today.

Securing SharePoint with Encryption and Key Management

Mon, 20 Aug 2012 08:15:32 -0700

Do you use Microsoft SharePoint in your organization to share documents that contain sensitive information? Did you know that these documents probably fall under compliance laws and regulations?

Join Patrick Townsend as he discusses why businesses need to secure their SharePoint servers, how easy it can be, and where he sees users falling down with their data protection strategy.

Tape Encryption - Not Enough

Mon, 23 Jul 2012 08:29:21 -0700

While creating encrypted backup tapes is an excellent practice, for many organizations it is often the only time their data gets encrypted. Patrick Townsend discusses some misconceptions he is seeing around encryption and tape backups, what organizations should be doing to secure their sensitive data before it gets backed up to tape, and what compliance regulations say on when data needs to be encrypted.

How LinkedIn Could Have Avoided a Breach

Fri, 08 Jun 2012 14:17:01 -0700

LinkedIn recently experienced a data breach that exposed over 6.5 million hashed passwords. While few details have been offered about the attack itself, LinkedIn could have avoided this breach if they had proper security processes in place.

System Logging on the IBM i - How to Do it Better

Tue, 01 May 2012 10:18:30 -0700

Collecting and monitoring system logs has become a hot topic for organizations that need to meet compliance regulations. Logging on the IBM i (AS/400) is different than other platforms and something an organization should not take the “do it yourself” approach.

Protect PHI & Manage Risk - HIPAA Compliance

Thu, 19 Apr 2012 14:12:43 -0700

The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually. Fortunately, if you are protecting your Personal Health Information (PHI) with proper encryption and key management, you are exempt from a breach notification.

Learn how ow a company can achieve Safe Harbor status in the event of a breach, as well as best practices for encryption, key management, and secure system logging.

IBM i Security: Skip V6R1 and Upgrade to V7R1

Fri, 16 Mar 2012 15:42:44 -0700

IBM recently announced the end of support date for V5R4. This will prompt many IBM i shops to upgrade to a newer release - either V6R1 or V7R1. This podcast will discuss the security reasons that you should go straight to V7R1. Additionally, we will discuss how Townsend Security can help you take advantage of FIELDPROC, a new addition to V7R1 that allows companies to encrypt their sensitive data without changing their applications.

Secure Managed File Transfer on the IBM i - An Introduction

Thu, 08 Mar 2012 10:48:59 -0800

Learn what secure managed file transfer is, how it can help you meet compliance regulations, and what to look for in a secure managed file transfer solution. Additionally, we will discuss how Townsend Security can help make your managed file transfers secure with PGP encryption.

System Logging on the IBM i: Getting Started

Fri, 13 Jan 2012 09:57:35 -0800

Like other IT projects, the implementation of up-to-date logging requires careful planning. For example: systems need to be monitored and the parameters related to security and archiving need to be defined.

This podcast discusses what system logging is, how logging can help you meet compliance requirements, and what to look for in a logging solution. Additionally, learn how Townsend Security can help you transmit the logs from your IBM to any SIEM console.

IBM i FIELDPROC Performance: Speed Matters

Fri, 02 Dec 2011 09:48:33 -0800

FIELDPROC has made encryption on the IBM i much easier. It is now possible to encrypt your databases with NO APPLICATION CHANGES! The question is, what are the performance impacts?
Patrick Townsend explains why the speed of your encryption is important, what to look for when deciding on a solution, and simple tests that listeners can do to help decide which FIELDPROC encryption solution is right for them.

HIPAA, HITECH Act, & Encryption Key Management

Tue, 04 Oct 2011 14:52:07 -0700

Today's topic is HPAA and the HITECH Act, and what they say about encryption and key management. Additionally, learn how to avoid breach notifications and what Townsend Security can do to help your organization meet these compliance requirements.

Encryption Key Management and Microsoft SQL Server 2008

Fri, 01 Jul 2011 10:13:21 -0700

Learn about SQL Server 2008 EKM and what Microsoft customers should be thinking about when they consider using SQL Server EKM for encryption. Also, learn what role a Hardware Security Module or HSM plays and what to look for when selecting an encryption key management HSM.

Emerging Data Privacy Regulations

Tue, 12 Apr 2011 11:41:08 -0700

Organizations need to comply with a growing number of data privacy regulations. Patrick discusses the various regulations - such as PCI, HIPAA/HITECH, and state privacy laws - as well as how to meet the regulations and what it is like to have an audit.

Benefits of Transparent Encryption on IBM i

Wed, 06 Apr 2011 09:56:35 -0700

Transparent encryption is new to IBM i 7.1. Learn about the new FieldProc capabilities and the benefits of transparent encryption, as well as what FieldProc is and isn’t. Additionally, Patrick discusses the new security risks associated with the new FieldProc APIs and what Townsend Security is doing to help the people who have moved, or are thinking about moving to the latest IBM OS release.

Key Management for Microsoft Windows

Fri, 25 Mar 2011 08:54:27 -0700

Compliance regulations require proper key management. Learn why encryption key management is a concern for Microsoft Windows users, some of the technical challenges in using good key management, and how Townsend Security can help Microsoft partners.

Data Privacy for the Non-Technical Person

Tue, 22 Mar 2011 08:43:48 -0700

Learn what constitutes personally identifiable information (PII) and how to protect it with strong AES encryption and key management. Additionally, learn about compliance regulations and how your organization can begin to develop a security policy.

PCI DSS v2.0: Changes for Your Organization

Thu, 24 Feb 2011 09:09:39 -0800

New PCI Data Security Standards have been announced. Patrick Townsend of Townsend Security, a PCI SSC participating organization, speaks on best practices for meeting PCI compliance regulations and provides insight and commentary on the changes in compliance and enforcement.

Key Management Best Practices: What New PCI Regulations Say

Wed, 19 Jan 2011 09:11:17 -0800

The new PCI Data Security Standards (PCI DSS v2.0) are here and we’ve gotten a lot of questions about the changes related to encryption key management. Because we work with a lot of companies going through PCI compliance audits and reviews, the new standards just confirm the trends we’ve seen over the last few months on how QSA auditors and security professionals view encryption key management, and what they see as the minimum requirements for managing keys.

In this podcast, Patrick Townsend speaks on current best practices, as well as what PCI has to say about integrated key management (why it isn't a good thing), dual control, separation of duties, and split knowledge.

The Data Protection Trifecta: Tokenization, Encryption, and Key Management

Mon, 16 Aug 2010 15:44:02 -0700

Tokenization, Encryption, and Key Management are discussed and why each technology is a necessary component for a comprehensive data protection plan. Additionally, Patrick discusses why NIST certification is important, as well as what VISA has to say regarding best practices with these technologies.

Achieving Exemption from the HITECH Law

Thu, 06 May 2010 15:06:18 -0700

HIPAA and HITECH are mandating encryption of sensitive medical and personal information. But all encryption is not created equal. Find out what NIST certification is, and how it gives you safe harbor status even if you experience a major data loss.

The Many Flavors of Data Protection: Deciding What’s Right for Your IBM i Enterprise

Mon, 29 Mar 2010 14:07:49 -0700

Patrick Townsend discusses data security and the technologies available to protect your IBM i – from tokenization to various types of encryption. You’ll discover the uses for each, and which best fit your data protection strategy. Includes tips on choosing the right technology.

The Business Case for Tokenization

Tue, 29 Dec 2009 13:00:15 -0800

Tokenizing data eases compliance and saves money. In this podcast, Patrick Townsend explains how tokenization and encryption differ, and how making it part of your data security strategy decreases your chance of data loss, saves you time and hassles.

Data Tokenization: Separating Fact from Myth

Tue, 27 Oct 2009 15:51:48 -0700

Tokenization is a hot topic in data security and the payment card industry today. But there is misinformation in the marketplace. Patrick Townsend talks about what tokenization is and is not, and offers advice on how it can help you comply with data security regulations.

PCI & the Audit: What Mid-Size Companies Need to Know

Wed, 12 Aug 2009 13:33:00 -0700

Level 2 merchants are about to be put under the PCI audit microscope. Patrick Townsend gives a brief overview about what this means to your business, plus how and when to prepare for this and other pending regulatory changes.

Secure File Transfer Changes for the IBM i

Tue, 14 Jul 2009 10:26:03 -0700

A discussion of existing and new regulations that are changing the way System i users handle secure file transfer. Also includes information about solutions available to help the Enterprise meet today’s compliance challenges.

The Government's Growing Role in Data Security

Fri, 26 Jun 2009 09:02:57 -0700

More and more government agencies are getting involved in data security and encryption. NIST powers are on the rise, and more stringent state and federal legislation is driving businesses large and small to invest in data security. Find out why, and what this means to the future of data encryption.

XML in Tough Times

Wed, 03 Jun 2009 15:28:31 -0700

Townsend CEO discusses XML and web services for the IBM i. Includes case studies of Pottery Barn and Bass Pro Shops. They increased revenue & decreased costs, your Enterprise can too.

Encryption Key Management

Tue, 02 Jun 2009 09:03:32 -0700

Encryption Key ManagementEncryption key management is in the spotlight thanks to auditors and pending laws. Get key manager basics, and tips for evaluating a solution for your Enterprise.

RSA & COMMON Expo Recap

Tue, 12 May 2009 14:59:33 -0700

This interview with Patrick Townsend of Patrick Townsend Security Solutions recaps his experiences at the recent RSA and Common 2009 Expos. The podcast serves as a wrap-up of the tradeshows and highlights significant developments in data security, encryption, and key management.

Massachusetts Privacy Law - 2010

Thu, 30 Apr 2009 12:25:31 -0700

The Massachusetts Privacy law goes into effect January 1, 2010. Find out how it will affect your Enterprise and your IT infrastructure in this conversation with the President and CEO of Patrick Townsend Security Solutions.

Intro to Patrick Townsend and His Company

Thu, 30 Apr 2009 12:20:59 -0700

An introduction to Patrick Townsend Security Solutions by the company’s President & CEO Patrick Townsend. This interview covers the company’s origins, its current focus, and what's on the horizon for the data security industry.