Meeting Payment Card Industry Data Security Standards (PCI-DSS) can be a complex and costly exercise for the average ecommerce merchant. What’s challenging is that there’s no one-size-fits-all approach to achieving and maintaining PCI compliance.
No one sees the need for insurance when life is going well. In fact, we often complain about paying monthly premiums on something that we’ll “never need anyway.” But once that car wreck, house fire or flood happens, we’re thankful we have the policy. Many startups view security in the same light as flood or fire insurance; it doesn’t get the same love that building an application or growing the company gets. But every day that startup founders neglect security is another day they’re exposing themselves to serious risk.
What can safe crackers and hamburgers teach us about preventing password security breaches? And what’s the difference between encryption and hashing anyway? Salting? Bcrypt? We all know that password security is very important; the fear of a password security breach keeps developers up at night, and if it happens at the wrong time it can shatter users’ confidence in your software or stunt your application’s growth. There are a lot of different ways to protect passwords, so how do we know which one to choose?
There are many options when trying to assess the security posture of your application and its hosting environment. Some choose to start from the top of the stack down and look at the application directly, while others might look at the supporting infrastructure first, including the network itself, the firewall rules, running services, and web server configurations. Regardless of the approach, enterprises must protect the integrity of their application and data by proactively identifying potential attack vectors or vulnerabilities. Certain regulation and standards even require periodic vulnerability assessments.
One of the common questions we hear from customers who are moving to the cloud is about security. Many times customers believe that security is something they have to take on by themselves or something that is automatically taken care of by a cloud provider.
This is a guest post written and contributed by Elad Yoran, CEO of Vaultive, a Rackspace Cloud Tools partner. Vaultive provides cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services.
We know that the public internet can be a scary place for servers. Log files of servers attached to public addresses show regular port scans and URL snooping and are a constant reminder that your hosts are one misconfiguration away from catastrophe.
ionGrid Nexus offers secure mobile access to corporate file repositories and reliable interaction with documents to simultaneously address the needs of enterprise end users and IT. Simple to install over corporate networks, Nexus offers comprehensive mobile document protection that ensures IT security policies and access controls are preserved at the file level and eliminates the need for costly mobile document management solutions.
This week, our Anatomy Of An Attack infographic showcased steps hackers may take to crack into your systems. The goal was to show the discovery process that an attacker goes through when looking to do something nasty. We’re not looking to spark fear, but instead to instill some common sense goals to lock down systems before attackers have a chance to penetrate them.