PCI Goes Global

If ever there was doubt that PCI DSS has global implications, two press releases from India and a job posting from the Kingdon that popped up this week should cast that doubt aside.

The press releases from Avenues and Amtex highlight the importance that international companies have correctly placed in complying with the PCI DSS.  Both press releases send a clear message to customers that these companies take customer credit card data security seriously.

A bank in Saudi Arabia is also looking for PCI Project Manager - a move that Dark Matters applauds but which begs two questions.

1) Is 6 months long enough?  Anyone in the financial community that has gone through a PCI audit and taken it seriously knows that this is a multi year process, depending on your starting point.

2) What happens after the audit is complete?  PCI is not a "one and done" type of standard, it has already been updated twice and frequent penetration testing and system scans are part of PCI requirements.  To quote Bill Brenner of CSO Online, "the task is never finished."

Take it seriously, make it a full time gig.

Land of Confusion

Check out the back and forth on this post about PCI compliance, which we found on the blog of Dr. Anton Chuvakin, who just recently became the Director of PCI Compliance Solutions at Qualys.

While the bit about the merchant not knowing the difference between a firewall and a fire extinguisher is funny, the article does make a serious point about how most PCI solutions are aimed at bigger companies and how this industry needs to be more inclusive and responsive to the needs of the small and e-commerce type businesses.

We understand the pain - Dark Matter's first customer was a small e-commerce business that needed an encryption device that fit the size of their company and the size of their wallet.  It forced us to design a device with an e-commerce company in mind and created a new type of encryption device for the PCI space.

Mr Canadiana

Congratulations to Scott Gregory of Amazon.com, who was the winner of our big basket of Canadiana.  Scott, we hope that you will think of your friends on the Dark Matter team here in Victoria as you gaze across the Strait of Juan de Fuca - and sip that Canadian beer.

New Friends from the Secure World Show

Thanks to everyone who came by the booth to chat about Dark Matter Labs' JANA encyrption device.  We had a great time and look forward to working with all of you soon.  

PCI Panel at Secure World Seattle

Dark Matter's Jeff MacMillan joined Trustwave, Anitian and Astaro on a panel exploring how CIO's can leverage PCI compliance to improve their overall information security policy and structure.

Secure World Expo runs in Bellevue, WA until October 30th.

The Long Line Begins Here...

While this vulnerability seems to be the source of much discussion and concern, it is really just another in a long line of regularly occurring security threats. The true nature of network security, regardless of the platform or operating system used, is that there will always be vulnerabilities, particularly as technology keeps changing faster than most can adapt.

While it is vitally important that businesses strive to maintain numerous layers of up-to-date network security, there has never been a greater need to concurrently protect your confidential data at the source using strong encryption. Although the goal is to avoid data loss in the first place, it is now crucial to employ encryption in order to know that should the data lost or stolen, it is still secure and unusable.

Historically, data encryption has been considered an optional last line of defense. Given the uncertainty of network security strategies and the sophistication of cyber-criminals, Dark Matter Labs believes we've reached the day where strong data encryption is actually the first true line of defense.

Your Wired Keyboard is a Security Threat

Most security officers know better than to use wireless keyboards around the office, although for some reason there are still many out there. Now we are hearing that today's off-the-shelf snooping equipment is sufficient to "listen" in on EM radiations from wired keyboards from 20 feet away. This was bound to happen in the mainstream sooner or later. Some government and military agencies have been taking precautions for this threat, as well as CRT monitor radiations for several years now.

Although it is likely that these types of attacks are still a ways off from being highly effective, one can say that this increases the risk of user passwords being compromised. This further strengthens the need for data encryption as new ways to steal data continue to appear. Dark Matter believes that encryption devices should allow multiple users to seed the passwords for any given data field, and be able to do so from separate locations thus defeating anyone's ability to remotely 'listen' in as they type in their encryption keys.