Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Storage

    Keeping the Faith

    By
    Timothy Dyck
    -
    June 9, 2003
    Share
    Facebook
    Twitter
    Linkedin

      Every time you fill out a Web form or talk to a customer service representative and provide personal data, youre taking a leap of faith.

      As a customer, you are trusting that your data will be kept in good care. Youre trusting that posted data protection and usage policies will be followed. Youre trusting that data will be protected responsibly and used for the purposes for which it was collected.

      Thats a lot of trusting. As an IT professional, you need to ask if that trust has been earned.

      Despite the steady rise in the profile of IT security, it has been only in the past year that Ive seen proper attention paid to security for data repositories. Credit card or Social Security numbers are in flight for just a click; however, they are then salted away for years by multiple organizations in environments that have a much greater risk of data loss than transmission over the Internet does. Its the insecure storage of sensitive data that is IT securitys greatest failing.

      Just last month, Wired News reported one more example of this. A security bug was discovered in Apple Computers online store that would have allowed an attacker to easily impersonate another user and then order goods or online music from the store with the users stored credit card number.

      Is it really worth the risk to keep critical customer data permanently on file? American Express Private Payments option, which lets users submit one-time transaction IDs in the place of credit card numbers, is an excellent approach. Another is to ask users to enter only a portion of a credit card number at checkout time so the entire number does not need to be stored.

      Alternatively, consider the idea of immediately encrypting each credit card record stored with the processing credit card companys public key. Sure, you cant access it, but neither can anyone else who doesnt have a need to know—only the credit card company will be able to decrypt it.

      Theres no argument from me that application and data security is not hard. What we need is a new resolve to take responsibility. If we dont, that resolve will come from the long arm of the law.

      The most aggressive legislature in the country on data protection law is that of the state of California, which is setting de facto national policy in this area. Last year, Bill SB 168 set the pace with the requirement that starting July 1, 2002, California persons or entities other than state or local government agencies could not use Social Security numbers as access mechanisms for a Web site unless in combination with a password or other authentication system.

      This year, California is again shaking the branches with SB 1386, a bill that goes into force just weeks from now on July 1. It requires any organization conducting business in California or—and this is a big “or”—storing personal information on any California resident to disclose to those customers when personal data is reasonably believed to have been compromised.

      The brand damage done by telling customers that a break-in has occurred, combined with the risk of lawsuits in case of noncompliance, add up to a powerful incentive to be serious about attack defenses and data encryption to limit damage if a break-in does occur. In addition, SB 1386 even exempts companies that have encrypted customer data from the notification requirement—one more example where this legislation makes good sense easier to cost-justify.

      Meanwhile, proposed federal legislation may introduce nationwide data protection requirements. Bill S.228, the Social Security Number Misuse Prevention Act, prevents commercial entities from collecting Social Security numbers entirely in many cases. Bill S.223, the Identity Theft Prevention Act, tackles the credit card number problem by requiring any business that accepts credit cards to include no more than the last five digits of the card number or the expiration date on an electronic transaction receipt.

      Customers and business partners depend on IT staff every day to do the right thing with their data. Dont let legislation define your security agenda. Stay ahead of the curve by protecting data like it was your own.

      Finally, as I mentioned two weeks ago in this space, Im leaving eWEEK to attend seminary and then to pursue opportunities in the nonprofit sector. Goodbye and Godspeed to you, gentle reader, in your daily pursuits.

      Timothy Dyck
      Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×