Articles

Automating Data Protection across the Enterprise

 “The DEI is the logical evolution to make data protection a ubiquitous service on the network, accessible to systems and applications through a uniform interface, with the ability to address diverse data security regulations while leveraging the cloud for business benefits.”
Published in http://www.infoq.com on Feb 07, 2013.

Analysis of the PCI DSS 3.0 Encryption and Key Management Analysis

“The Payment Card Industry (PCI) Security Standards Council recently released the Data Security Standard (DSS) version 1.2 on October 01, 2008. StrongAuth, Inc. analyzes the Encryption and Key Management requirements from the DSS and presents what covered entities must do in this white paper.”
A StrongAuth, Inc. white paper published on, August 12, 2012

Introduction to Public Key Cryptography

 “For those interested in understanding some simple mechanics of how digital certificates work, why are they necessary, and how they can protect you, a good introductory paper can be found at this link.”
Mozilla Developer Network

Visit the above-mentioned link here: Introduction to Public Key Cryptography

Regulatory Compliant Cloud Computing (RC3)

“This white paper presents an architecture for building the next generation of web applications. This architecture allows you to leverage emerging technologies such as cloud computing, cloud storage, and enterprise key management (EKM) to derive benefits such as lower costs, faster time-to-market, and immense scalability with smaller investments while proving compliance to PCI DSS, HIPAA/HITECH, and similar data security regulations. We call this Regulatory Compliant Cloud Computing, or RC3.”
A StrongAuth, Inc. white paper published on, March 15, 2011

Data Protection for Companies

“In 2003, California passed Senate Bill 1386, requiring companies to report breaches of computerized systems resulting in access to sensitive information about a California resident. With the subsequent passage of similar laws in nearly 40 other U.S. states, it is now evident that our computer infrastructure is far more porous than we previously imagined.”
 Selected as one of the best articles published by the ABA. Published in the ABA SciTech Lawyer, Volume 5 Issue 1, Summer 2008

Symmetric Key Management Systems

 “Most security professionals are familiar with symmetric key-based cryptography when presented with terms such as Data Encryption Standard (DES), Triple DES (3DES), and the Advanced Encryption Standard (AES). Some are also familiar with Public Key Infrastructure (PKI) as an enterprise-level solution for managing the life cycle of digital certificates used with asymmetric key cryptography. However, the term Symmetric Key Management System (SKMS) which refers to the discipline of securely generating, escrowing, managing, providing access to, and destroying symmetric encryption keys will almost always draw blank stares.”
Published in the ISSA Journal, February 2007

Successful PKI Implementations

 “Contrary to what you might have heard or read in the Information Technology (IT) press, companies have built Public Key Infrastructures (PKI) successfully, and use them daily to solve day-to-day business problems. What is little known, however, is the magic potion these companies used to make their PKIs successful. This paper will attempt to demystify some of that magic and provide you guidance that can help you navigate the pitfalls as you deploy your PKI.”
Published in the ISSA Journal, September 2005

Blueprint for Managing SB 1386 Compliance

 “Businesses need to address SB 1386 compliance effectively by implementing this four-part solution. This document presents an overview of what companies should address when putting their SB 1386 compliance infrastructure together.”
Published in the ISSA Journal, May 2003