Venafi expresses astonishment at out-dated data transfer mechanisms in use at the state of California
May 2012 by Venafi
Responding to news that the Californian Department of Social Services has switched to using secure couriers for sensitive data - after a data breach earlier in the month involving information on more than 700,000 people who provide or receive home care for the elderly and disabled - Venafi says that encrypted online transmissions are the obvious solution.
According to Jeff Hudson, CEO of the Enterprise Key and Certificate Management (EKCM) solutions specialist, the Los Angeles Times is reporting that the state is now opting for a secure courier for its payroll data transfers, rather than using regular postal services.
“This would be good news if we were still living in the latter half of the last century, but the reality today –is that sufficiently robust security technologies exist to not only allow system authentication and encrypted transmission of data, but at a far lower cost than using a courier,” he said.
“And this is before we get into the fact that secure transmissions work in real time. These advantages – as well as the general flexibility they offer - are why the world’s largest organisations leverage digital certificates and encryption keys to secure their data, as well as securely transfer data in motion between different locations,” he added.
Reports that the state is looking at secure technologies for online data transmission are an obvious step in the right direction, the Venafi CEO went on to say, but the fact that a major US state with a population of more than 37 million is still using couriers to shuffle its data around is astonishing.
It’s a bit like checking into a major hotel and finding the front office staff using telegraph machines instead of email and phones to communicate, he says, noting that the Californian incident that triggered the security alarm bells ringing stemmed from the transfer of un-encrypted microfiche tape.
One of Venafi’s major, global financial service customers made the jump to secure online transactions some 17 years ago, and deployed thousands of certificates and keys to protect the information and authenticate the systems and applications that process it. Today, says Hudson, he is pleased to report that the bank has significantly enhanced its encryption and security posture by discovering all of its sensitive data and encrypting it, without affecting the transparency of the system for the users.
Furthermore, he says, automatic certificate lifecycle management means the bank has access to the complete inventory of encryption certificates – in short, the bank knows everything about its certificates and encryption keys, and can change them quickly and easily in real time.
“If we compare this to the situation that government officials in California now find themselves in – having to use expensive and time-consuming couriers to transport their payroll data around – it is obvious that modern security technology can help the state move forward,” he said.
“Any arguments about lack of ease of use and user transparency – as well as not having access to a complete inventory of security keys – are removed through the use of advanced Enterprise Key and Certificate Management (EKCM) technology. Quite frankly I’m amazed that the state’s IT suppliers haven’t moved them on up to this leading edge technology – with all the time, convenience and cost benefits that it engenders – before,” he added.