TABLE OF CONTENTS Encrypting with Secure Socket Layer (SSL)
Deploying strong authentication with one-time passwords
Using encryption
Identifying key management
Using authentication, authorization, and auditing
Implementing backup, restore, and disaster recovery
Using load balancing and high availability
Looking at network and transport database considerations
Very costly breaches continue to occur, even though enterprises worldwide are spending approximately $20 billion per year on IT security.1 In large part, this is because security efforts have mainly focused on network security rather than privacy and authentication technology.2 Securing critical data as it is being stored, transmitted, and used within the enterprise is known as privacy.
Failure to implement a privacy and authentication solution can have a disastrous effect on an organization. Public disclosure of breaches can be catastrophic to an organization s brand, market capitalization, and consumer trust. Plus, privacy and authentication legislation and the security policies of credit card issuers alike mandate disclosure of breaches, meaning organizations that try to keep a breach secret will be susceptible to civil litigation and steep fines.
The need to augment network security mechanisms with privacy and authentication solutions has never been more vital. Traditional perimeter-oriented technologies are only part of a complete security picture. The following are a few good reasons:
According to industry analysts, 75% of external-based attacks are tunneling through applications, and so go undetected by a range of traditional security mechanisms.
