BitLocker: Compliant or Practical? – Mixed Messages from Microsoft

On one hand, Microsoft says that BitLocker with pre-boot authentication (TPM + PIN) is the recommended best practice (See Here).  On the other, Microsoft admits that BitLocker with their pre-boot authentication “inconveniences users and increases IT management costs.” A mixed message for any IT pro responsible for keeping devices compliant and secure.

Read on to discover the compliance shortfalls of BitLocker and how to address them.

Are Companies Safeguarding Their Customers’ Personal Identifying Information?

As data privacy concerns and supporting regulations escalate, are companies really prepared to ensure protection of their customers’ personal identifying information (PII) and to quickly and accurately report a breach should one occur?  WinMagic recently conducted a survey of IT decision makers in the U.S., UK, France and Germany to assess their companies’ capabilities in these areas – and the findings should raise some red flags.

EU GDPR – The Final Countdown

In May 1986, a little-known Swedish band called Europe released their international breakthrough album, The Final Countdown – topping the charts in 25 countries. Thirty years later in May 2016, the European Commission released the official EU General Data Protection Regulation (GDPR) – another international breakthrough with a far greater global impact, albeit on the data privacy and protection landscape. But when legislation becomes law on May 25th 2018, will you be prepared? With just one year left, it’s the final countdown.

Data Sovereignty, Safe Harbor & General Protection Regulations

First, an explanation on the concepts in the title of this piece. Data Sovereignty is the concept that digital data and information is subject to the laws of the country in which it is located and/or created. Safe Harbor is an agreement between the USA and EU that regulated and control import, export and processing of personal data and information. And the most recent, EU General Data Protection Regulation (GDPR) is the regulation of “processing’, ownership, rights and storage of personal data and information within the 28 member EU states.

The End of Trust

Managing Information Security and Compliance in the Healthcare Industry

As discussed in a previous post, data breaches continue to be a growing concern for organizations in the healthcare industry. Health organizations are looking for a cost effective and reliable data security solution that can protect their data, ensure compliance, mitigate business risks and decrease IT administration costs. With the mobile nature of the healthcare work force coupled with the increasing popularity of Self Encryption Drives (SEDs), the need for a solution the can manage all devices in one centralized location becomes even more imperative.

It Really Can Be That Easy – Single Pane of Glass

As I mentioned in my previous blog post, I used to run a small encryption team at a large organization before I came to work for WinMagic. One of the key responsibilities we had was to generate FISMA (Federal Information Security Management Act) compliance reports for NIST SP 800-53, AC-3 and SC-13 controls. What does that mean? Essentially, these are reports that ensure key security standard requirements are met within the organization for Government regulatory purposes.