Upload
ginney-mcadams
View
1.194
Download
2
Embed Size (px)
DESCRIPTION
Citation preview
You Never Know Who Is Listening: Securing Call Center Recordings & Personally Identifiable Information (PII)
Agenda• What threats exist today that
jeopardize the security of call center recordings
• Best practice strategies for taking an encryption approach to security and compliance
• Technologies that offset threats and meet compliance by securing call center recordings and PII
What threats exist today that jeopardize the security of call center recordings
Ginney McAdamsVice President of Business Development
TantaComm
2008 Data Breaches SoarITRC Reports 47% Increase over 2007
2008 - # of Breaches 2008 2007 2006
Business 240 36.6% 28.9% 21%
Educational 131 20% 24.8% 28%
Government/Military 110 16.8% 24.6% 30%
According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use.
Posted 1/5/09 on idthreatcenter.org
2008 Data Breaches SoarITRC Reports 47% Increase over 2007
For 2008 Financial Business Education Gvt/Military Medical
Insider Theft 2.4% 5.6% 1.8% 3.4% 2.4%
Hacking 3.5% 6.1% 2.7% 0.8% 0.8%
Data on the Move 1.7% 7.3% 3% 4.3% 4.4%
Threats that Exist today• Data Breach ThreatsData Breach Threats
– Inadequate Security Precautions and Policies– Identity Theft– Stolen hardware – Stolen credit cards– Inadequate deletion of Customer Data
• Laptop• Desktop• Cell Phone
– Physical Data Management• Access to data (electronic and paper)
Best practice strategies for taking an encryption approach to security and compliance
Trisha Paine
Board of Directors
PCI Security Alliance
8
Sustainable ComplianceObjectives and Requirements
To achieve sustainable To achieve sustainable compliance you compliance you must:must:
• Reduce the costs and complexity of regulatory compliance
• Control information access and enhance security
• Provide a foundation for quickly adapting to business and regulatory compliance changes
• Understand what data is most sensitive to your business
• Know where your sensitive data resides
• Understand the origin and nature of your risks
• Implement the appropriate controls based on policy, risk, and location of sensitive data
• Manage security centrally
• Audit security to constantly improve
ObjectivesObjectives RequirementsRequirements
9
• Complexity of regulatory environment
• Increased storage of sensitive data
• Data loss threats are on the rise
• Growing need to share more sensitive data with external users
• Encrypt sensitive data
• Mitigate risk through policy-based remediation and enforcement
• Deploy enterprise encryption and tailored key management capabilities
IssuesIssues SolutionsSolutions
Sustainable ComplianceFactors and Challenges
10
Sustainable Compliance Resulting Benefits
Reduce costs of compliance audits by *25%
Centrally manage policy and reporting
Reduce redundancy by standardizing on common set of security controls
Reduce system complexity through control consolidation
Rapidly comply with new mandates
Reduce training costs
*Based on an analysis by C&H that compared audit effort using traditional controls, against audit effort using SafeNet EDP components
11
Assess risksAssess risks Classify critical assets based on business impact Perform on-going Risk Assessments to identify threats and vulnerabilities Implement controls based on policy and standards
Monitor and adjust controlsMonitor and adjust controls Perform ongoing monitoring of controls Analyze and mitigate threats Identify and correct vulnerabilities Adjust controls based on changing business needs
Communicate Communicate Provide reports and metrics to key stakeholders Verify and validate controls are in place and performing
Best Practices Bottom Line
Technologies that offset threats and meet compliance by securing call center recordings and PII
Ginney McAdamsVice President of Business Development
TantaComm
Securing your Recordings• Solution OverviewSolution Overview
– End-to-end media encryption– Data is encrypted as it’s being recorded– Employs Symmetric keys. Keys use industry AES
(Advanced Encryption Standard) 256 bit strong encryption.
– Media is kept encrypted while in transit over your network.
– Secure playback software is used to decrypt & play files.– Key management appliance is fully redundant – Solution is HIGHLY scalable. One Key management
appliance is capable of handling 12,000 requests. Software is easily added to our recording servers.
Securing your Recordings
Securing your Recordings
Our solution assists you in meeting your PCI & PII security standards and
regulations.
Technologies that offset threats and meet compliance by securing call center recordings and PII
Andrew DillonDirector of Product Management
SafeNet, Inc.
DataSecure and Enterprise Data ProtectionAn Integrated Suite of Data-Centric Security Solutions
to Protect Data and Achieve Compliance
Remote Location
Data Center
Databases
SafeNetDataSecure
Mainframe
SafeNet ProtectDriveSafeNet ProtectFile
SafeNet Authentication
SafeNet ProtectDB
SafeNet DataSecure
Toolkit
SafeNet DataSecure
Toolkit
SafeNetEdgeSecure
File Servers Application and Web Servers
SafeNetProtectFile
Laptop/Mobile Handset
Why DataSecure?
18
SecureSecure Hardware-based, centralized key and policy management FIPS/CC certified Granular access privileges and separation of duties
FastFast High performance encryption offload, over 100k TPS Batch processing for massive amounts of data
FlexibleFlexible Support for heterogeneous environments (app, db, file) Support for open standards and APIs
SimpleSimple Intuitive administration Centralized policy creation and enforcement Granular logging/auditing
Questions?
Thank You
Trisha PainePCI Security Alliance
For more information:
Ginney McAdamsVice President, [email protected]
Andrew DillonProduct Manager, SafeNet