At Endpoint Protector, we like to take on challenges. When we received more and more requests from customers for the monitoring and blocking of source code, we decided to investigate the matter further and improve on our existing detection techniques. Like any intellectual property, after all, source code is often considered sensitive data depending on the sector a business operates in.
While there are libraries available for programming languages, for them to be effective, they must have an in-depth knowledge of the way these different languages operate in order to accurately differentiate between them. This leads to complex, heavyweight databases that can severely affect the efficiency and speed of the software using them.
Knowing that N-gram-based text categorization had been successfully used to detect natural languages in text in a number of use cases, we theorized that…
Read more
Health data, due to its sensitive nature, has always been considered a special category of data and invariably falls under the jurisdiction of data protection regulations. Under the EU’s new General Data Protection Regulation (GDPR), it is explicitly classed as a special category of personal data under article 9 which requires the strict application of the regulation’s requirements. In the US, health data falls under the incidence of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), two interconnected acts which together guarantee its protection.
Regulated by the Department of Health and Human Services (HHS), HIPAA is enforced by the Office of Civil Rights (OCR), outlines the lawful use and disclosure of protected health information (PHI) and guarantees its …
Read more
Infosecurity Europe 2018 once more welcomed information security professionals from around the world at the Olympia in London between 5-7 June. Europe’s largest and most comprehensive information security event, featuring over 240 free to attend conference sessions, more than 400 exhibitors and a staggering 19,500+ visitors, Infosecurity Europe 2018 is the place to be for anyone interested in feeling the pulse of the information security sector.
This year’s event was no different: tackling the theme of building tomorrow’s cybersecurity today, it offered a mix of panels and talks on already familiar risks along with those on emerging threats. After last year’s full-blown GDPR panic, data protection policies took a backseat to more attractive if considerably more worrying topics such as nation state attacks and AI and IoT related threats.
Baroness Dido Harding kicked…
Read more
While the rise of data protection regulations such as the GDPR in Europe and HIPAA, FISMA and NIST in the US has lead to an increased awareness of the need for Data Loss Prevention tools to ensure compliance, many companies still hesitate to employ them because they fall victims to some of the common myths that plague DLP software since its infancy.
Here are the most prevalent three charges brought against DLP tools and why they are unfounded:
1. Productivity killerA myth that has persistently haunted DLP is its negative impact on productivity. It is blamed for making usually easy tasks time-consuming, thus hindering employees’ efficiency and increasing their frustrations. As all myths, this bit of misinformation started from a grain of truth: it’s a remnant of former inadequacies of first generation DLP tools which, as any new technology just being developed, was still difficult…
Read more
India’s first it-sa IT security expo and conference took place between 24-25 May 2018 at the Bombay Convention and Exhibition Centre in Mumbai and was organized by NürnbergMesse India with the support of the Indo-German Chamber of Commerce.
Prompted by the major drivers of the IT security market in India which include the expansion of its internet coverage areas, increased mobile device use and data theft as well as the rise of globalization and liberalization among others, it-sa India’s aim is to support the creation of a global expertise with a local perspective on the Indian subcontinent.
The expo showcased information security products and services from all areas of cybersecurity including research and security consulting. The conference program, powered by Deloitte, featured discussions and presentations on a series of relevant themes such as Artificial Intelligence,…
Read more
In the age of globalization and ultra-connectivity, companies are increasingly multinational: they have regional or local offices in more than one country and do business in many more. This invariably involves a lot of meetings and presentations for important clients and the visiting of niche fairs and conferences abroad. As a consequence, the work force has become more and more mobile and, due to the rise of portable devices, they can bring the office with them wherever they go.
While this level of flexibility has a positive impact on companies’ bottom lines, it can spell disaster for data security. The reason is fairly simple: security measures for data protection are often restricted to company networks and once data heads outside them, it can become vulnerable to theft and loss.
What can organizations do then to ensure that their data remains secure even when it heads outside the…
Read more
The last two weeks have been met with varying degrees of panic by companies big and small trying to finalize GDPR compliance before the new legislation’s enforcement on 25 May 2018. What feels like a million emails were sent with updated privacy policies and requests for continued subscription. But now that the dreaded deadline is here, how will companies fare in this brave new GDPR-compliant world? Let’s have a look at some of the key factors to consider.
A country by country caseAs a regulation, the GDPR is applicable across all member states without the need for each country to pass national laws. However, each member state has its own data protection laws which will need to be aligned to the GDPR.
The new regulation also contains more than 70 opening clauses which allow member countries to modify the provisions set within them to implement stricter or laxer rules than those set out …
Read more
The region’s number one information security event, Infosecurity Europe 2018, is back at the Olympia in London this June and the Endpoint Protector team wouldn’t miss it for the world. Over the years, Infosec Europe has become one of the essential stops on our DLP experts’ annual global itinerary. With the most comprehensive conference programme in the region, over 400 exhibitors showcasing their solutions and products, and 19,500+ information security professionals in attendance, how could it not be?
This year, attendants can choose from 240+ free to attend conference sessions led by industry influencers that address some of the information security sector’s biggest concerns: how to build the cybersecurity team of the future, what AI and quantum computing mean for information security, how information security can add value to digital transformation, and third-party…
Read more
The Clarifying Lawful Overseas Use of Data (CLOUD) Act was signed into law by the US President on March 23rd as part of the 2,000-page Spending Bill. The new piece of legislation addresses a controversial debate that has been raging in the US since the notorious United States v. Microsoft case, in which the tech giant refused to hand over data stored on its Irish servers to the FBI, first made headlines: can US law enforcement officials request access to data stored in another country by a company operating in the US?
CLOUD settles the argument firmly on the side of law enforcement by making it easier for them, whether they are local police or federal forces, to directly request that US tech companies hand over data regardless of where it is stored. The executive branch will also now have the power to sign executive agreements with foreign governments that want access to data stored in the US, all…
Read more
As we enter the home stretch towards the enforcement of the EU’s General Data Protection Regulation (GDPR), with only three weeks to go until 25 May 2018, we take a closer look at one of the key requirements of the new legislation: Data Protection Impact Assessments (DPIAs).
Meant to help companies identify, assess and minimize the data protection risks of projects, DPIAs are not necessarily a new idea. A similar concept, Privacy Impact Assessments (PIAs), have been widely considered to be valuable tools for companies looking to reduce risks resulting from their data processing activities. However, because of the lack of an industry-wide agreement on how these should be conducted, companies have often found themselves at a loss when it came to carrying them out.
Through DPIAs, the GDPR has now made assessments mandatory by law in the case of processing activities which may result…
Read more