Compliance and the Network Solutions Breach

Does it make sense that “any company operating in (Network Solutions’) business could have become a victim of this type of invasion”?

Does it make sense that “any company operating in (Network Solutions’) business could have become a victim of this type of invasion”?

By Kathryn Hughes
Product Marketing Director
Axway

A breach on Network Solutions’ servers last month may have led to the theft of 573,928 individuals’ credit card data. These individuals made purchases on Web sites hosted by the company.

The coverage doesn’t mention this specifically, but it looks like the data was lost during the transfer—perhaps intercepted and captured in transit or insecurely stored prior to sending or after receipt. A secure managed file transfer solution would protect the infrastructure from that sort of penetration.

When you’re using a comprehensive managed file transfer solution, you both exchange data securely and store it within your infrastructure securely, and that yields comprehensive, end-to-end secure data flow and storage. That’s just one benefit. Another benefit of a true managed file transfer solution is that it’s not just about the exchange of data, it’s about the auditability, the reporting, the management of data and process flow, and layered onto that, visibility, so that you can actually see where the data is at every point in the process flow or the transaction flow. You have risk alerts and monitoring and elaborate policy control around that data flow or structure.

Because, ultimately, it’s not just about moving data. Around the data movement itself, you have to secure the data in transit and at rest, and on top of that you have to have auditing, reporting and logging of the whole process flow. You need to know where your point of failure will be. Layer visibility on top of that, and now you have a console for easy management and insight into—and elaborate policy notifications in—any place there is a potential risk. You take proactive, corrective measures if something is triggered or if it’s taking longer to process than it normally would, so that you can alleviate and be ahead of the game as opposed to being caught in a breach situation.

What unauthorized code are they speaking of? Was this unauthorized code sitting on the network and sniffing the file traffic? Were they not using secure communication? Or did someone actually breach their system—physically breach their system?

That’s not clear. But if you have the data protected in transit so that it’s sent and stored securely, you’re in a true managed file transfer solution that has management and policy around it. Other people can’t add data to the system and can’t change transaction flows outside the policy guidelines or without policy triggers. If they do, then you get an alert, a warning, a message that something’s happened, and you can then be quicker to take action.

So what does this say about companies where, once they’re compliant, they feel that they’ve done their job? What does this event say about companies being concerned solely about being compliant and not being genuinely secure? Compliance is a lot of security, but it’s not everything—there are different ways of showing that you’re compliant, and different interpretations of what compliance means. So there’s some wiggle room for interpretation, and the gaps created by that wiggle room are exactly what made this happen.

What do you think? Does it make sense that “any company operating in (Network Solutions’) business could have become a victim of this type of invasion”?

(Photo by The Consumerist: http://www.flickr.com/photos/consumerist/ / CC BY 2.0)

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s