Cryptography will be good a good solution for data breach
Abstract:
One
of the reason why TJ Maxx suffered Data Breach is lack of encryption. . It’s not enough to just specify encryption.A
data breach at TJX Cos. could have affected more than 94 million consumer
accounts, or more than double what the retailer estimated previously, a group
of banks asserted in court documents this week. The challenge for encryption
products in this environment is their ability to take this policy information
and map it to an encryption key, and enforce those policies when decryption
keys requested. Some older technologies like Public Key Infrastructure (PKI)
tend to have very fixed, high overhead policy to key mapping techniques.
TJX, which
operates more than 2,400 stores under names that include TJ Maxx, Marshalls and
A.J. Wright, disclosed in March that data from 45.7 million credit and debit
cards were stolen from its computers by hackers over 18 months. Personal
information from 451,000 customers who returned goods was also stolen in what
was already the largest data breach ever.
This shows that data is most vulnerable in storage, not
when traveling over the network. Instead, it has been stolen by malicious
employees, carelessly handled backup tapes, and, in the case of TJ Maxx,
compromised code reading data out of storage (Securitas Operandi, "For an
Interesting Account of the TJX Breach, Read Their 10-K",
Solution: From a cryptographer’s perspective, in an ideal world,
every piece of data written to a disk or tape would be encrypted. It’s not
enough to just specify encryption, though. If a user has access to a machine,
they have access to all the encrypted data on the machine, or in that machine’s
network connections. This yields a very easy to deploy encryption scheme, but
one that has very little ability to map encryption to complex access control
policies.
The challenge for encryption products in this environment is their ability to take this policy information and map it to an encryption key, and enforce those policies when decryption keys requested. Some older technologies like Public Key Infrastructure (PKI) tend to have very fixed, high overhead policy to key mapping techniques.
Reason for choosing this article: This data breach is recorded as the one of biggest data breach in year 2007. 4,51,000 customers underwent identity theft. It is not due to lost laptops, or trash. The information is vulnerable to intruders because it is not protected As a security student, I would say that Confidentiality is poor. Since it is one three components of security, I chose this article.
Reference:
http://www.reuters.com/article/companyNewsAndPR/idUSN2438304920071025