yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
Red Hat
The Opening of Virtualization
User Environment Management – The Third Layer of the Desktop
Cloud Computing for Business Agility
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Return on Assests: Bringing Visibility to your SOA Strategy
Managing Hybrid Endpoint Environments
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
How Can AJAX Improve Homeland Security?
Beyond Widgets: What a RIA Platform Should Offer
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
Hopefully We Will Find Out Strong Encryption or Tokenization Was in Place…
In the days and weeks ahead we’ll learn more about what safeguards Target had in place

Like millions of other Americans, I learned the other night about the massive data breach at Target. The Washington Post is reporting that sensitive details on over 40 million credit and debit cards were exposed. While the information associated with the crime is still coming out, the implications of this breach could be enormous.

Forrester's John Kindervag was quoted in the Washington Post article I read saying that "whatever money Target thought they were going to see the holiday season just got flushed down the data breach toilet." The costs they potentially face include everything from fines, reimbursement to the major card schemes (Visa, MasterCard, American Express), legal fees, system and infrastructure costs to bolster security (once they determine what went wrong) and, perhaps most significantly, brand and reputation damage that could very well impact their top line.

I spent many years of my career in the payment services space, helping major retailers deploy encryption and tokenization solutions within their online and in-store payment infrastructures to bolster security and to help achieve compliance with the Payment Card Industry Data Security Standards (PCI DSS). As a result of this work, I am keenly familiar with how far and wide these payment networks spread and how broadly the data is shared within internal and external systems (it's unbelievable where the card details show up). By deploying encryption and tokenization solutions (which "masked" the parts of the card data that would make it usable by criminals but still made it functional within corporate and cloud software systems), we were able to reduce the footprint of where this data flowed in the clear by as much as 90% (dramatically reducing the "scope" of the required compliance requirements within the PCI DSS mandates for many retailers). Some of the solutions we used actually deployed encryption at the read-head of the payment terminal in the store (right at the swipe!). Pretty advanced stuff, but it helped to deliver on an end-to-end encryption proposition that put major retailers in complete control of who could have access to the information and who could not (because they had ownership of the encryption keys).

These days I help companies with these sorts of data "control" solutions, but in an analogous space. With the adoption of the public cloud by enterprises, IT and security managers now have yet another set of "IT spaces" where sensitive data (payment card data, healthcare data, banking data, etc.) can flow. It is not just feasible to block the data from moving to the cloud in its entirety, because some of these cloud systems, like cloud-based customer support systems, need to have access to some aspects of "sensitive" data in order for users of these systems to do their jobs. So, in many ways, encryption and tokenization solutions for the cloud need to be smarter than the systems I used to work with. They need to not interfere with the operation of the cloud systems while still safeguarding the information that needs to be accessible via these systems for the enterprise. A few critical capabilities to look for include:

  • Ensure that strong, well vetted encryption and/or tokenization solutions are used (look for solutions that have been audited by accredited third parties)
  • The enterprise needs to maintain control of any and all encryption keys and/or the token vault (if tokenization is used)
  • Look for solutions that allow you to swap or change encryption modules over time (in case your organization loses faith in the integrity of one particular algorithm)
  • Make sure these encryption/tokenization solutions do not interfere with the important aspects of the cloud systems that enterprise end users depend on (such as being able to search on names, account numbers, the last 4 digits, etc.)

In the days and weeks ahead we'll learn more about what safeguards Target had in place. In the Post article, Avivah Litan from Forrester commented that Target had made significant investments in security. Let's hope (for their sake and for the sake of millions of impacted shoppers) that strong encryption/tokenization was in place and the information, although it is in the criminals hands, has been rendered useless...

Read the original blog entry...

PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit / or follow on Twitter @perspecsys.

About Gerry Grealish
Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

SOA World Latest Stories
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optim...
"We started a Master of Science in business analytics - that's the hot topic. We serve the business community around San Francisco so we educate the working professionals and this is where they all want to be," explained Judy Lee, Associate Professor and Department Chair at Golden Gate...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability...
We call it DevOps but much of the time there’s a lot more discussion about the needs and concerns of developers than there is about other groups. There’s a focus on improved and less isolated developer workflows. There are many discussions around collaboration, continuous integration a...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is founda...
"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in order to enable customers to go all the way from planning to development to testing down to release into the operations," explained Aruna Ravichandran, Vice President of Global Marketin...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers