Simplexo: Firms must act on data breach reports

Data breach
10 May, 2012

Search company claims attacks against high-profile companies should encourage others to take more care with online security.

The enterprise needs to sit up and take notice of high-profile data breaches, because they are proof that firewalls and token-based authentication tools offer scant protection from internet hackers.

This is the view of Simon Bain, chief technology officer of cloud search specialist Simplexo. He said stories, like the recent Global Payments data breach, should spur firms into reviewing their IT security.

“In that case, around 1.5 million credit card details were exposed. People should be looking at that and asking themselves, ‘how do we stop that happening to us?’ But they don’t,” said Bain.

“Firms rely on firewalls and tokens for authentication, but these tools are obviously not enough, based on how many people are getting access to data these days that shouldn’t.”

Part of the problem is that many firms fail to encrypt the data stored in online databases, he claimed, which is playing directly into the hands of hackers.

To tackle this, the firm launched a software development kit this week, containing C++, .NET and PHP modules that can be used to make online database records inaccessible to people unauthorised to view them.

The product is aimed at firms in “highly-regulated” industries, particularly those in the banking sector, as well as any company with databases that are directly connected to the internet.

“Allowing unencrypted data to be held in a database is unforgiveable [because] people’s private data should be just that,” he added.

“What we’ve done [with the toolkit] is create a way for all database records to be fully encrypted while remaining searchable. This means that there are no excuses for not having the information stored in your database encrypted.”