TMCnews Featured Article

Large Security Breaches Cause for Stricter Consumer Protection with Enterprise Password Management

By Susan J. Campbell, TMCnet Contributing Editor

There is always a silver lining, even when faced with a disaster. With three of the largest security breaches in history already behind us, the need for enterprise password management and even peripheral component interconnect for consumer privacy is here. 

From RSA (News - Alert) and Epsilon to Sony, the spring of 2011 proved that customers are, in fact, subject to online terrorists, according to this InfoSecurity report. Eugene Spafford at Purdue University (News - Alert) said there are more systems that collect more information into large databases, and so when breaches do occur, they are going to occur with larger numbers. 

The United States’ Federal Trade Commission (FCC (News - Alert)), as well as the United Kingdom’s Information Commissioner’s Office is investigating the recent hackings. Between April 17 and 19, Sony’s PlayStation Networks and Qriocity services were breached causing more than 100 million members to be affected. This exposed dates of birth, addresses, user names, passwords and credit card information of users, highlighting the crucial need for enterprise password management. 

After the apologies, reductions in profit margins and a stabilization of global systems, consumer confidence has to be at the forefront of business’ minds. Therefore, the mandate of PCI (News - Alert) for consumer-based data is a must. With increased enterprise password management, this sort of technological warfare will be challenged.

Chenxi Wang, vice president and senior analyst for security and risk at Forrester Research (News - Alert), suggests that hackers are moving away from stealing loads of financial data to that of personal data stores. With the heightened PCI systems and enterprise password management, Wang said that it is adding resistance to even experienced thieves.

The long term solution will most likely be an improved enterprise password management setup. Wang said she believes we will see more requirements on the technology side, and on the policy side, for ensuring the privacy and security of customer data. The regulations will take notice from PCI (News - Alert), and similar types of protection guarantees will be required for companies that handle what is deemed “private” customer data. 

There are roughly six bills that have been introduced in Congress to address this issue. In addition to current and failed bills, hearings about online privacy continue daily and the interference comes from both sides of the fence. Businesses want stiffer penalties as individual state laws and other governing bodies have proven that they provide little access or solutions to realistic goals. 

Customers, on the other hand, are demanding changes. Alisdair Faulkner, chief products officer with ThreatMetrix, recommends regulatory framework. He believes legislation tends to complicate matters and that implementing strict PCI and enterprise password management tools will tighten businesses and require further audits of consumer information.  

Susan J. Campbell is a contributing editor for TMCnet and has also written for eastbiz.com. To read more of Susan’s articles, please visit her columnist page.

Edited by Jamie Epstein