About Thawte

News

Experts highlight risk management tips

No business leader wants to think about a data breach. A single incident can quickly rack up costs in the form of compliance fines, lost customer trust and reduced data integrity. Brian Henchey, a partner with law firm Baker Botts, noted that investigating a potential breach can be a costly undertaking, even when no sensitive information is compromised. For this reason, Henchey suggested that it is necessary to take a proactive approach in reducing data security risk, particularly as more information moves into the cloud.

"From a business perspective, encryption theoretically reduces the value to third parties of any data compromised in a breach, thereby mitigating the associated cleanup costs," Henchey explained. "From a legal perspective, this reduced value lowers the risk to be allocated and shifts the focus to the encryption techniques to be used."

Henchey called for standardized use of encryption in cloud environments, but his advice also applies to the data that a business manages itself. For example, online payment card transactions should be protected using SSL certificates, which act as a way to authenticate identities online. Effectively guarding data as it transfers from one machine to another can be critical for avoiding compliance and regulatory fines.

PCI compliance guide
The PCI Council recently published a guide identifying common vulnerabilities and regulatory pain points. The list of vulnerabilities ranges from poorly configured firewalls to poor encryption practices. In addition to the traditional costs associated with an incident, the council's analysts noted that business operations are often disrupted as the company deals with the resulting incident investigation and possible audits. To effectively mitigate these threats, the council suggested performing a comprehensive risk evaluation to identify and prioritize security gaps. The guide identified two primary types of assessment: quantitative and qualitative.

A quantitative assessment establishes numerical values to threats. For example, business decision makers may look at past incidents or other breaches in the industry to determine a dollar amount for a potential incident. A qualitative assessment, on the other hand, uses an expert's judgement to subjectively assess the business impact of a given asset.

Once the types of risk and the threats they pose have been identified, companies can develop a better informed risk strategy. According to the PCI Council, this typically involves several common elements such as risk reduction or risk sharing. Reduction refers to the practices used to protect assets. For example, implementing an SSL certificate is an example of a risk reduction strategy. Risk sharing occurs when an organization uses policies such as cyberinsurance to spread the cost of an incident to multiple entities.

In-transit encryption can protect sensitive customer data such as credit card numbers and login information. Get your SSL certificate today to reduce the risk of many common threats.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

We have updated our Privacy Policy which can be found here.

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?