GRT Successes

Get Adobe Flash player

 

"GRT’s methodologies for accomplishing the project goals were reflected in the way their people performed on the project, and they always produced the highest quality results"  more»

 

What is Data Masking

Data masking is the process of obscuring (masking) specific data elements that identify an individual, potentially exposing customers or employees to prevent theft or other forms of privacy invasion. It ensures that sensitive data is replaced with realistic but not real data. The goal is that sensitive customer information is not available outside of the authorized environment.  more»

 

Follow Us

        


data security, regulatory and privacy management

Compliance, Security, Data Masking, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT provides expert IT Risk Management, Data Security, Data Privacy, Data Masking and Regulatory Compliance consulting services to companies in the United States and arround the world.

data security, regulatory and privacy management

business intelligence, operational, analytic and business reporting

Business Intelligence, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT assists you in development, design and implementation of a data warehouse and business intelligence strategy that ensures common framework across the enterprise.

business intelligence, operational, analytic and business reporting

Information strategy, gap analysis, tactics, design and implementation

Data Warehouse and Business Intelligence Staffing Solutions, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT is a leader among expert staffing solutions in IT functions associated with Data Security, Business Intelligences and Data Warehouse. We help you meet your information management consulting and staffing needs.

Information strategy, gap analysis, tactics, design and implementation

When Updates are Forgotten

Submitted by WebAdmin on Thu, 05/24/2012 - 06:15

When Updates are ForgottenInternet SSL certificate issuer Globalsign got stung by the basics last year. An update was not applied to a piece of open-source software. As a result a server was hacked. The company's own certificate was compromised, along with its website and other public-facing documents. And the firm's operations were down for a week.

It could have been worse. Two different Dutch certificate websites suspended operations last year after they were breached. One had issued certificates to Netherlands government agencies. 

Globalsign was saved from a broader disaster because it kept a separation between its certificate-issuing infrastructure and its website. This was good security practice, and it paid off. But the firm was still put at risk by a slip-up in a thoroughly routine practice, applying a standard program update.

The software involved was not identified, but said to be open-source. There is no indication that the open-source nature of the software was a factor. Any software left unpatched when an update is available is at risk. A hacker with user name "Comodohacker" discovered Globalsign's vulnerability, and exploited it to bring down the firm's Web operations.

It took a week for Globalsign to resume issuing certificates, and the company said it "learned much" from the breach.

The most basic lesson – always apply updates – seems like a simple one. But all too much experience at every level shows how easily it is forgotten. Updates are an inconvenience. They show up on the developer's schedule, not ours. They take some time and work to apply, pulling us away from our own projects.

Update anyway. Don't let a moment's laziness make you vulnerable to a costly security breach.