Baffle CEO Ameesh Divatia talks with John Furrier of theCUBE at the AWS re:Inforce 2022 Security Conference for Amazon Web Services. Since compliance is driving data owners to adopt data-centric protection measures, security should be incorporated into data pipelines.

John Furrier:

Welcome back everyone in live coverage here, theCUBE, Boston, Massachusetts for AWS reInforce 2022 Security Conference for Amazon Web Services. Im John Furrier, host with a great guest Ameesh Divatia, co-founder and CEO of Baffle. You guys are hot right now, but youre in an area thats going to explode, we believe. The super cloud is here. Weve been covering that on theCUBE, that people are building on top of the Amazon hyperscalers and without the CAPEX theyre building platforms. The application tsunami has come and still coming, its not stopping. Modern applications are faster, theyre better and theyre driving a lot of change under the covers. And youre seeing structural change happening in real time and in ops, and the network. You guys got something going on in the encryption area, data. Talk about what you guys do.

Ameesh Divatia:

We believe very strongly that the next frontier in security is data. Weve had multiple waves in security. The next one is data because data is really where the threats will persist. If the data shows up in the wrong place, you get into a lot of trouble with compliance. So, we believe in protecting the data all the way down at the field or record level.

John Furrier:

And you guys doing all kinds of encryption or other things?

Ameesh Divatia:

Yes. we do data transformation, which encompasses three different things. It can be tokenization, which is format preserving. We do real encryption with counter mode, or we can do masked views. So tokenization, encryption and masking all with the same platform.

John Furrier:

So, pretty wide ranging capabilities with respect to having that kind of safety?

Ameesh Divatia:

Yes. Because it all depends on how the data is used down the road. Data is created all the time. Data flows through pipelines all the time. You want to make sure that you protect the data, but dont lose the utility of the data. Thats why we provide all that flexibility.

John Furrier:

So, Kurt was on stage today on one of the keynotes. Hes the VP of the platform at AWS, he was talking about encrypt everything. He said we need to rethink it encryption. Good job, we like that. But then he said, we have encryption at rest.

John Furrier:

Thats kind of been there, done that.

Ameesh Divatia:

Yes-

John Furrier:

And in flight.

Ameesh Divatia:

Yeah, thats been there.

John Furrier:

But what about in use?

Ameesh Divatia:

So, thats exactly what we plug. What happens right now is that data at rest is protected because of disks that are already self encrypting, or you have transparent data encryption that comes native with the database. You have data in flight that is protected because of SSL, but when the data is actually being processed, its in the memory of the database or data store, it is exposed. So, the threat is if the credentials of the database are compromised as happened back then with Starwood, or if the cloud infrastructure is compromised with some sort of an insider threat like a CapitalOne, that data is exposed. Thats precisely what we solve by making sure that the data is protected as soon as its created. We use standard encryption algorithms, AES, and we either do format preserving or through encryption with counter mode and that data it doesnt really matter where it ends up because its always protected.

John Furrier:

Well, thats awesome. And I think this brings up the point that we want been covering on SiliconANGLE in theCUBE, is that theres been structural change thats happened called cloud computing and then hybrid. Scale, role of data, higher level abstraction of services, developers are in charge, value creation, startups and big companies. That success is causing now a new structural change happening now. This is one of them. What areas do you see that are happening right now that are structurally changing thats right in front of us? One is more cloud native so the success has become now the problem to solve, to get to the next level. So what are some of those?

Ameesh Divatia:

What we see is that instead of security being an afterthought something that you use as a watchdog you create ways of monitoring where data is being exposed or data is being exfiltrated, you want to build security into the data pipeline itself. As soon as data is created, you identify what is sensitive data and you encrypt it or tokenize it as it flows into the pipeline using things like Kafka plugins or what we are very clearly differentiating ourselves with is proxy architectures so that its completely transparent. You think youre writing to the data store, but youre actually writing to the proxy, which, in turn, encrypts the data before its stored.

John Furrier:

Do you think thats an efficient way to do it or is the only way to do it?

Ameesh Divatia:

It is a much more efficient way of doing it because of the fact that you dont need any app dev resources. There are many other ways of doing it, in fact, the cloud vendors provide development kits where you can just go do it yourself. So, that is actually something that we completely avoid and what makes it really interesting is that once the data is encrypted in the data store or database, we can do what is known as Privacy Enhanced Computation. So, we can actually process that data without decrypting it.

John Furrier:

And so proxies then with cloud computing can be very fast, not a bottleneck.

Ameesh Divatia:

In fact, the cloud makes it so. Things in static infrastructure. In the cloud, theres infinite amount of processing available and theres containerization.

John Furrier:

And you have good network?

Ameesh Divatia:

You have very good network, you have load balancers, you have ways of creating redundancy. So, the cloud is actually enabling solutions like this.

John Furrier:

In the old way proxies were seen as an architectural fail, in the old antiquated static web.

Ameesh Divatia:

And this is where startups dont have the baggage. We looked at the problem and said, of course, were going to use a proxy because this is the best way to do this in an efficient way.

John Furrier:

Well, you bring up something thats happening right now that I hear a lot of CSOs and CIOs and executives, say CXOs, say all the time, our stuff has gotten complicated. So, now I have tools sprawl, I have skill gaps and on the rise, all these new managed services coming at me from the vendors who have never experienced my problem. And their reaction is they dont get my problem and they dont have the right solutions, its more complexity. They solve the complexity by adding more complexity.

Ameesh Divatia:

Yes. I think again, the proxy approach is a very simple.

John Furrier:

That youre solving that with that approach.

Ameesh Divatia:

Exactly, very simple. And again, we dont get in the way. Thats really the biggest differentiator. The forcing function really here is compliance because compliance is forcing these CSOs to actually adopt these solutions.

John Furrier:

So, show about the on premise versus the cloud workload dynamic right now. Hybrid is a steady state right now. Multi-cloud is a consequence of having multiple vendors, not true multi-cloud but like, they have Azure I get that, but hybrid really is the steady state cloud operations. How are the workloads and the analytics, the data being managed on-prem and in the cloud? Whats the relationship? Whats the trend? What are you seeing happening there?

Ameesh Divatia:

I think the biggest trend we see is pipelining. The new ETL is streaming. You have these Kafka and Kinesis capabilities that are coming into the picture where data is being ingested all the time. It is not a one time migration, its a stream. So, plugging into that stream is very important from an ingestion perspective.

John Furrier:

So, its not just a watchdog?

Ameesh Divatia:

No, its built in.

John Furrier:

Its built in, its real time thats where streaming its another diverse access to data. You got data lakes, you have pipeline, you got streaming you mentioned that. So, talk about the old school OLTP, the old BI world. I think Power BI is a $30 billion product and you got Tableau built on, OLTP building cubes, arent we just building cubes in a new way or is there any relevance to the old school?

Ameesh Divatia:

I think there is some relevance and in fact thats again, another place where the proxy architecture really helps because it doesnt matter when your application was built. You can use Tableau which nobody has any control over and still process encrypted data and so can with Power BI. Any SQL application can be used and thats actually exactly what we like to promote.

John Furrier:

See the original post here:
Ameesh Divatia appears on theCUBE at AWS re:Inforce to talk about proxy architecture and the future of data... - Security Boulevard

Email Encryption Tool Market research involves the study of various factors affecting the industry, including market environment, competitive landscape, historical data, present trends in the market, technological innovation, upcoming technologies and the technical progress in related industry, and market risks, opportunities, market barriers, and challenges.

Email encryption refers to the authentication mechanism of encoding and disguising the contents of an email to protect it from unauthorized access. Email is an extremely vulnerable mode of communication that can be hacked over unsecured or public networks. Encryption is one of the primary data security solutions in the present times. It secures the contents of the email by making them unreadable as they get transferred over networks. The methodology primarily depends on cryptography wherein the user publishes a key to decrypt the message. Email encryption tool is essential for both organizations and individuals as it prevents the access of important and confidential data by unintended users.

Sample PDF showcases the content structure and the nature of the information included in the report which presents a qualitative and quantitative analysis https://www.theinsightpartners.com/sample/TIPRE00023699

Competitive Overview:

A few leading players in the Email Encryption Tool domain have also been profiled in the report. The profiling of the market players acquaints the reader with their financial information about revenues as well as segment revenues, a competitive SWOT analysis for each player and the recent developments by the player in the Email Encryption Tool domain. The key developments are related to the mergers and acquisitions by the players in the recent past.

Players Mentioned are

Broadcom, Inc.

Cisco Systems, Inc.

CyberRe (Micro Focus)

Egress Software Technologies Ltd.

Entrust Corporation

Mimecast Services limited

Proofpoint, Inc.

Sophos Ltd.

Trend Micro Incorporated

Zix Corporation

Scope of the Report

The research on the Email Encryption Tool market focuses on mining out valuable data on investment pockets, growth opportunities, and major market vendors to help clients understand their competitors methodologies. The research also segments the Email Encryption Tool market on the basis of end user, product type, application, and demography for the forecast period 20212028. Comprehensive analysis of critical aspects such as impacting factors and competitive landscape are showcased with the help of vital resources, such as charts, tables, and infographics.

The report provides a detailed overview of the industry including both qualitative and quantitative information. It provides overview and forecast of the global Email Encryption Tool market based on various segments. It also provides market size and forecast estimates from year 2017 to 2028 with respect to five major regions, namely; North America, Europe, Asia-Pacific (APAC), Middle East and Africa (MEA) and South America. The Email Encryption Tool market by each region is later sub-segmented by respective countries and segments. The report covers analysis and forecast of 18 countries globally along with current trend and opportunities prevailing in the region.

Click here to avail lucrative discounts on our latest reports. We offer student, enterprise, and special periodic discounts to our clientele. Please fill the inquiry form below to know more https://www.theinsightpartners.com/discount/TIPRE00023699

The Insight Partners Email Encryption Tool Market Research Report Scenario includes:

The report provides qualitative and quantitative trends of global Email Encryption Tool Market across type, type of products, service, and geography.

The report starts with the key takeaways (Chapter Two), highlighting the key trends and outlook of the global Email Encryption Tool Market.

Chapter Three provides the research methodology of the study.

Chapter Four further provides PEST analysis for each region.

Chapter Five highlights the key industry dynamics in the Email Encryption Tool Market, including factors that are driving the market, prevailing deterrent, potential opportunities as well as future trends. Impact analysis of these drivers and restraints is also covered in this section.

Chapter Six discusses the global Email Encryption Tool Market scenario, in terms of historical market revenues, and forecast till the year 2028.

Chapter Seven to ten discuss Email Encryption Tool Market segments by type, type of application, service, and geography across North America, Europe, Asia-Pacific, Middle East and Africa, South and Central America. They cover market revenue forecast, and factors driving and governing growth.

Chapter Eleven describes the industry landscape analysis. It provides detailed description of various business activities such as market initiatives, new developments, mergers and joint ventures globally along with a competitive landscape.

Chapter Twelve provides the detailed profiles of the key companies operating in the global Email Encryption Tool Market. The companies have been profiled on the basis of their key facts, business description, products and services, financial overview, SWOT analysis, and key developments.

Chapter Thirteen, i.e. the appendix is inclusive of a brief overview of the company, glossary of terms, contact information, and the disclaimer section.

Immediate delivery of our off-the-shelf reports and prebooking of upcoming studies, through flexible and convenient payment methods https://www.theinsightpartners.com/buy/TIPRE00023699

About Us:

The Insight Partners is a one stop industry research provider of actionable intelligence. We help our clients in getting solutions to their research requirements through our syndicated and consulting research services. We specialize in industries such as Semiconductor and Electronics, Aerospace and Defense, Automotive and Transportation, Biotechnology, Healthcare IT, Manufacturing and Construction, Medical Device, Technology, Media and Telecommunications, Chemicals and Materials.

Contact Us:

If you have any queries about this report or if you would like further information, please contact us:

Contact Person: Sameer Joshi

E-mail: [emailprotected]

Phone: +1-646-491-9876

Follow this link:
Email Encryption Tool Market Analysis by Industry Perspective, Comprehensive Analysis, Growth and Forecast 2022-2028 - Digital Journal

On July 27, 2022, OneTouchPoint Inc. (OTP) confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on OneTouchPoints network. According to OneTouchPoint, the breach resulted in the names, member IDs, and healthcare information of certain individuals being compromised. OTP notes that, because it serves as a vendor for dozens of other organizations, customers that never did business with OTP may be included among the affected parties. Recently, OneTouchPoint filed an official notice of the breach and sent out data breach letters to everyone who was impacted by the recent data security incident.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the OneTouchPoint Inc. data breach, please see our recent piece on the topic here.

According to an official notice filed by the company, on April 28, 2022, OTP discovered that certain files on its computer system had been encrypted. In response, the company secured its systems and, working with cybersecurity professionals, began an investigation into the accident.

As a result of this investigation, OTP learned that the unauthorized party initially gained access to its systems on April 27, 2022. Subsequently, on June 1, 2022, OTP then learned that it would not be able to tell which files the unauthorized party actually viewed. The company then focused on reviewing all compromised files to determine what information was contained on them and who it belonged to. While the breached information varies depending on the individual, it may include your name, member ID, and any information you provided during a health assessment.

OTP is a vendor that provides printing and mailing services to various health insurance carriers and medical providers. Thus, the OTP data breach may impact consumers who obtained treatment or have insurance policies with any of the following companies or providers:

Common Ground Healthcare Cooperative

Banner Medicare Advantage Dual

Blue Cross Blue Shield of Arizona

MediSun, Inc. d/b/a Blue Cross Blue Shield of Arizona Advantage

Health Choice Arizona, Inc

Blue Cross Blue Shield of Massachusetts

Blue Cross Blue Shield of Rhode Island

Blue Cross Blue Shield of South Carolina Commercial

BMC HealthNet Plan / Well Sense Health Plan

CareFirst Advantage

Commonwealth Care Alliance

ElderPlan/HomeFirst

EmblemHealth Plan, Inc.

Florida Blue

Geisinger

Health Alliance Plan of Michigan

HAP Midwest Health Plan

Health First

Health New England

Health Plan of San Mateo

HealthPartners

Highmark Health

Humana

Kaiser Permanente

KS Plan Administrators, LLC

MVP Health Care

Pacific Source

Premera Blue Cross Medicare Advantage Plans

Prime Time Health Plan

Point32Health

Regence BlueCross BlueShield of Oregon

Regence BlueCross BlueShield of Utah

Regence BlueShield

Regence BlueShield of Idaho, Inc.

UPMC Health Plan

Matrix Medical Network

OneTouchPoint Inc. initially sent out a summary of its investigation on June 3, 2022. More recently, on July 27, 2022, OTP sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Founded in 2007, OneTouchPoint Inc. is a software and business services company based in Hartland, Wisconsin. The company provides a range of services to its corporate clients, including brand management, local marketing, marketing execution, print production and supply chain logistics. OneTouchPoint deals with companies across many industries, including alcohol & beverage, financial services, retail, healthcare, insurance, and manufacturing. OneTouchPoint Inc. employs more than 600 people and generates approximately $238 million in annual revenue.

In the letter that OneTouchPoint sent to victims of the recent breach, the company mentioned that it first learned of the incident when it noticed certain files on its computer network had been encrypted. Encryption is a process that encodes files, making them inaccessible to anyone without the encryption key (such as a password). Encryption is used every day for all sorts of lawful purposes, for example, to keep people from accessing sensitive data. However, cyberattacks also use encryption when orchestrating a ransomware attack.

Thus, when a company notes that its files were encrypted, its a good indication that it suffered a ransomware attack. In a typical ransomware attack, hackers install malware on a victims computer that encrypts some of all of their files. When the victim logs back on to their computer, they are met with a message from the hackers demanding a ransom. If the victim pays the ransom, the hackers (should) decrypt the files, allowing the victim access to their files.

More recently, some hackers have taken ransomware attacks to a new level, however, by threatening to publish the stolen data if the ransom isnt paid. This adds additional incentive for the victim to pay the ransom. However, the FBI and other federal agencies routinely advise companies not to pay ransoms demanded by hackers because this only encourages hackers to carry out these types of attacks. Of course, this puts companies in a difficult position because, by not paying a ransom, they may end up responsible for the breach in the publics eye.

Of course, the best way to prevent an unauthorized party from accessing consumer data is for a company to implement a robust data security system in the first place. Companies that fail to take data security seriously are often those that end up targeted by hackers in a ransomware attack.

See the original post:
OneTouchPoint Inc. Confirms Data Breach Potentially Impacting Dozens of Other Businesses (and Their Customers) - JD Supra