Protecting Your Data Is Our Priority
At Certes Networks, we understand you have a choice of which provider you select to protect your data. Many technology providers state that they can encrypt and protect your data, but this is usually at the cost of disrupting the network infrastructure which can often be expensive and complicated.
Certes Networks Provable Security™ offers the ability to quantify security’s role to build, modify and measure a data security strategy that aligns and protects the needs of the organization while mitigating risks through the Certes Layer 4 solution.
The Certes Layer 4 solution is a scalable end-to-end encryption management solution that’s is network agnostic easily integrating into any network infrastructure, fully interoperable with the existing security stack and with zero impact to performance.
Certes Networks offers the ability to support multiple deployments across a multi-vendor environment on any network or transport. With Certes Layer 4 technology, a customer can be sure that their data assurance posture will scale to support the depth and breadth of a customer’s environment, between data centers and applications (east to west) or simply just across the WAN or SD-WAN.
The CJIS Security Policy and Data Sharing
Law enforcement agencies throughout the United States rely on the FBI’s Criminal Justice Information Services (CJIS) databases to gain access to Criminal Justice Information (CJI). Such databases include the National Data Exchange (N-DEx), the National Crime Information Center (NCIC) and the National Instant Criminal Background Check System (NICS). Once accessed, agencies use and share CJI in order to employ essential activities to successfully fight crime including background checks, verifying fingerprints and reviewing criminal history information of a suspect.
The consequences of CJI falling into the wrong hands can be devastating. Therefore, any agency that accesses and shares CJI must comply with the FIB’s CJIS Security Policy which sets out comprehensive and stringent cybersecurity standards regarding data protection. Agencies are audited to verify compliance with the CJIS Security Policy on a regular basis and failure to comply can result in denial of access of CJIS Information databases, fines and even criminal charges.
Certes Networks encryption management solution has helped many Sheriff’s and law enforcement agencies to comply with CJIS and meet audit requirements without moving, replacing or disrupting the current network infrastructure.
2020: A Post-GDPR World
Since its inception in May 2018, the GDPR continues to dominate news headlines and cause significant challenges for organizations. 2019 demonstrated that the risk of fines for non-compliance is not just in theory but something that is very real: the fines received by a leading airline, a global hotel chain and a blue-chip technology provider alone totaled over $400 million dollars. The message is clear – when large volumes of data are infiltrated, or an individual’s fundamental data privacy rights are otherwise violated, the EU will take action. And, businesses should also be aware that the scope of this regulation is not limited to the EU. U.S. financial institutions, governments, emergency services, or any enterprise providing a service whereby personal data is processed for an EU resident, are also impacted by GDPR requirements.
GDPR has recently influenced development of U.S. state legislation with California implementing the CCPA and New York the SHIELD Act. Both have similarities to GDPR with the main purpose to protect individual data privacy rights of citizens.
The Certes Layer 4 solution is network agnostic easily integrating into any network infrastructure, fully interoperable with the existing security stack and with zero impact to performance — thus ensuring that important data reaches its destination and is only visible by those who need to see it. Watch Webinar.
It's here: The California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) comes into effect on January 31, 2020 and can impact any organization that conducts business in California, regardless of where that business geographically located. If a business is located outside the State of California (or even outside of the United States) compliance with the CCPA will be mandatory if personal information of California residents is collected or processed and at least one of the following criteria applies:
- The business has an annual gross revenue in excess of $25,000,000
- The business buys, sells, receives or shares the personal information of 50,000 or more California consumers
- The business derives 50% or more of its annual revenue from selling consumer goods in California
Certes Networks can help organizations to comply with CCPA by encrypting data in transit to prohibit any internal or external infiltrations. The Certes Layer 4 solution encrypts data in transit regardless of application or network, ensuring that important data reaches its destination and is only visible by those who need to see it.
New York SHIELD Act
Addressing Increasing Data Breaches in the State of New York
The Stop Hacks and Improve Electronic Data Security Handling (“SHIELD”) Act was introduced to address the increasing threat of data breaches occurring in the State of New York. It applies to any entity that processes the private information of residents of New York regardless of where that entity is located. If a business is located outside of New York State (or even outside of the United States) compliance with the SHIELD Act will be mandatory if private information of a resident of New York State is being processed.
Private information includes social security numbers, a driver’s license number, credit or debit card information, biometric information and username or email addresses with a password.
It should be noted that organizations that are subject to the following data privacy regulations are deemed in compliance with the SHIELD Act: Gramm Leach Bliley Act (GLBA); HIPPA; and, New York State Department of Financial Services Cybersecurity Regulation.
Certes Networks can help organizations to comply with the New York SHIELD Act by encrypting data in transit to prohibit any internal or external infiltrations. The Certes Layer 4 solution is network agnostic easily integrating into any network infrastructure, fully interoperable with the existing security stack and with zero impact to performance — thus, ensuring that important data reaches its destination and is only visible by those who need to see it.
Taking the Complexity Out of Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards founded by American Express, Discover, JCB International, MasterCard Worldwide and Visa Inc. to safeguard debit and credit card data. Compliance is mandatory for every eCommerce merchant that accepts credit or debit card payment on their website. All information entered by customers is personal and sensitive data, so it must be well-protected.
PCI DSS not only affect merchants but it also has a great impact on banking and banking application security. Most financial organizations find it challenging to meet the rigorous testing requirements of PCI DSS. Less than one-third of organizations were fully PCI compliant less than a year after validation with hefty fines for those who fail to comply.
Certes Networks offers Certified Technology for FIPS 140-2 and Common Criteria EAL4+ for both their hardware appliance and key management software. Delivering security products that have been tested and validated against these rigorous standards is critical to help banks and financial institutions comply with data protection regulations.
Taking Steps to Mitigate Cyber-risks
Cybersecurity in the utility and critical national infrastructure (CNI) is under attack. The idea that a global ransomware or cyber attack could shut down an entire electrical grid is frightening. The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining the reliability of the North American Bulk Electric System (BES) and protecting it from cyber-attacks.
Certes Networks offers Certified Technology for FIPS 140-2 and Common Criteria EAL4+ for both their hardware appliance and key management software. Delivering security products that have been tested and validated against these rigorous standards is critical to help U.S. utility companies comply with data protection regulations.
A technology solution that is simple, scalable and uncomplicated.
Want to learn more? One of our team members would be happy to help!