Categories
Data Protection

Data Sovereignty: Corporate Protection Strategy

A secure IT infrastructure implies architecting with an emphasis on data protection, risk management, resilience, and data sovereignty, welcoming the inevitability of disruptive transformations.

This framework provides solid support for companies looking to capitalize on innovations arising from the digital age, enabling harmonization of business functions to orchestrate the desired results.

In practical terms, CEOs and IT leaders who incorporate data protection to address ongoing disruptions in the business landscape make their organizations more robust and sustainable, contributing significantly to their overall business growth.

As reported by
Gartner Management Board report
69% of corporate directors aim to accelerate digital strategies and projects to cope with these constant disruptions.

For some companies, this represents the realization of their digital strategies for the first time; for others, it signals the need to quickly step up digital investments aimed at the high availability of their technological architecture, including data use and protection.

Digital strategies are a natural evolution of day-to-day organizational life. These strategies allow companies to seek the security and agility demanded by the current market.

Data Sovereignty: organizational resilience with data protection

An organization’s ability to withstand and recover from adversity is a function of its data sovereignty.

Basically, data sovereignty refers to the concept that data is subject to the laws of the country in which it is located. In an organizational context, data sovereignty refers to the right and ability of an organization to maintain and control access to and use of its own data.

This sovereignty encompasses an organization’s ability to keep its data safe, secure, and private, in compliance with local and international regulations, regardless of where the data is stored – whether on local servers or in data clouds located anywhere in the world.

In an age where data is increasingly digitized and globalized, data sovereignty is a crucial aspect of data management and information security.

The companies that have sovereignty over their data are better equipped to protect the privacy of their customers’ data, prevent data breaches, and comply with data protection regulations such as Brazil’s General Data Protection Law (LGPD) and the European Union’s General Data Protection Regulation (GDPR).

Business Resilience through Data Protection

‘Resilience’ refers to an organization’s ability to prepare for and adapt to changes in adverse conditions, recovering quickly from disruptions. This involves resisting and recovering from deliberate attacks, accidents, threats, or natural incidents.

However, this ability to excel is not a phenomenon that occurs by itself in data security and protection or in any other aspect. Careful planning and management is required, and so continuity of operations should be on the agenda of virtually every company.

Briefly, operational environment recovery covers the standardized management of all processes aimed at identifying and mitigating risks that threaten an organization.

Such risks can include disruptions in Information and Communications Technology (ICT) continuity, cyber attacks, consumer demands, market changes, regulatory compliance requirements, and even pandemics, as evidenced by Covid-19.

To achieve Data Sovereignty, start with Risk Management

Data security, regulatory compliance, continuity, and risk management are inextricably linked. They work together to protect companies against interruptions.

However, risk management should always be the starting point for identifying potential threats and then creating controls capable of managing them.

However, risk management does not completely eliminate all threats. It needs to be complemented by continuity management to ensure that organizations plan for contingencies, such as selecting alternative suppliers of goods and services.

Achieving integrity based on Data Sovereignty requires careful planning of company operations to ensure that they are flexible enough to adapt to market changes, and that continuity of technology use is guaranteed.

This includes focused planning and management of the data protection strategy, and a comprehensive risk assessment in the form of a business impact analysis.

Ensure Organizational Flexibility through the Use of Technology and Innovation

Rigid organizations that cannot adapt flexibly will face challenges in any crisis. Traditional organizational structures, inefficient communication, underfunded IT, lack of digitization, and inflexible management processes are real obstacles in challenging times.

Instead, make sure that employees and managers have the ability to take action in any situation and that communication is transparent.

In addition, it is crucial that there is a culture of honest feedback, IT is focused on data protection, employees are well trained, and processes are digitized assertively.

In other words, comprehensively prepare for a crisis by adapting your business model and processes, investments, and IT operations to be more resilient in protecting your data

Then make sure that the technology department fully understands what keeps the production environment running. Seek deeper alignment of activities and IT. In addition, it is crucial that investments focus on continuity, collaboration, and self-service.

Also plan how operations will function during a crisis

Identify potential risks and plan how to address them. Create an emergency plan and establish a command structure for incidents. Ensure that everyone knows what their roles and responsibilities are in different crisis scenarios.

Some key points to consider when creating an emergency plan include:

  • Provision of a business continuity plan that complies with industry regulations.
  • Creating a map of critical processes and functions that need to be maintained in case of emergency.
  • Designation of an emergency response leader.
  • Training and preparation of staff to deal with emergencies, including the execution of practical exercises.

Finally, ensure that employees are trained to handle crisis situations, communication is transparent, and the feedback culture is strong. It is also crucial to ensure adequate investment in IT, with a focus on data sovereignty, and the digitalization of processes.

Data Sovereignty as the backbone of business

In a world where data sovereignty is becoming increasingly crucial, companies must have absolute control over their data. Thus, we ensure that we handle, process and store them securely, in full compliance with current legislation.

In short, corporate data sovereignty and data protection are convergent. They are considered keywords that define the resilience of an organization in the face of technological trends and risks.

Adopting a comprehensive and well-planned approach to data sovereignty and protection can shape the strategy of organizations. This approach helps organizations thrive in the uncertain and ever-changing future of the digital business environment.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
News and Events

Sequoia Logistica and Eval Improve Data Security

Sequoia Logística stands out in the Brazilian market as a leading company in logistics and transportation services, helping more than 4,000 clients with innovative and technological solutions, in addition to meeting important regulatory requirements, such as LGPD.

With the help of Eval, a reference company in digital certification and information security in Brazil and an official Thales partner, Sequoia Logística sought to improve protection of sensitive data.

At the same time, the company maintained high performance and compliance with regulations, such as Brazil’s General Data Protection Law (LGPD).

Data protection: securing personal records without hindering operational efficiency

Sequoia Logistics was faced with the challenge of protecting sensitive personal information of millions of customers while ensuring compliance with LGPD. In addition, they sought to avoid data breaches and service interruptions.

This challenge involved several critical aspects that required an efficient and comprehensive solution for data protection.

Data protection at scale

Given the amount of personal information collected and processed by Sequoia Logistica, including names, addresses, and contact information, it was essential to find a solution that could handle a large volume of data.

The ideal solution should be scalable and able to protect the data of millions of customers without hindering the company’s operational efficiency.

LGPD Compliance

The LGPD requires organizations to adopt appropriate technical and administrative measures to protect the personal data of their customers.

To comply with this regulation, Sequoia Logística needed to implement a solution that would ensure adequate data protection and make it easier to demonstrate compliance to the authorities.

Prevention of data breaches and service interruptions

Data breaches can cause significant damage to a company’s reputation, as well as result in fines and penalties.

Therefore, it was crucial for Sequoia Logistics to find a solution that would help prevent unauthorized access to sensitive data and quickly identify potential threats.

In addition, the solution should be able to mitigate the risk of service interruptions, ensuring continuity of operations and on-time delivery of hundreds of thousands of orders daily.

Maintaining the performance of IT systems

As Sequoia Logística’s operational efficiency relies heavily on its IT systems, it was critical that the data protection solution did not adversely affect the performance of these systems.

The ideal solution should be easy to integrate and implement, without causing disruption or delay to the company’s daily operations.

Given these challenges, Sequoia Logística sought to find a comprehensive and efficient solution that would meet its needs for data protection, regulatory compliance, and operational performance.

Solution: Partnering with Eval and adopting CipherTrust Transparent Encryption

The search for an effective security solution led Sequoia Logística to work with Eval, a trusted partner that introduced them to Thales and the CipherTrust Data Security Platform solution, approved after conducting proof-of-concept (PoC) tests for centralized key management.

Implementation: Securing 14 critical environments with CipherTrust Transparent Encryption

The successful implementation of the CipherTrust Transparent Encryption solution at Sequoia Logistics involved several important and strategic steps to secure its 14 critical production environments.

The following are details of how the company approached and executed this implementation.

  • Solution Selection and Evaluation

Sequoia Logistics, with Eval’s assistance, conducted considerable research and proof-of-concept (PoC) testing to evaluate CipherTrust Transparent Encryption.

These tests focused on ease of implementation, security policy enforcement, and impact on operations, ensuring that the solution met their specific needs.

  • Planning and Preparation

Prior to implementation, Sequoia Logistics and the Eval team carefully planned the integration of CipherTrust Transparent Encryption into critical production environments.

This included identifying the systems and applications that required protection, defining security policies, and establishing an implementation schedule to minimize the impact on daily operations.

  • Agent installation and configuration

The Sequoia Logistics team and Eval installed and configured CipherTrust Transparent Encryption agents on the operational file systems or device layers of critical production environments.

The installation of the agents allowed encryption and decryption to occur transparently, without affecting the performance of applications running above the agents.

  • Implementation of security policies and access control

With CipherTrust Transparent Encryption in place, Sequoia Logistics applied granular security policies and established privileged user access controls.

This has enabled the company to restrict and monitor access to sensitive data, reducing the risk of insider threats and data breaches.

  • Monitoring and Auditing

Sequoia Logística used CipherTrust Transparent Encryption’s real-time auditing and monitoring capabilities to track and analyze access to sensitive data, an important requirement of the LGPD.

This has helped the company to quickly identify and respond to suspicious or unauthorized activity, ensuring ongoing compliance and protection of sensitive data.

CipherTrust Transparent Encryption: a comprehensive approach to data protection

CipherTrust Transparent Encryption provides data-at-rest encryption with centralized key management, privileged user access control, and detailed data access auditability logging.

These features help companies to be compliant and meet best practice requirements for data protection wherever they are.

The FIPS 140-2 validated CipherTrust Transparent Encryption agent resides in the operating file system or at the device level, and encryption and decryption are transparent to all applications running above it.

In addition, the solution provides granular access controls that allow companies to determine who can access the data, when they can access it, and what kind of access they have.

CipherTrust Transparent Encryption is an innovative solution from Thales that provides robust protection for data at rest, ensuring that sensitive information is secure and accessible only by authorized users.

Advanced encryption and centralized key management

The CipherTrust Transparent Encryption solution uses advanced encryption algorithms to protect sensitive data, ensuring that only authorized users can access it.

In addition, centralized key management provides efficient control of encryption keys, making administration and recovery easy, even in complex, distributed environments.

Granular access control

Privileged user access control in the CipherTrust Transparent Encryption solution enables organizations to effectively manage access to sensitive data.

With granular policies and separation of roles, you can prevent unauthorized access by administrators or other privileged users, reducing the risk of insider threats and data breaches.

Detailed auditing and real-time monitoring

The CipherTrust Transparent Encryption solution provides detailed audit logs of data access, making it easy to identify and investigate suspicious or unauthorized activity.

In addition, real-time monitoring enables security teams to quickly track and respond to potential threats, ensuring compliance with General Data Protection Law requirements and ongoing protection.

Transparent implementation and optimized performance

The CipherTrust Transparent Encryption solution is designed to be implemented in the operating file system or device layers. This ensures that encryption and decryption is transparent to the applications running above the agents.

This results in minimal or no impact on the performance of systems and operations, allowing organizations to protect their data without compromising efficiency.

Compliance with regulations and best practices

The CipherTrust Transparent Encryption solution helps organizations meet compliance requirements around the world, including LGPD, GDPR and other data protection laws.

Implementing this solution allows companies to demonstrate compliance with regulations, avoiding fines and reputational damage.

In summary, CipherTrust Transparent Encryption offers a comprehensive and efficient solution for protecting data at rest, ensuring optimal security, compliance, and performance for organizations of all sizes and industries.

Eval is official Thales partner

Eval played a key role in the successful implementation of CipherTrust Transparent Encryption at Sequoia Logistics, acting as Thales’ official partner.

The partnership between Eval and Thales ensured that Sequoia Logistica had access to the ideal data security solution to address its specific challenges, such as LGPD, and achieve the desired results.

Experience and expertise that makes the difference for your company

As an official Thales partner, Eval has in-depth knowledge and hands-on experience with Thales’ data security solutions, including the CipherTrust Data Security Platform.

Eval’s team understands how Thales solutions can be adapted and applied to different industries and use cases, ensuring that customers get the maximum benefit from their implementations.

In addition, the partnership between Eval and Thales ensures that customers, such as Sequoia Logística, receive the highest level of technical support and consulting during implementation and beyond.

Eval’s team works closely with customers to understand their specific needs, provide expert advice, and ensure that the chosen data security solution is implemented effectively and efficiently.

In conclusion, the partnership between Eval and Thales played a crucial role in the successful implementation of CipherTrust Transparent Encryption at Sequoia Logistics.

Eval’s expertise, combined with Thales’ state-of-the-art data security solution, has enabled Sequoia Logistics to meet its data protection and regulatory compliance challenges effectively and efficiently.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Hardware Security Module (HSM): Concept and Use

In today’s digital age, cybersecurity is a growing priority for companies of all sizes and industries. At the center of this fight against growing digital threats, the Hardware Security Module (HSM)stands out as a robust and reliable protection solution.

With the continuous growth of threats, combined with the increasing volume and sensitivity of the data managed by organizations, investment in security becomes more and more crucial.

The HSM, also known as the Hardware Security Module, plays a key role in safeguarding data and cryptographic keys.

This article will discuss the vital role these devices play in the cybersecurity of organizations, as well as provide guidance on how to effectively implement them to ensure comprehensive protection of business operations and customers.

Unraveling the HSM: the guardian of Cryptographic Keys and sensitive data

Basically, a Hardware Security Module is a physical security device designed to protect, manage, and perform cryptographic operations with cryptographic keys.

HSMs are available in various forms, each designed to meet the specific needs of enterprises and their IT infrastructures.

Current and most commonly used formats in the market include:

External Devices

Security modules are stand-alone devices, usually connected to servers or IT systems via a USB interface, or network.

They are easy to install and manage and can be used in environments with diverse IT infrastructure.

Server Expansion Cards

These HSMs are installed directly on the servers as an expansion card, connecting to the system bus for faster performance and integration.

They are ideal for high performance and security demanding environments such as data centers and financial institutions.

Cloud Hardware Security Module (Cloud HSM)

These devices are managed services by the cloud providers, allowing enterprises to leverage the security and performance of security modules without the need to purchase and manage physical hardware.

They are an attractive option for companies looking for flexibility, scalability, and cost savings.

Robust protection and optimized performance for your business

In practice, HSMs offer robust protection and optimized performance to ensure the security of cryptographic keys and sensitive data:

  • Robust protection:

Hardware security modules are designed with multiple layers of security to resist both physical and logical attacks. They include features such as tamper-resistant enclosures, tamper detection, and automatic key deletion in case of attempted unauthorized access.

In addition, the devices implement logical security mechanisms, such as encryption of stored keys and role-based access management, ensuring that only authorized persons can access and manage the cryptographic keys.

  • Optimized performance:

HSMs are built with specialized hardware components and optimized to perform cryptographic operations quickly and efficiently.

This is essential for processing large volumes of transactions or secure communications without adversely affecting system performance.

In addition, security modules efficiently manage the encryption load on servers and IT systems, freeing up resources for other tasks and improving overall performance.

  • Scalability and flexibility:

As we have seen, HSMs are available in various forms and configurations, including external devices, expansion cards for servers, and cloud managed services.

This diversity of options allows companies to choose the equipment best suited to their specific needs, ensuring scalability and flexibility as business needs evolve.

In this way, companies ensure that cryptographic keys and sensitive data are protected efficiently and securely, making it an essential solution for the cybersecurity of their business.

HSMs in action: crucial applications to protect your digital assets

Let’s look in detail at how HSMs are applied in crucial situations to ensure the security and integrity of digital assets:

  1. Cryptographic Key Management

Hardware security modules are designed to manage the complete lifecycle of cryptographic keys, including generation, storage, rotation, and their secure destruction.

This ensures that the keys are protected against unauthorized access and malicious manipulation.

  1. Data encryption and secure storage

HSMs offer high-performance encryption to protect data at rest and in transit.

They ensure that data stored on servers, storage devices, and cloud environments is protected with strong cryptographic algorithms and securely managed keys.

  1. Authentication and Access Control

Hardware security modules can be used to authenticate and verify the identity of users, devices, and systems, ensuring that only authorized parties access critical resources.

They also support role-based access management to provide granular control over who can access and manage cryptographic keys and sensitive data.

  1. Digital signature and data integrity

The security modules are essential for the generation and verification of digital signatures, ensuring the authenticity, integrity, and non-repudiation of electronic transactions and communications.

They secure business processes and help meet regulatory requirements, such as signing electronic documents and complying with payment security standards.

  1. Public Key Infrastructure (PKI)

HSMs are widely used in PKI solutions to protect and manage private keys used in issuing and revoking digital certificates.

This ensures the security and reliability of authentication and encryption processes that rely on PKI, such as secure communications and access to critical resources.
  1. Financial transaction protection

Hardware security devices are key to securing financial transactions such as credit card payment processing, bank transfers, and digital currency transactions.

They ensure the security and confidentiality of financial information and help meet business-related compliance standards.

Why Ignoring Cybersecurity Could Be Your Company’s Biggest Mistake

In today’s digital age, protecting sensitive information and data is critical to the success of businesses. Cyber threats are constantly evolving, becoming more sophisticated and damaging every day.

This is where hardware security modules come into the picture, providing advanced and reliable security to protect organizations’ digital assets.

Here are some reasons why companies actually need HSM equipment in their business operations:

Data Protection

With the increasing volume of data generated and stored by companies, the need to protect this data has become even more important.

HSM security appliances provide robust protection for sensitive information and critical data, ensuring that only authorized people can access it.

In practice, security modules offer an additional layer of protection for cryptographic keys and sensitive data. They are built with advanced physical and logical security features, such as tamper-resistant enclosures and tamper detection.

Role-based access management ensures robust protection against physical and cyber attacks.

Cost reduction

While the initial implementation of HSMs may involve a significant investment at the start of the implementation project, the long-term benefits include reduced costs related to data breaches and compliance.

In addition, the improved performance and operational efficiency provided by the devices can lead to even greater efficiency in managing cybersecurity investments.

Compliance with regulations and standards

Companies need to meet various regulations and compliance standards related to data security and privacy.

A clear example is the General Law of Data Protection (LGPD), which came into force in Brazil in 2020. The LGPD requires companies to implement appropriate security measures to protect the personal data of their customers and users.

HSMs help companies comply with these regulations and standards, minimizing the risks of data breaches and associated fines.

Brand trust and reputation

Data protection and privacy are growing concerns for consumers and customers.

By investing in hardware security modules, companies demonstrate their commitment to protecting information, strengthening customer trust and loyalty, and thus fostering successful and long-lasting relationships.

Risk Reduction

Data breaches and cyber attacks can have devastating consequences for companies, including financial losses, reputational damage, and disruption of business operations.

By implementing HSMs, companies can significantly reduce the risk of data breaches and minimize the impact of potential cyber attacks.

Competitiveness

Companies that adopt HSMs and other advanced security technologies can stand out in highly competitive markets where data protection and compliance are key success factors.

The implementation of security devices can be a strategic differentiator, providing competitive advantage and attracting new customers and business partners.

Considering these factors, it is clear that companies need HSM equipment in their business operations to ensure efficient and secure protection of their digital assets and customers.

HSM device deployment is a key part of enterprises’ cybersecurity strategy

By effectively incorporating hardware security modules into their cybersecurity architecture, companies can ensure that their valuable information is protected. They also help to maintain compliance with the regulations and standards applicable to your business segment.

In this scenario, Eval, a specialist in the information security segment, stands out as a reliable and experienced partner for the implementation and management of HSM solutions.

The official partnership between Eval and Thales, a global leader in cybersecurity solutions, ensures customers have access to cutting-edge technologies and an innovative approach to protecting their digital assets.

Together, these companies offer high-performance, reliable, and scalable solutions tailored to the specific needs of each organization.

Investing in HSMs is a key step for companies toward a comprehensive and effective cybersecurity strategy. Eval and Thales’ expertise is crucial to ensure this evolution of cyber security.

This partnership provides customers with the support they need to protect their data, ensure business continuity, and promote trust between customers and partners.

Take the next step toward securing your digital assets: contact Eval now!

If you are ready to strengthen your company’s cybersecurity and protect your digital assets with an HSM implementation, Eval is the ideal partner to help you on that journey.

With the expertise and partnership with Thales, Eval can offer customized and effective solutions that fit your specific needs.

Don’t put your company’s security off until later. Contact the Eval team today and find out how our HSM solutions can take your data protection to the next level.

Click the button below to schedule a free consultation with our experts and start building your company’s digital fortress.

Contact Eval now!

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have been offering Authentication, Electronic and Digital Signature solutions in Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Cryptographic Key Security in the Digital Real

The evolution of payment systems and the growing demand for fast, secure and efficient solutions, led the
Central Bank of Brazil (BCB)
to create the Real Digitalproject, a Central Bank Digital Currency (CBDC).

Learn about the relationship between Real Digital and
Hyperledger Besu
the technology behind the pilot project and the importance of using security devices such as the Hardware Security Module (HSM).

Real Digital and Hyperledger Besu: a strategic integration

To achieve the goals of agility, security and efficiency in the operations of the new currency, the Central Bank has been studying and testing various technologies and solutions, with Hyperledger Besu being one of the options under analysis.

The choice of Hyperledger Besu as a possible platform for Real Digital is strategic, because the solution, based on Ethereum and
developed by the Linux Foundation
Foundation, offers scalability and high performance, and is adaptable to public and private networks.

These characteristics allow for greater flexibility and adaptability to the specific needs of the Brazilian financial system.

The integration between the technologies involves the implementation of a distributed ledger platform (
Distributed Ledger Technology – DLT
), which allows the registration and tracking of tokenized financial assets such as the Real Digital.

The Benefits of Convergence

Hyperledger Besu supports smart contracts (
Smart Contracts
), which enable the automation of processes and transactions in the financial ecosystem, ensuring the security, transparency and efficiency of operations.

In this context, the integration between Real Digital and the Besu Hyperledger can bring several advantages, such as:

  • Interoperability:

The platform facilitates communication between different systems and financial institutions, allowing information exchange and transactions to be carried out more quickly and efficiently.

  • Safety:

The blockchain technology used by Hyperledger Besu guarantees the immutability of records and the authenticity of transactions, providing greater security and reliability to Real Digital.

In addition, the Central Bank announced that the network that is to operate the Digital Real will be the same as the SFN, which is considered to have a high level of security.

  • Customization:

Hyperledger Besu, being an open source solution, allows customization and adaptation to the specificities and regulations of the Brazilian financial system, meeting the needs and requirements demanded by the Central Bank.

  • Innovation:

The integration of Real Digital with Hyperledger Besu enables the development and implementation of new digital financial products and services, stimulating innovation and competitiveness in the Brazilian financial market.

Hyperledger Besu: a solid, collaborative foundation for blockchain applications

The name “Besu,” as the technology is also called, is a Japanese word meaning “base” or “foundation,” reflecting the platform’s purpose to be a solid and reliable foundation for building enterprise blockchain applications.

In addition, Besu also suggests the idea of teamwork, as it is a shortened form of “besugo”, which means “snapper” in Japanese – a type of fish usually found in schools.

This connotation of teamwork is key, as the platform is designed to enable collaboration and data sharing between different parts of an enterprise blockchain network.

The Hyperledger Besu technology stands out for its advanced features and modular architecture. Some important features include:


  1. Support for Smart Contracts
    : Besu is compatible with the Solidity programming language and allows the creation and execution of smart contracts for process and transaction automation in the financial ecosystem.

  2. Privacy and Confidentiality
    : Hyperledger Besu enables the implementation of private transactions and confidential communication channels between network participants, ensuring the protection of sensitive data and information.

  3. Interoperability
    The platform facilitates integration with other networks and systems, promoting communication and information exchange between different financial institutions and allowing transactions to be carried out more quickly and efficiently.

  4. Monitoring and Management
    : Besu has tools and features that make it easy to monitor and manage the blockchain network, including support for JSON-RPC and GraphQL APIs, as well as graphical interfaces and performance analysis capabilities.

In practice, the Hyperledger Besu technology represents a robust and collaborative solution for building enterprise blockchain applications.

Its modular architecture, support for smart contracts, and concern for privacy and interoperability make this platform a solid and promising option for the implementation of innovative projects, such as Real Digital.

Securing the Digital Real: The Strategic Value of HSM in Protecting Cryptographic Keys

Transaction security is key to Real Digital’s success. The use of PKI (Public Key Infrastructure) in Hyperledger Besu allows certificates issued by a trusted authority to manage node and account identities in the following ways:

  • Node Permission

Only authorized nodes can connect to other nodes on the network using TLS for communication, and an ICP certificate would further enhance the security of the network, as it already works for the SPB.

Using it for authentication would make the network even more reliable.

  • Block Proposal Allowance

Only blocks proposed by authorized validators are accepted within an ICP chain, with a focus on ensuring the security and integrity of the network.

This allows other validators on the network to verify that the proposer is authorized to create a block on the network, ensuring that only blocks proposed by authorized validators are accepted. The importance of the block proposal permission is to ensure the security and integrity of the network.

Imagine if anyone could propose new blocks on the network, this could lead to malicious attacks, such as including fraudulent transactions or modifying previous blocks.

Block proposal permission, therefore, helps prevent these types of attacks by ensuring that only authorized validators can create new blocks.

Strengthening the security of cryptographic keys

Adding to the use of digital certificates, within an ICP chain, comes another important issue, which is where the cryptographic keys will be securely stored.

In a classic example, imagine that you install a high-security lock on your door to protect your home from possible intruders. However, instead of keeping the key in a safe and secure place, you leave it under the mat in front of the door.

With this approach, the lock becomes useless, since anyone can find the key and easily enter your home.

Even if you use a cloud platform, there is the recommendation of the Cloud Secure Alliance (CSA) in EKM-04 which says that the keys should not be stored in the cloud the data is in, so they should preferably be in HSM or in a cloud HSM external to the cloud infrastructure, such as DPoD.

The HSMs or DPoD provide advanced protection against physical and logical attacks, guaranteeing, through the use of encryption algorithms, the integrity and confidentiality of the cryptographic keys involved and, consequently, greater security in financial transactions, as is already the case with the SPB.

Increased efficiency in performing cryptographic operations

HSMs are optimized to perform cryptographic operations efficiently, improving transaction speed and decreasing latency in the system.

Performance being one of the fundamental requirements in the financial sector.

Compliance with safety regulations and standards

Using HSMs helps to comply with security regulations and standards set by the relevant agencies, such as LGPD and ISO 27001, ensuring legal compliance and enhancing the organization’s reputation.

This point, vital for the Digital Real and for the other services involving financial operations, are also important in Central Bank resolution 4893.

Centralized management and access control of cryptographic keys

HSMs allow centralized management of cryptographic keys, facilitating access control and the implementation of security policies.

Here, the essential point is to ensure that only authorized people can access and use the keys.

Redundancy and recovery of cryptographic keys

HSMs can be configured in clusters, providing redundancy and guaranteeing the availability of cryptographic keys even in case of hardware failures or other incidents.

This ensures continuity of operations and prevents loss of sensitive data.

Integration with the Besu Hyperledger platform

The HSMs are compatible with the Hyperledger Besu platform, making it easy to implement secure and efficient enterprise blockchain solutions for Real Digital.

The integration between the two technologies strengthens Real Digital’s infrastructure and enables the development of new financial services and products.

Indeed, the use of HSMs in the context of Real Digital and Hyperledger Besu can offer significant benefits in terms of security, performance, and compliance, and is an effective and proven solution for protecting cryptographic keys and ensuring the integrity of financial transactions.

The combination of these technologies creates a solid foundation for the evolution of digital payments and the expansion of financial services in Brazil.

Do you know Thales HSM Luna?

O
Thales HSM Luna
is a high-performance security device designed to protect cryptographic keys and perform cryptographic operations securely and efficiently.

Its robust architecture is built with physical and logical security mechanisms to prevent unauthorized access and extraction of sensitive information.

In addition, HSM Luna offers accelerated transaction processing, compliance with regulations and industry standards, centralized key management, and transaction traceability.

This solution is widely used by companies in various industries seeking to protect their digital assets and ensure the confidentiality, integrity, and authenticity of information.

Want to learn more about HSM and all the features it can offer to protect your information and ensure the security of your transactions? Contact Eval, a specialist in information security solutions.

Our team is ready to help you understand how an HSM can benefit your organization and present the best options available on the market. Click here to contact us!

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Digital Certificates

Eval and Keyfactor partnership: together for cybersecurity

Eval, the leading digital certification and information security company in Brazil, has established a strategic partnership with Keyfactor, a company specialized in SSL/TLS certificate management, identity and access security..

The Eval and Keyfactor partnership combines the companies’ expertise and solutions to deliver significant advances in information technology and innovation in the Brazilian market.

This new partnership strengthens Eval’s position as a digital security provider in Brazil.

The company already has established partnerships with Thales Group, a global leader in cybersecurity and protection of sensitive data and personal information, and the PCI Security Standards Council, the forum responsible for the development and adoption of data security standards for payments worldwide.

In addition, Eval has a partnership with Valid Certificadora Digital, a Certification Authority.

Eval and Keyfactor partnership is key to enterprise data security and protection

With the integration of Keyfactor’s solutions, Eval will expand its ability to meet the growing market demands of securing sensitive data and personal information, security policies, and digital identity management.

The Eval and Keyfactor partnership will allow us to offer a unified platform for managing SSL/TLS certificates and cryptographic keys, simplifying the process and reducing the risks associated with information loss or leakage.

The collaboration between Eval and Keyfactor will also bring significant benefits to the Brazilian market, including:

Enhanced SSL/TLS certificate management for increased security and availability

The Eval and Keyfactor partnership provides businesses and individuals with the ability to conduct digital transactions with greater security and availability.

This is made possible by integrating Keyfactor’s identity management solutions with Eval’s SSL/TLS certificates.

The big differential is the centralization and automation in the management of SSL/TLS certificates, which reduce errors and mitigate the unavailability of systems and services.

This approach, in turn, enhances security and corporate governance, ensuring business continuity and protecting critical information.

Eval and Keyfactor partnership = advanced products and services

The partnership between Eval and Keyfactor provides the Brazilian market with access to cutting-edge technologies and international best practices in digital security and identity management.

This advance strengthens users’ trust in digital transactions and services, encouraging the adoption of new technologies and innovative solutions, especially in SSL/TLS certificate management.

The solution provides greater visibility and control over the lifecycle of your company’s Public Key Infrastructures (PKIs) and SSL/TLS certificates.

This mitigates the risk of unexpected interruptions, manual update processes, and errors. With Keyfactor Command, take full control of your PKI and certificate infrastructure.

Eval, with experience since 2004 with PKI, offers a highly qualified professional service, consolidating its position as a reference in the sector.

This expertise accumulated over the years allows Eval to provide robust and efficient services and solutions tailored to the specific needs of each client.

By joining forces with Keyfactor, the company further expands its range of solutions and strengthens its ability to offer cutting-edge services in identity management and digital security.

Eval’s Commitment

The union between the companies reinforces Eval’s commitment to offering advanced digital security solutions, ensuring that the Brazilian market is prepared to face the challenges of the current and future technological scenario.

The Eval and Keyfactor partnership represents an important milestone for innovation and information security in Brazil, contributing to a safer and more reliable digital environment for everyone.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With recognized value by the market, Eval’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD (General Law of Data Protection). In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Data Leaks in Brazil: Alert for Companies and Customers

Imagine you discover a loan of almost R$94,000.00 in your name, without ever having applied for it. Reason: growth of data leakage in Brazil.

This is what happened to Camilla Gomes, who shared her story on
LinkedIn News.
A project analyst who, after receiving a message from a supposed flower shop, fell for a sophisticated scam.

Camilla went through a fake facial recognition check and, unknowingly, had her photo used to authorize the opening of a line of credit.

This is just one example of how data leaks in Brazil affect the lives of many people, leaving them vulnerable to scams and fraud.

Brazil faces a growing crisis of improper disclosures of personal and business records, ranking 12th among countries with the most data leaks in 2022.

Despite the implementation of the General Data Protection Law (LGPD), cases of information theft and leakage continue to increase.

In this article, we will analyze the reasons why Brazil is one of the main targets for cybercriminals and how the CipherTrust solution can help in data protection and privacy.

Data Leaks: The Roots of the Problem

Information leaks in Brazil have several causes, and to understand them, it is fundamental to analyze the country’s digitalization history and the relationship between the public and private sectors in the defense of personal information.

  • Accelerated digitization and infrastructure failures

The digitalization process in Brazil occurred quickly, but not always with the necessary infrastructure to adequately protect personal records.

The pressure to keep up with global trends and the growing demand for digital services has led to an accelerated implementation of computerized systems, often leaving crucial security aspects aside.

  • Vulnerabilities in the public sector

Most of the data leaked in Brazil comes from public agencies, where technological updating processes are slow, and the lack of investments aggravates the situation.

In addition, the implementation of transparency systems without adequate criteria contributes to the exposure of sensitive information, making it easier for cyber criminals to access this information.

  • Design Issues in the Private Sector

In the private sector, design flaws in information systems also contribute to the vulnerability of records. An example of this is the use of personal identification numbers, such as CPF and RG, as keys to access information and financial operations.

This practice increases the value of this data to criminals and amplifies the exposure of personal information, making it easy targets for scams and fraud.

  • Insufficient privacy and data security culture

The lack of a culture of privacy and information security in Brazil is another factor contributing to the vulnerability of information.

Companies and government agencies do not always have clear and effective policies to protect the details of their customers and users, resulting in a failure to protect this information.

LGPD implementation challenges and insufficient ANPD contribute to data leaks

Although the creation of the LGPD and the ANPD (National Agency for Data Protection) represents an advance in the scenario of information defense in Brazil, the effective application of these regulations still faces challenges.

The lack of human and financial resources available to the ANPD, as well as the difficulty of adapting organizations to the new legislation, limits the scope of actions to combat data leakage and fraud.

These factors combined create an enabling environment for cybercriminals, who take advantage of weaknesses in data safeguarding in Brazil to carry out attacks for financial gain.

To face this scenario, it is essential to invest in efficient solutions, such as the CipherTrust platform, and promote a cultural change that values privacy and the defense of personal records.

CipherTrust: Enhanced data protection and privacy for enterprises

Companies in all industries face increasing challenges in ensuring data security and privacy in an increasingly complex threat landscape.

The CipherTrust Data Security Platform solution is an integrated set of solutions that unify the discovery, protection and control of records in a single, comprehensive platform, addressing the challenge of enterprises regarding information defense and privacy.

Main benefits of the CipherTrust solution in preventing data leakage

  • Simplifying Data Security

The CipherTrust platform enables organizations to discover, protect and control their most sensitive records on-premises and in the cloud in a simplified way.

With an integrated and unified approach, companies can effectively manage protection and minimize the risks of data leaks and breaches.

  • Accelerated time to compliance

The CipherTrust solution offers comprehensive information security features such as data discovery and classification, encryption, granular access controls, audit logs, tokenization, and key management.

These features help companies comply with information security and privacy requirements, making the process of compliance with regulations such as LGPD faster and more efficient.

  • Promoting Safe Migration to the Cloud

CipherTrust Data Security Platform enables enterprises to confidently migrate their workloads to cloud and on-premises environments, ensuring continuous protection and control of their data.

In addition, the solution makes it easy to repatriate records back to the site when necessary, maintaining the integrity of the information at all times.

By adopting the CipherTrust platform, Brazilian companies can more effectively face the challenges of cybersecurity, ensuring the defense and privacy of their clients’ data.

This comprehensive, integrated solution enables organizations to minimize risk and adapt to the increasing demands of a constantly evolving digital environment while securing customer information and trust.

The urgency to combat data leaks in the current scenario

With the growing number of data leaks and the complexity of cyber threats in Brazil and worldwide, ensuring security, protection, and privacy has become an absolute priority for companies in all sectors.

Adopting robust and comprehensive solutions, such as the CipherTrust Data Security Platform, is essential to effectively address the challenges and risks inherent in today’s digital environment.

It is always worth remembering

It is vital to remember that compliance with laws such as LGPD should not be seen as a legal obligation, but an opportunity for companies to improve security practices, building trust and loyalty with customers and partners.

Data protection and privacy are no longer optional issues, but strategic imperatives that directly impact the reputation, business continuity, and success of companies in the global marketplace.

The adoption of solutions such as CipherTrust Data Security Platform represents an essential investment to ensure the resilience and prosperity of organizations in an increasingly connected and digitalized world.

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Mind The Sec: Eval participates in Latin America’s biggest cybersecurity event

The way we live, work, and play has been changed forever by the Internet. But with great change comes great risk, and nowhere is this more apparent than in the world of cyber security. This is why Mind The Sec is so important.

Held annually in São Paulo, the event is the largest conference of its kind in Latin America, bringing together business leaders, government officials, and security experts from around the world to discuss the latest threats and how best to protect ourselves from them.

This year’s conference was very special because we had the largest number of attendees and sponsors. The event offered valuable information on how to stay ahead of the ever-evolving threats. And as could not be otherwise, Eval marked its presence.

About Mind The Sec

The importance of Mind The Sec is undeniable. With an audience composed of experts in the field, the event serves as a venue for discussion about the main challenges and threats to information security. In addition, Mind The Sec is also an excellent opportunity for networking and establishing new professional contacts.

Eval’s participation in Mind The Sec 2022

Along with Thales, Eval attended this year’s Mind The Sec as an exhibitor and presented the latest trends in cybersecurity to visitors. It was a great opportunity for Eval to network with other companies in the sector and establish new partnerships.

In addition to participating as an exhibitor, Eval in partnership with Thales presented the talk “How to ensure sensitive data protection and accelerate compliance in the age of digital transformation.” The presentation was made by Abílio Branco, Head of Data Protection at Thales – Brazil.

If you missed our presentation at this year’s Mind The Sec, don’t worry! The event was recorded and you have the opportunity to watch it:

Once again, Eval consolidates its participation in events of great relevance to the market, such as Mind The Sec. Eval’s presence in such events demonstrates its commitment to innovation and the continuous improvement of the services offered to companies.

EVAL Professional Services has a team of specialized professionals with the best practices in the market

Benefit from our years of experience and expertise in information security and LGPD compliance. We will be your partner for realizing digitization projects in compliance with security and data protection regulations.

We share our expertise across all business flows in institutions to help you minimize risk, maximize performance, and ensure the data protection your customers and partners expect.

About EVAL

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

ESG: 5 different views on sustainability

ANBIMA (Brazilian Association of Financial and Capital Market Entities) conducted a revealing study on the importance of sustainability and ESG in the financial market.

This study has shed light on the financial institutions’ maturity and understanding of ESG practices.

ANBIMA’s survey evidenced a great diversity of perspectives in the financial market regarding the theme of sustainability.

As a result, five different behavioral profiles were identified, ranging from financial institutions that are skeptical of ESG practices to those that put sustainable criteria at the heart of their business.

Five behavior patterns based on positioning and understanding of the topic

The survey conducted by ANBIMA aimed to understand the relevance of the sustainability issue in the participants’ view and how this perspective is reflected in their respective institutions.

This study involved more than 900 financial market institutions, including third-party asset managers, commercial, multiple, and investment banks, as well as brokerage houses, securities dealers, and others.

At the end of the study, five behavioral patterns were identified, indicating the possible paths that ESG and sustainability can take to be implemented more effectively in the financial market.

These profiles are: Distrustful, Distant, Initiated, Emerging, and Engaged.

1. Distrustful (4.2%): The view of sustainability is presented as a threat or misunderstanding and doubts about the topic arise.

Financial institutions that are suspicious of ESG practices and do not consider the topic as relevant to their business. In a general context, they present great difficulties in measuring and monitoring their impacts.

These institutions are skeptical of ESG practices and believe that they can have a negative impact on financial results.

Characteristics pointed out by ANBIMA:

  • They see sustainability as an obstacle to business development, which impacts the action of raising funds;
  • They almost always use subjective criteria to determine what sustainability is, sometimes trying to justify that their investments are ESG, without paying attention to the existing concepts;
  • The executives who are spokespersons for this discourse are distrustful, do not see value in ESG aspects, and often denote a lack of clarity on the subject;
  • They have not moved to implement concrete actions towards sustainability and have not inserted sustainable aspects into the institution’s commitments and processes.
2. Distant (35.5%): Relates the idea of sustainability to environmental issues

The company does not view the topic as relevant to business. The institutions that fit this profile believe that sustainability is important, but do not see it as relevant.

It is usually associated with environmental issues and has little to do with corporate and social governance.

Characteristics pointed out by ANBIMA:

  • They have a simplified view of the topic, perceiving sustainability as an exclusive commitment to the environment;
  • They link sustainability to environmental issues. Managers conclude that the topic is far removed from their business, especially when it comes to a small office that produces little waste, consumes few resources, and therefore has no relevant impact, negative or positive, on the planet;
  • They show a mismatch between actions and conceptualizations of sustainability. They have a low level of implementation/dissemination of sustainability concepts and may present inconsistencies in their statements.
3. Initiated (32.1%): Idea of sustainability related to environmental issues, but with concrete actions

These financial institutions are taking the first steps in implementing ESG practices, but do not yet consider them as central to their business. Sustainability is relevant, but not essential.

It continues to be associated with environmental issues, but this group shows a broader perception of the theme and a greater concern for risk management.

Characteristics pointed out by ANBIMA:

  • They also relate sustainability strictly to environmental issues, but they have concrete internal actions, because they see possibilities to cause transformation within the business, even if it is small;
  • They are structuring themselves in some way to include sustainability in the day to day of the institution and business;
  • They cite as examples of impactful actions the use of led light bulbs in the office, the installation of timers on faucets, the efficient use of air conditioning, and the practice of selective collection in the building;
  • They point to the recent digitalization of processes and signatures as an important contribution, which has led to a decrease in the use of printing-related resources. These are positive attitudes, but they do not go beyond the office environment or directly influence the company’s main activity.
4. Emerging (21.5%): Idea of sustainability as a broad commitment that encompasses environmental, social and governance areas

For this group, sustainability is an important issue and is linked to several aspects of the life of financial institutions.

Democratic management, respect for the law, and good relationships with stakeholders are fundamental to these companies.

Characteristics pointed out by ANBIMA:

  • They have a broader view of sustainability, embracing at least two pillars of the ESG, that is, they already perceive sustainability beyond caring for the environment;
  • They showed further development, with full implementation of one or more major items, and an adequate conceptualization of the sustainability issue;
  • They are more committed to social or corporate governance issues;
  • Sometimes they show that they are engaged in carrying out or financing philanthropic projects, mainly related to education and sports. In some cases, they encourage employees to participate in social work and volunteer initiatives;
  • Some institutions cite the benefits granted to employees as part of a social commitment;
  • The asset managers in this group generally have more advanced ESG investment analysis practices that encompass all three factors, and many have responsible investment and engagement policies with their investee companies. They also adhere to voluntary commitments.
Engaged (6.8%): Sustainability is part of the institution’s strategy, a fundamental commitment and also profitable

This group of institutions is aligned with ESG practices and understands sustainability as a factor for business growth.

The theme is discussed in the strategic decision-making processes, in the company’s goals, and in product definition.

Characteristics pointed out by ANBIMA:

  • They show full coherence between sustainable concepts and attitudes to work with sustainability;
  • They have fully implemented the main ESG practices and define themselves with phrases like: “When it comes to sustainability, everyone always wins;
  • ESG aspects permeate strategic decisions and require leadership to have transparent criteria about making, what kind of customers they serve, and with whom they partner;
  • They have a clear understanding that sustainability needs to compose the structure of the business itself, and not be practiced as projects apart from the organizational structure of the institution, such as philanthropic ones;
  • They have managed to turn sustainability into products and services that honor social, environmental, and governance commitments, such as credit lines for clean energy projects or green investment funds;
  • Such institutions are able to have a vision that goes beyond business and understand the global importance of sustainability;
  • Among management companies, they demonstrate more mature and comprehensive ESG analysis processes.

ANBIMA’s study also highlighted that the adoption of ESG practices in financial institutions goes far beyond a simple strategy.

The survey showed a notable difference between the attribution of importance for sustainability and the actual adoption of the measures in practice.

Importantly, cybersecurity is becoming increasingly important in the context of ESG practices.

Cyber risks have a significant impact on organizations and investing in cybersecurity is becoming increasingly relevant in ESG practices.

ESG goes far beyond a strategy for companies

The theme of sustainability has been growing in companies in recent years, however, the survey shows that there is a difference between the attribution of importance for sustainability and the adoption of sustainable actions in practice.

Many of the organizations that responded positively to the questions about perception and importance of the ESG theme indicated that they still do not have concrete actions within their institutions.

In fact, there is a growing movement among companies to focus on environmental, social, and governance factors. This focus is driven by several factors, including the need to deal with climate change, growing social inequality, and stricter government regulations.

Although some companies have been slow to adopt this change, there is a compelling argument that ESG is good for business.

Companies that focus on ESG tend to have better reputations, which can attract more customers and talent. They also tend to be more innovative and efficient, because they are constantly looking for new ways to improve their environmental and social impact.

In addition, companies with strong ESG practices generally enjoy lower costs because they are able to reduce waste and manage risk more effectively.

In summary, there are many good reasons for companies to focus on ESG. Those who do are likely to find that it is good both for their bottom line and for the world around them.

CipherTrust: investing in cybersecurity is relevant in ESG practices

Cybersecurity is becoming increasingly important for businesses, especially as the number of threats increases.

Cyber risks have a significant impact on organizations, potentially leading to disruption of operations, theft of confidential information, and even violation of regulations.

For these reasons, investing in cybersecurity is becoming increasingly relevant in ESG practices.

In addition, companies that invest in cybersecurity tend to be more resilient and less likely to suffer disruptions to their operations.

CipherTrust Discovery and Classification

 

O
CipherTrust
is the ideal solution against ransomware attacks. In a simple, comprehensive and effective way, the solution
CipherTrust
provides capabilities to secure and control access to databases, files, and containers – and can protect assets located in cloud, virtual, big data, and physical environments.

With CipherTrust, you can protect your company’s data and anonymize your sensitive assets, ensuring security for your company and avoiding future problems with data leakage.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Data breach protection: Cybersecurity is not the focus

According to a recent study by Tanium, an American cybersecurity and systems management company, 79% of companies only invest in cybersecurity after a data breach. Which shows that data breach protection is not a priority for many businesses.

This is a worrying statistic, as it leaves companies vulnerable to attack and can cost millions of dollars.

However, there are things that organizations can do to strengthen cybersecurity defenses and prevent cybercriminals from gaining access to companies’ corporate systems.

Data breach protection: why should prevention be a priority in your company?

Data breaches are an increasingly common threat to businesses. With the increasing amount of information stored on corporate systems, cybercriminals have an even greater interest in carrying out attacks.

The consequences of a data breach can be severe. Digital criminals can steal confidential information or damage a company’s reputation.

Therefore, it is critical that data breach protection is a priority for your company.

Also according to the Tanium study, 92% of companies have suffered an attack or data breach, 73% in the last year alone.

The survey shows that criminal cyber activity continues to grow: 92% of respondents admitted to having suffered an attack or data breach, with almost three-quarters (73%) having done so during the past year.

In fact, the situation is getting worse for businesses, with more than two-thirds of respondents (69%) admitting that threats are on the rise and the expectation for 2022 is that there will be the highest number of attacks ever.

Thales 2021 Data Threat Report

Investment in cybersecurity: The best way to avoid a data breach

The best way to ensure protection against data breaches is to take preventive measures. Companies should invest in cybersecurity to strengthen their defenses against attacks.

There are several things that companies can do to protect their data and reduce the chances of a data breach:

Implement data breach protection measures for cyber security

Companies must implement data breach protection measures for their systems and data. These measures include using firewalls, encrypting data, and managing access to systems.

Companies should train their employees on the cybersecurity measures that should be adopted. Employees who are aware of the importance of cybersecurity are less likely to make mistakes that could compromise the security of company data.

Create a business continuity plan

Companies should also have a business continuity plan to ensure that business can continue after a data breach. The plan should include measures to restore lost data and ensure that employees can continue their work without problems.

In addition to the business continuity plan, companies should have a plan for communicating the data breach to customers and other stakeholders. This plan should include a protocol for notifying affected people, as well as a strategy for dealing with the media.

Keep the systems up to date with the latest software versions

This will allow you to benefit from the latest bug fixes and security updates, and make it harder for cybercriminals to exploit old vulnerabilities. Software updates usually include new and better features that make your systems more efficient.

Create a backup strategy to prevent data breaches

Backups are extremely important to recover lost data in the event of a data breach. Having regular backups will allow you to quickly get back to normal after an attack, without compromising business continuity.

Make sure that your backups are protected against unauthorized access and encrypted to prevent attackers from reading them.

Implement encryption solutions

This prevents hackers from accessing or changing your data, even if they manage to obtain it. Encryption is particularly useful for protecting sensitive information such as credit card numbers or financial details.

Encryption is useful for protecting backups and files in transit, such as e-mails. Make sure that all your communication tools are encrypted, including your e-mail server, instant messaging application, and VoIP tools.

Monitor network traffic to detect a data breach

This will allow you to detect suspicious activity on your network and take steps to correct it before it turns into a data breach. Monitoring network traffic can help identify weak points in your system that need to be fixed.

The Future of Data Security

Although cyber threats continue to evolve, companies are becoming more aware of the risks involved and are making investments in cyber security.

The survey showed that 79% of companies have already been a victim of a data breach and that they are willing to invest more in security to prevent future attacks.

Companies are also becoming more aware of the importance of training their employees on cybersecurity risks and how to avoid them.

Data security is a complex issue, but it is important that companies are aware of the risks involved and are willing to invest the time and money necessary to protect their systems.

CipherTrust: Your company’s cybersecurity against data breaches in real time and with secure encryption

O
CipherTrust
is the ideal solution against ransomware attacks. In a simple, comprehensive and effective way, the solution
CipherTrust
provides capabilities to secure and control access to databases, files, and containers – and can protect assets located in cloud, virtual, big data, and physical environments.

With CipherTrust, you can protect your company’s data and anonymize your sensitive assets, ensuring security for your company and avoiding future problems with data leakage.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypt data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables companies to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Portfolio of tools that ensure data protection against data breaches

With data protection products from the CipherTrust Data Security Platform, your company can:

Strengthen security and compliance

In addition to ensuring investment in cybersecurity, CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication, and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Law (LGPD)among other compliance requirements.

Optimizes team and resource efficiency in fighting data breaches

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation and responsive management, the CipherTrust Data Security Platform solution ensures your investment in cybersecurity by enabling your teams to quickly implement, secure and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, companies can prepare their cybersecurity investment for the future while reducing operational costs and capital expenditures.

About EVAL

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval safety is value.

Categories
Data Protection

ESG Investments: Lessons from hospitals that perform

Regarding ESG implementation, Hospitals are facing increasing pressure to improve their environmental, social and governance performance. In the past, these organizations have been largely reactive in their ESG investments, but there is a growing trend of hospitals that are adopting a more proactive and strategic stance.

Brazilian hospitals are leading the charge by investing in ESG initiatives with impressive results.

In this article, we will explore the practical lessons from 3 leading healthcare institutions in the country that show positive results in implementing ESG.

How are Brazilian hospitals leading the way in ESG investments?

In recent years, Brazilian hospitals have made great strides in their investments in environmental, social, and governance initiatives, resulting in increased ESG implementation.

While many factors have contributed to this trend, perhaps the most important has been the realization that these investments can lead to tangible benefits for both patients and outcomes.

Albert Einstein Israeli Hospital


An institution at the forefront in relation to environmental, social and governance initiatives
, Hospital Israelita Albert Einstein, considered one of the best hospitals in Brazil in 2015, launched an important initiative to improve its performance in implementing ESG, and the results were impressive.

Regarding governance, Albert Einstein Hospital has established a sustainability committee that meets monthly to discuss and monitor the hospital’s ESG initiatives.

In addition, the institution annually submits a detailed sustainability report, helping to keep the hospital accountable to its patients, employees, and the community.

In terms of results, the implementation of the ESG led to a significant reduction in the hospital infection rate, which dropped from 2.4% to 0.8%. The average patient hospital stay also decreased significantly, from 8.4 days to 6.8 days.

These results clearly show that ESG investments can have a positive impact on the hospital’s bottom line.

University of São Paulo’s Hospital das Clínicas (HC-USP)

Another example that portrays the benefits and practical lessons applied to hospitals that invest in ESG is the University of São Paulo’s Hospital das Clínicas (HC-USP).

HC-USP, a reference university hospital in Brazil, follows the corporate governance model, adopting mechanisms that aim to expand
transparency and the participation of the hospital community in the management of the hospital.
.

In addition, it invests in a compliance program to prevent and detect risks of ethical and legal violations.

As far as sustainability is concerned, the hospital aims to decrease its environmental impact, being the first institution in the world to receive the ISO 14001 certification for all its units.

São José Health Care House (CSSJ)

A third example of the results applied to the ESG implementation, is the Casa de Saúde São José (CSSJ), located in the city of Rio de Janeiro.

The hospital has been working to improve its ESG performance for many years, but has only recently begun to formalize its efforts.

CSSJ has implemented an independent board of directorsand ethics and compliance committees. The hospital also invests in the qualification of its professionals, offering various courses and training.

In 2015, the hospital released its first sustainability report, which outlined a series of ambitious goals, including a 50 percent reduction in water consumption and a 30 percent reduction in energy consumption by 2020.

CSSJ has already made significant progress against these targets, with a 20% reduction in water consumption and a 10% reduction in energy consumption since 2015.

What can we learn from the successful ESG implementation of these hospitals?

There are some important lessons that can be learned from the successes of leading Brazilian hospitals:

1. ESG investments can lead to tangible benefits for both patients and the bottom line

Leading Brazilian hospitals have shown that investments in ESG-related actions can have a direct positive impact on both the quality of patient care and financial results.

For example, the Hospital Israelita Albert Einstein has managed to save about R$1 million per year with its ESG implementation initiatives in the environmental, social, and governance fields.

2. It is possible to significantly reduce the environmental impact of hospitals using ESG practices

With ESG initiatives it is possible to significantly reduce the environmental impact of hospitals, even in a short period of time.

For example, CSSJ has managed to reduce its water consumption by 20% and its energy consumption by 10% since 2015.

3. ESG is a comprehensive and formal sustainability strategy and the key to achieving success

ESG has proven to be a comprehensive and formal sustainability strategy, key to achieving success.

HC-USP launched its first sustainability report in 2016 based on best governance practices, which established a series of goals to reduce the hospital’s environmental impact.

4. Ambitious goals are needed to drive significant change

In fact, ambitious goals must be set to drive significant change.

For example, CSSJ’s governance goal has succeeded in implementing an independent board of directors, ethics and compliance committees.

With this, the hospital has shown that it is possible to reverse the trend of a corporate culture unfocused on ethical issues.

5. Leadership is crucial to success

The hospitals with the best results are those that have strong top management commitment to ESG goals.

HC-USP, for example, has appointed a sustainability committee to ensure that the hospital’s goals are met.

6. There must be a commitment to transparency

Transparency is another common feature of top-performing hospitals.

CSSJ publishes its environmental, social, and governance reports annually, which allows stakeholders to track the hospital’s progress.

 

CipherTrust DataSecurity Platform Archtecture

 

7. It is important to involve all stakeholders to achieve success

It is critical to involve all stakeholders to achieve success. HC-USP has created an interdisciplinary working group to develop its ESG strategies.

This group is composed of representatives from all areas of the hospital, including doctors, nurses, administrators, and housekeeping staff.

8. Results-focused reporting is essential to track progress and identify areas for improvement

Results-focused reporting is essential for tracking progress and identifying areas for improvement.

The Hospital Israelita Albert Einstein publishes an annual sustainability report, which makes it possible to track the institution’s progress.

9. Communication and education are essential for success

Communication and education are essential to the success of environmental, social, and governance initiatives.

The Hospital Israelita Albert Einstein promotes these areas through a series of initiatives, such as lectures and seminars, and distributes informative materials to employees.

The HC-USP has an environmental education program called “Ecoar” whose goal is to sensitize employees, doctors, patients, and visitors about environmental issues, among other ESG-related aspects.

10. You need to have a long-term commitment to achieve success

The Hospital Israelita Albert Einstein aims to reduce its water consumption by 50% by 2025.

Meanwhile, CSSJ plans to decrease its energy consumption by 20 percent by 2023.

These long-term goals are essential to ensure that hospitals continue to make progress in their sustainability initiatives.

Success stories that are expanding to other Brazilian hospitals

The National Association of Private Hospitals (Anahp) recently published the document “
ESG in Anahp hospitals: results and best practices
“.

The purpose of the publication was to present recent practical results of ESG implementation, demonstrating the commitment of member healthcare institutions to a more sustainable future.

The document has case studies of projects described by 42 institutions, from different regions of the country, showing how major transformations can be conducted in various areas.

The document highlights actions related to health promotion, clean energy use, water and sanitation care, and governance.

As in the case of the Hospital Vila Verde Saúde Mental, where Governance and sustainability go hand in hand, to promote actions for the care and well-being of employees, as well as reduce waste.

The healthcare unit has implemented the “Corporate Governance – Sustainable Growth” project, with actions that are based on the pillars of the ESG implementation and established challenges to be overcome in a two-year horizon, contributing to the strategy for the next five years.

The initiative is being led by a working group composed of representatives from the hospital’s various areas, which is now taking care of the project, process, and quality portfolios in an integrated manner.

Besides the governance area, the controller sector was also created, responsible for providing support in the elaboration and consolidation of the financial and strategic planning, indicators, and internal control auditing.

Among other benefits achieved.

From these cases it is possible to see that, despite the contextual differences between hospitals, some lessons are common to all those that have achieved success

Showing the importance of adopting comprehensive and formal environmental, social, and governance strategies with ambitious goals, committed leadership, transparency, stakeholder involvement, focus on results, and a long-term commitment.

While these lessons are important, they are only the first step in achieving success.

Hospitals that wish to invest in ESG need to be willing to learn from existing success stories and adapt them to their own realities.

This is the only way to create innovative solutions that meet the specific needs of each hospital, thus ensuring the success of the investment in sustainability.

CipherTrust Platform improves ESG governance with data security

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables healthcare organizations to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform provides robust security for your data through a variety of proven, industry-leading products and solutions, ready to be deployed in data centers or by cloud service providers (CSPs) and managed service providers (MSPs).

Alternatively, Thales, a leading security company, can manage these services as a cloud-based solution.

Tool portfolio that ensures data protection and extends ESG practices

With data protection products from the CipherTrust Data Security Platform, your healthcare organization can:

Strengthen security and compliance

CipherTrust data protection products and solutions meet a variety of security and privacy demands.

This includes electronic identification, authentication, and trust, as well as the Payment Card Industry Data Security Standard (PCI DSS). It also addresses the General Data Protection Act (LGPD) and other compliance requirements.

Optimizes team and resource efficiency

CipherTrust Data Security Platform provides extensive support for data security use cases in the industry.

The solution has products designed to work together, a single line for global support, and a proven track record of protecting against evolving threats.

In addition, it features the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

The data protection portfolio of the CipherTrust Data Security Platform provides a comprehensive range of data security products and solutions.

These solutions can be easily scaled and adapted to new use cases. They have a proven track record in protecting both new and traditional technologies.

With CipherTrust Data Security Platform, healthcare institutions can prepare their investments for the future while reducing operational costs and capital expenditures.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.