Search
Close this search box.
Facebook Instagram Linkedin

Tag: Thales

Categories
News and Events

Sequoia Logistica and Eval Improve Data Security

Sequoia Logística stands out in the Brazilian market as a leading company in logistics and transportation services, helping more than 4,000 clients with innovative and technological solutions, in addition to meeting important regulatory requirements, such as LGPD.

With the help of Eval, a reference company in digital certification and information security in Brazil and an official Thales partner, Sequoia Logística sought to improve protection of sensitive data.

At the same time, the company maintained high performance and compliance with regulations, such as Brazil’s General Data Protection Law (LGPD).

Data protection: securing personal records without hindering operational efficiency

Sequoia Logistics was faced with the challenge of protecting sensitive personal information of millions of customers while ensuring compliance with LGPD. In addition, they sought to avoid data breaches and service interruptions.

This challenge involved several critical aspects that required an efficient and comprehensive solution for data protection.

Data protection at scale

Given the amount of personal information collected and processed by Sequoia Logistica, including names, addresses, and contact information, it was essential to find a solution that could handle a large volume of data.

The ideal solution should be scalable and able to protect the data of millions of customers without hindering the company’s operational efficiency.

LGPD Compliance

The LGPD requires organizations to adopt appropriate technical and administrative measures to protect the personal data of their customers.

To comply with this regulation, Sequoia Logística needed to implement a solution that would ensure adequate data protection and make it easier to demonstrate compliance to the authorities.

Prevention of data breaches and service interruptions

Data breaches can cause significant damage to a company’s reputation, as well as result in fines and penalties.

Therefore, it was crucial for Sequoia Logistics to find a solution that would help prevent unauthorized access to sensitive data and quickly identify potential threats.

In addition, the solution should be able to mitigate the risk of service interruptions, ensuring continuity of operations and on-time delivery of hundreds of thousands of orders daily.

Maintaining the performance of IT systems

As Sequoia Logística’s operational efficiency relies heavily on its IT systems, it was critical that the data protection solution did not adversely affect the performance of these systems.

The ideal solution should be easy to integrate and implement, without causing disruption or delay to the company’s daily operations.

Given these challenges, Sequoia Logística sought to find a comprehensive and efficient solution that would meet its needs for data protection, regulatory compliance, and operational performance.

Solution: Partnering with Eval and adopting CipherTrust Transparent Encryption

The search for an effective security solution led Sequoia Logística to work with Eval, a trusted partner that introduced them to Thales and the CipherTrust Data Security Platform solution, approved after conducting proof-of-concept (PoC) tests for centralized key management.

Implementation: Securing 14 critical environments with CipherTrust Transparent Encryption

The successful implementation of the CipherTrust Transparent Encryption solution at Sequoia Logistics involved several important and strategic steps to secure its 14 critical production environments.

The following are details of how the company approached and executed this implementation.

  • Solution Selection and Evaluation

Sequoia Logistics, with Eval’s assistance, conducted considerable research and proof-of-concept (PoC) testing to evaluate CipherTrust Transparent Encryption.

These tests focused on ease of implementation, security policy enforcement, and impact on operations, ensuring that the solution met their specific needs.

  • Planning and Preparation

Prior to implementation, Sequoia Logistics and the Eval team carefully planned the integration of CipherTrust Transparent Encryption into critical production environments.

This included identifying the systems and applications that required protection, defining security policies, and establishing an implementation schedule to minimize the impact on daily operations.

  • Agent installation and configuration

The Sequoia Logistics team and Eval installed and configured CipherTrust Transparent Encryption agents on the operational file systems or device layers of critical production environments.

The installation of the agents allowed encryption and decryption to occur transparently, without affecting the performance of applications running above the agents.

  • Implementation of security policies and access control

With CipherTrust Transparent Encryption in place, Sequoia Logistics applied granular security policies and established privileged user access controls.

This has enabled the company to restrict and monitor access to sensitive data, reducing the risk of insider threats and data breaches.

  • Monitoring and Auditing

Sequoia Logística used CipherTrust Transparent Encryption’s real-time auditing and monitoring capabilities to track and analyze access to sensitive data, an important requirement of the LGPD.

This has helped the company to quickly identify and respond to suspicious or unauthorized activity, ensuring ongoing compliance and protection of sensitive data.

CipherTrust Transparent Encryption: a comprehensive approach to data protection

CipherTrust Transparent Encryption provides data-at-rest encryption with centralized key management, privileged user access control, and detailed data access auditability logging.

These features help companies to be compliant and meet best practice requirements for data protection wherever they are.

The FIPS 140-2 validated CipherTrust Transparent Encryption agent resides in the operating file system or at the device level, and encryption and decryption are transparent to all applications running above it.

In addition, the solution provides granular access controls that allow companies to determine who can access the data, when they can access it, and what kind of access they have.

CipherTrust Transparent Encryption is an innovative solution from Thales that provides robust protection for data at rest, ensuring that sensitive information is secure and accessible only by authorized users.

Advanced encryption and centralized key management

The CipherTrust Transparent Encryption solution uses advanced encryption algorithms to protect sensitive data, ensuring that only authorized users can access it.

In addition, centralized key management provides efficient control of encryption keys, making administration and recovery easy, even in complex, distributed environments.

Granular access control

Privileged user access control in the CipherTrust Transparent Encryption solution enables organizations to effectively manage access to sensitive data.

With granular policies and separation of roles, you can prevent unauthorized access by administrators or other privileged users, reducing the risk of insider threats and data breaches.

Detailed auditing and real-time monitoring

The CipherTrust Transparent Encryption solution provides detailed audit logs of data access, making it easy to identify and investigate suspicious or unauthorized activity.

In addition, real-time monitoring enables security teams to quickly track and respond to potential threats, ensuring compliance with General Data Protection Law requirements and ongoing protection.

Transparent implementation and optimized performance

The CipherTrust Transparent Encryption solution is designed to be implemented in the operating file system or device layers. This ensures that encryption and decryption is transparent to the applications running above the agents.

This results in minimal or no impact on the performance of systems and operations, allowing organizations to protect their data without compromising efficiency.

Compliance with regulations and best practices

The CipherTrust Transparent Encryption solution helps organizations meet compliance requirements around the world, including LGPD, GDPR and other data protection laws.

Implementing this solution allows companies to demonstrate compliance with regulations, avoiding fines and reputational damage.

In summary, CipherTrust Transparent Encryption offers a comprehensive and efficient solution for protecting data at rest, ensuring optimal security, compliance, and performance for organizations of all sizes and industries.

Eval is official Thales partner

Eval played a key role in the successful implementation of CipherTrust Transparent Encryption at Sequoia Logistics, acting as Thales’ official partner.

The partnership between Eval and Thales ensured that Sequoia Logistica had access to the ideal data security solution to address its specific challenges, such as LGPD, and achieve the desired results.

Experience and expertise that makes the difference for your company

As an official Thales partner, Eval has in-depth knowledge and hands-on experience with Thales’ data security solutions, including the CipherTrust Data Security Platform.

Eval’s team understands how Thales solutions can be adapted and applied to different industries and use cases, ensuring that customers get the maximum benefit from their implementations.

In addition, the partnership between Eval and Thales ensures that customers, such as Sequoia Logística, receive the highest level of technical support and consulting during implementation and beyond.

Eval’s team works closely with customers to understand their specific needs, provide expert advice, and ensure that the chosen data security solution is implemented effectively and efficiently.

In conclusion, the partnership between Eval and Thales played a crucial role in the successful implementation of CipherTrust Transparent Encryption at Sequoia Logistics.

Eval’s expertise, combined with Thales’ state-of-the-art data security solution, has enabled Sequoia Logistics to meet its data protection and regulatory compliance challenges effectively and efficiently.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
News and Events

Eval and RSA 2023: Alliances Strengthen Cybersecurity

Held April 24-27 at the Moscone Center in San Francisco, California the RSA Conference 2023 brought together thousands of cybersecurity professionals and covered topics such as Artificial Intelligence, new attack techniques, use of ChatGPT and generative AI to develop new types of attacks, cloud security, DevSecOps, and more.

With the theme “Stronger Together,” the conference highlighted the importance of collaboration and knowledge sharing among professionals in the field to address cyber threats.

Eval, a reference company in digital certification and information security in Brazil, was present at RSA 2023 through its directors Rafael Shoji, General Director, Fabio Arrebola, Technology Director, and Murilo Fernandes, Commercial Director.

Rafael Shoji, Eval’s General Director, highlighted the importance of the event:

Being at the RSA Conference 2023 implies Eval’s continuous search to keep up with the accelerated evolution of our field, preparing for global trends of innovations in the cybersecurity market. This exchange of experiences is fundamental for the continuous development of effective and safe solutions for our customers and with our partners.

RSA 2023: a meeting with partner companies and reference professionals in the market

One of the highlights of Eval’s participation in the RSA Conference 2023 was meeting with partner companies such as Thales and Keyfactor. In addition, we had the opportunity to learn and network with prominent professionals in the market, such as David Hook, one of the cofounders and developer of the Bouncy Castle project and current VP Software Engineering at Keyfactor.

Murilo Fernandes, Eval’s Commercial Director, shared his vision of the event:

Participation in the RSA Conference 2023 was fundamental to strengthen our relationship with manufacturers we represent with professional services in Brazil and Latin America, especially Thales and Keyfactor. In addition, it was a unique opportunity with many of our customers who were also there and to be able to talk to them about their challenges related to data protection and cryptographic agility.

The presence at RSA 2023 was crucial to strengthen the relationship with business partners and allowed meetings with important people in this ecosystem, such as Abilio Branco, Regional Director of Data Security Brazil and SOLA (Southern Latin America) of Thales, Jad Arslan, Sales Development Representative, and Camilo Eduardo Silva, Vice President of Sales in Central USA and Latin America, both from Keyfactor.

The importance of RSA 2023 at a time when cyber threats are on the rise

Against a backdrop of increasing cyber threats, Eval’s participation at the
RSA Conference 2023
 Conference reinforces Eval’s role as one of the main references in the information technology and security industry in Brazil and worldwide. We remain committed to protecting your customers’ data and privacy, learning from the best, and strengthening ties with your strategic partners.

Eval has already planned its presence in future RSA Conference 2023 editions in order to continue strengthening its partnerships, enhancing its solutions, and ensuring the highest level of security and quality for its customers in Brazil and around the world.

Eval is proud to be part of this community of professionals working together towards a safer, more connected future.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Hardware Security Module (HSM): Concept and Use

In today’s digital age, cybersecurity is a growing priority for companies of all sizes and industries. At the center of this fight against growing digital threats, the Hardware Security Module (HSM)stands out as a robust and reliable protection solution.

With the continuous growth of threats, combined with the increasing volume and sensitivity of the data managed by organizations, investment in security becomes more and more crucial.

The HSM, also known as the Hardware Security Module, plays a key role in safeguarding data and cryptographic keys.

This article will discuss the vital role these devices play in the cybersecurity of organizations, as well as provide guidance on how to effectively implement them to ensure comprehensive protection of business operations and customers.

Unraveling the HSM: the guardian of Cryptographic Keys and sensitive data

Basically, a Hardware Security Module is a physical security device designed to protect, manage, and perform cryptographic operations with cryptographic keys.

HSMs are available in various forms, each designed to meet the specific needs of enterprises and their IT infrastructures.

Current and most commonly used formats in the market include:

External Devices

Security modules are stand-alone devices, usually connected to servers or IT systems via a USB interface, or network.

They are easy to install and manage and can be used in environments with diverse IT infrastructure.

Server Expansion Cards

These HSMs are installed directly on the servers as an expansion card, connecting to the system bus for faster performance and integration.

They are ideal for high performance and security demanding environments such as data centers and financial institutions.

Cloud Hardware Security Module (Cloud HSM)

These devices are managed services by the cloud providers, allowing enterprises to leverage the security and performance of security modules without the need to purchase and manage physical hardware.

They are an attractive option for companies looking for flexibility, scalability, and cost savings.

Robust protection and optimized performance for your business

In practice, HSMs offer robust protection and optimized performance to ensure the security of cryptographic keys and sensitive data:

  • Robust protection:

Hardware security modules are designed with multiple layers of security to resist both physical and logical attacks. They include features such as tamper-resistant enclosures, tamper detection, and automatic key deletion in case of attempted unauthorized access.

In addition, the devices implement logical security mechanisms, such as encryption of stored keys and role-based access management, ensuring that only authorized persons can access and manage the cryptographic keys.

  • Optimized performance:

HSMs are built with specialized hardware components and optimized to perform cryptographic operations quickly and efficiently.

This is essential for processing large volumes of transactions or secure communications without adversely affecting system performance.

In addition, security modules efficiently manage the encryption load on servers and IT systems, freeing up resources for other tasks and improving overall performance.

  • Scalability and flexibility:

As we have seen, HSMs are available in various forms and configurations, including external devices, expansion cards for servers, and cloud managed services.

This diversity of options allows companies to choose the equipment best suited to their specific needs, ensuring scalability and flexibility as business needs evolve.

In this way, companies ensure that cryptographic keys and sensitive data are protected efficiently and securely, making it an essential solution for the cybersecurity of their business.

HSMs in action: crucial applications to protect your digital assets

Let’s look in detail at how HSMs are applied in crucial situations to ensure the security and integrity of digital assets:

  1. Cryptographic Key Management

Hardware security modules are designed to manage the complete lifecycle of cryptographic keys, including generation, storage, rotation, and their secure destruction.

This ensures that the keys are protected against unauthorized access and malicious manipulation.

  1. Data encryption and secure storage

HSMs offer high-performance encryption to protect data at rest and in transit.

They ensure that data stored on servers, storage devices, and cloud environments is protected with strong cryptographic algorithms and securely managed keys.

  1. Authentication and Access Control

Hardware security modules can be used to authenticate and verify the identity of users, devices, and systems, ensuring that only authorized parties access critical resources.

They also support role-based access management to provide granular control over who can access and manage cryptographic keys and sensitive data.

  1. Digital signature and data integrity

The security modules are essential for the generation and verification of digital signatures, ensuring the authenticity, integrity, and non-repudiation of electronic transactions and communications.

They secure business processes and help meet regulatory requirements, such as signing electronic documents and complying with payment security standards.

  1. Public Key Infrastructure (PKI)

HSMs are widely used in PKI solutions to protect and manage private keys used in issuing and revoking digital certificates.

This ensures the security and reliability of authentication and encryption processes that rely on PKI, such as secure communications and access to critical resources.
  1. Financial transaction protection

Hardware security devices are key to securing financial transactions such as credit card payment processing, bank transfers, and digital currency transactions.

They ensure the security and confidentiality of financial information and help meet business-related compliance standards.

Why Ignoring Cybersecurity Could Be Your Company’s Biggest Mistake

In today’s digital age, protecting sensitive information and data is critical to the success of businesses. Cyber threats are constantly evolving, becoming more sophisticated and damaging every day.

This is where hardware security modules come into the picture, providing advanced and reliable security to protect organizations’ digital assets.

Here are some reasons why companies actually need HSM equipment in their business operations:

Data Protection

With the increasing volume of data generated and stored by companies, the need to protect this data has become even more important.

HSM security appliances provide robust protection for sensitive information and critical data, ensuring that only authorized people can access it.

In practice, security modules offer an additional layer of protection for cryptographic keys and sensitive data. They are built with advanced physical and logical security features, such as tamper-resistant enclosures and tamper detection.

Role-based access management ensures robust protection against physical and cyber attacks.

Cost reduction

While the initial implementation of HSMs may involve a significant investment at the start of the implementation project, the long-term benefits include reduced costs related to data breaches and compliance.

In addition, the improved performance and operational efficiency provided by the devices can lead to even greater efficiency in managing cybersecurity investments.

Compliance with regulations and standards

Companies need to meet various regulations and compliance standards related to data security and privacy.

A clear example is the General Law of Data Protection (LGPD), which came into force in Brazil in 2020. The LGPD requires companies to implement appropriate security measures to protect the personal data of their customers and users.

HSMs help companies comply with these regulations and standards, minimizing the risks of data breaches and associated fines.

Brand trust and reputation

Data protection and privacy are growing concerns for consumers and customers.

By investing in hardware security modules, companies demonstrate their commitment to protecting information, strengthening customer trust and loyalty, and thus fostering successful and long-lasting relationships.

Risk Reduction

Data breaches and cyber attacks can have devastating consequences for companies, including financial losses, reputational damage, and disruption of business operations.

By implementing HSMs, companies can significantly reduce the risk of data breaches and minimize the impact of potential cyber attacks.

Competitiveness

Companies that adopt HSMs and other advanced security technologies can stand out in highly competitive markets where data protection and compliance are key success factors.

The implementation of security devices can be a strategic differentiator, providing competitive advantage and attracting new customers and business partners.

Considering these factors, it is clear that companies need HSM equipment in their business operations to ensure efficient and secure protection of their digital assets and customers.

HSM device deployment is a key part of enterprises’ cybersecurity strategy

By effectively incorporating hardware security modules into their cybersecurity architecture, companies can ensure that their valuable information is protected. They also help to maintain compliance with the regulations and standards applicable to your business segment.

In this scenario, Eval, a specialist in the information security segment, stands out as a reliable and experienced partner for the implementation and management of HSM solutions.

The official partnership between Eval and Thales, a global leader in cybersecurity solutions, ensures customers have access to cutting-edge technologies and an innovative approach to protecting their digital assets.

Together, these companies offer high-performance, reliable, and scalable solutions tailored to the specific needs of each organization.

Investing in HSMs is a key step for companies toward a comprehensive and effective cybersecurity strategy. Eval and Thales’ expertise is crucial to ensure this evolution of cyber security.

This partnership provides customers with the support they need to protect their data, ensure business continuity, and promote trust between customers and partners.

Take the next step toward securing your digital assets: contact Eval now!

If you are ready to strengthen your company’s cybersecurity and protect your digital assets with an HSM implementation, Eval is the ideal partner to help you on that journey.

With the expertise and partnership with Thales, Eval can offer customized and effective solutions that fit your specific needs.

Don’t put your company’s security off until later. Contact the Eval team today and find out how our HSM solutions can take your data protection to the next level.

Click the button below to schedule a free consultation with our experts and start building your company’s digital fortress.

Contact Eval now!

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Written by Arnaldo Miranda, Evaldo. Ai, reviewed by Marcelo Tiziano and designed by Caio.

Categories
Data Protection

PayShield 10K: Why migrate?

As companies become increasingly digital, the risk of data breaches and cyber attacks increases. One of the most important steps in protecting yourself is to choose the right payment security solution. That’s where payShield 10K does its part.

payShield 9000 is one of the most popular payment security solutions on the market. However, with the release of payShield 10K, businesses now have a new option to choose from.

But why should companies migrate from payShield 9000 to the new payShield 10K? Continue reading the article until the end and learn about the differences and advantages of migrating.

Meet the new payShield 10K

Thales’ fifth generation payment HSM, payShield 10K provides proven security features in critical environments, including transaction processing, protection of sensitive data, payment credential issuance, mobile card acceptance, and tokenization.

Similar to its predecessor payShield 9000, the new version can be used across the global ecosystem by issuers, service providers, acquirers, processors, and payment networks.

payShield 10K offers several benefits that complement the previous versions, showing Thales’ commitment to the continuous improvement of its products.

In practice, the new version:

  • Simplifies deployment in data centers;
  • It offers high resiliency and availability;
  • It provides the broadest card and mobile application support in a timely manner;
  • Supports performance upgrades without hardware change;
  • Maintains compatibility with all legacy Thales payment HSMs.

Top 10 Reasons to Switch to PayShield 10K

1. Thinner format

The new version of payShield 10K reduces the unit height to 1U, which means that you can stack twice as many units in the rack as with payShield 9000, reducing the cost of investment.

The unit is now longer for easier access to the connectors on the back panel and comes with slide rails to help simplify and speed up the installation process.

The front panel design retains the familiar left and right key mechanisms so you can securely lock the HSM in the rack.

2. Lower energy consumption

Every watt of power that a device requires increases your data center’s power and cooling costs.

The new payShield 10K design, leverages the latest energy efficient components and power management techniques to reduce overall power consumption, even while operating at twice the cryptographic performance, by 40%.

This will undoubtedly help reduce your data center’s electricity bill and contribute to your company achieving its “green goals”.

3. Increased resilience and availability

If your company is forced to take an HSM offline for routine configuration tasks or to replace a faulty power supply, it negatively affects the availability of your financial services infrastructure.

Thales in its continuous improvement process, enhances the physical design with payShield 10K, providing two power supplies and hot swappable fans as standard, improving MTBF, providing a very high expected uptime.

As part of the mission to help keep your payShield 10K running 24/7, the new version of the appliance performs additional background monitoring of HSM system processes and application code.

If problems are detected, they will be fixed automatically without any intervention from the IT team.

4. payShield 10K with faster firmware updates

Loading firmware usually means taking the HSM offline for several minutes. With payShield 10K, the firmware upgrade workflow process has been reduced while maintaining all the necessary security checks for authenticity and code integrity.

The reliability and ease-of-use aspects have also been improved, so that if power or connectivity interruptions occur, the charging process will automatically recover to minimize the possibility of the HSM becoming idle.

 

Thales and E-VAL can help you with LGPD

5. Clearer visual indicators

The payShield 10K has a simple and neat front panel design that displays a red warning triangle when a tampering event occurs.

When all is well, the left handle on the front panel is illuminated white, but if regular background integrity checks discover a problem, the handle will turn red.

To help identify which HSM in a rack may need emergency or scheduled intervention, operations staff can now quickly direct local staff to the HSM that needs support by illuminating the front and rear maintenance lights using payShield Manager.

In addition, the front light illuminates the unit’s serial number, making it easy to read if necessary. These are just some of the time-saving features introduced in payShield 10K, some inspired by customer feedback.

6. Clear confirmation of key removal

In the routine of IT infrastructure administrators, it is sometimes necessary to move an HSM from a production environment to another, less secure location.

Under various security audit constraints, critical keys, such as active LMKs, must not be present when the unit is at the new location.

The payShield 10K contains a dedicated key removal confirmation light on the back panel to ensure that no keys or sensitive data reside on the drive and that it is safe to deactivate.

This improved approach to erasing the key provides confirmation even after the unit is turned off.

7. Even stronger tamper protection

payShield 10K has multiple levels of tamper detection that, when activated, erase keys and confidential data in the event of an attack.

A fully locked cover is also used to increase the complexity for any attacker.

Attempts to access the inside of the internal safety module cause the device to be permanently disabled.

8. Broader cryptographic support

To support new payment methods, the new version of the hardware is able to leverage very fast hardware-based ECC processing in addition to the legacy 3DES, AES, and RSA algorithms.

Many of the emerging payment credential issuance use cases use ECC instead of RSA, especially when the payment instrument is a mobile, IoT or connected device.

payShield 10K is ready for enhancement to support a much wider range of cryptographic algorithms and mechanisms as they become formalized as part of the growing range of payment security specifications.

9. Even Higher Performance

Card payments and online digital payments are growing year by year, requiring you to constantly monitor and upgrade your processing bandwidth.

The new version of payShield offers significantly higher RSA and 3DES performance than its predecessors, which can reduce the number of devices in the previous version and lower your costs.

This faster cryptographic engine also provides more consistent and predictable performance across all host commands, even in heavy load situations and when TLS-based secure communications are in use.

10. payShield 10K features superior architecture

As the payments world increasingly looks for new deployment models involving a mix of private and public clouds, payShield 10K is specifically designed to offer secure remote management and monitoring, providing a true ‘contactless’ experience.

This provides support for various types of payment service offerings and more capabilities to perform functions securely across a wide range of operating environments.

With its enhanced features, payShield 10K is well suited to handle the ever-changing landscape of payment security.

payShield 10K ensures payment security

With payShield 10K you are assured that your company meets the highest security standards in the financial industry.

The fifth generation of payment HSMs from Thales, Eval’s partner company, offers a suite of proven security features in critical environments, in addition to transaction processing, protection of sensitive data, payment credential issuance, mobile card acceptance, and tokenization.

The payShield 10K solution can be used throughout the global payments ecosystem by issuers, service providers, acquirers, processors, and payment networks, offering a number of benefits.

Eval Professional Services has a team of specialized professionals with the best practices in the market

Benefit from our years of experience and expertise in information security and compliance with the General Data Protection Act (LGPD). We will be your partner for realizing digitization projects in compliance with security and data protection regulations.

We share our expertise across all business flows in healthcare organizations to help you minimize risk, maximize performance, and ensure the data protection your patients and partners expect.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Zero Trust: How to Achieve Cybersecurity in Your Business

Since users have started connecting through unmanaged mobile devices and internet-connected business applications, there is a growing need to implement more efficient security strategies, such as Zero Trust.

Zero Trust is a concept put forward by Forrester Research over a decade ago. The fundamental principle of the zero trust approach is least privilege access, which assumes that no user or application should be inherently trusted.

At its core, Zero Trust starts from the basis that everything is potentially hostile to an organization and a secure connection can only be established through efficient management and use of the user’s identity and the context of use, such as the user’s location, the security posture of the endpoint device and the application or service requested.

Zero Trust extends protection and enables modernization

Zero trust is not simply about a single technology, such as identity and remote user access or network segmentation. Zero Trust is a strategy, a foundation on which to build a cybersecurity ecosystem.

Basically, there are three principles in its definition:

Terminate all connections

Many technologies, such as firewalls, use a “pass-through” approach, meaning that files are sent to their recipients at the same time they are being inspected.

If a malicious file is detected, an alert will be sent, but it can often be too late. In contrast, zero trust terminates all connections so it can hold and inspect unknown files before they reach the endpoint.

Built on a proxy architecture, Zero Trust operates inline and inspects all traffic at line speed, including encrypted traffic, performing deep data and threat analysis.

Protect data using context-based policies

Zero trust applies user identity and device posture to verify access rights, using granular business policies based on context, including user, device, requested application, as well as content type.

Policies are adaptive, meaning that as context changes, such as the user’s location or device, user access privileges are continually re-evaluated.

Reduce risk by eliminating the attack surface

Zero Trust connects users directly to the apps and resources they need and never connects them to networks.

By enabling one-to-one connections (user-to-app and app-to-app), zero trust eliminates the risk of lateral movement and prevents a compromised device from infecting other network resources.

With Zero Trust, users and applications are invisible to the Internet, so they cannot be discovered or attacked.

Benefits of adopting Zero Trust

  • Effectively reduces business and organizational risk

As we saw earlier, Zero Trust assumes that all applications and services are malicious and not allowed to communicate until they can be positively verified by their identity attributes.

These are immutable properties of the software or services themselves that meet pre-defined trust principles, such as authentication and authorization requirements.‍

Zero trust therefore reduces risk because it reveals what is on the network and how those assets are communicating. In addition, as baselines are created, a Zero Trust strategy reduces risk by eliminating over-provisioned software and services and continuously checking the “credentials” of each communicating asset.

  • Provides access control in cloud and container environments

Security professionals’ biggest fears about moving to and using the cloud are loss of visibility and access management.

With a zero-trust security architecture, security policies are enforced based on the identity of the communication workloads and tied directly to the workload itself.

This way, security remains as close as possible to the assets that require protection and is not affected by network constructs such as IP addresses, ports and protocols. As a result, the protection not only follows the workload where it tries to communicate, but remains unchanged even when the environment changes.

  • Helps reduce the risk of a data breach

As zero trust is based on the principle of least privilege, every entity, user, device, workload, is considered hostile.

As a result, each request is inspected, users and devices are authenticated and permissions are assessed before “trust” is granted, and this “trustworthiness” is continually reassessed as any context changes, such as the user’s location or the data being accessed.

If an attacker gains a foothold in the network, or cloud instance through a compromised device or other vulnerability, that attacker will not have the ability to access or steal data as a result of being untrusted.

In addition, there is no ability to move laterally due to the zero trust model of creating a “secure segment of one”, meaning there is nowhere an attacker can go. Access is always blocked.

CipherTrust Discovery and Classification

  • Supports compliance initiatives

Zero trust protects all users and workload connections from the internet, so they cannot be exposed or exploited. This invisibility makes it simpler to demonstrate compliance with privacy standards, such as the General Data Protection Law (GDPR) and other regulations, and results in fewer findings in audits.

Additionally, with Zero Trust segmentation (micro-segmentation) in place, organizations have the ability to create perimeters around certain types of sensitive data using fine-grained controls that keep regulated data separate from other unregulated information.

When it comes time for an audit, or in the event of a data breach, a zero-trust segmentation strategy provides superior visibility and control over flat network architectures that provide privileged access.

Secure your environment with SafeNet Trusted Access and Zero Trust

Thales in partnership with Eval, offers strong and effective authentication services that enable enterprises to pursue consistent authentication policies across the organization, automating and simplifying the deployment and management of a distributed property of tokens, while protecting a broad spectrum of resources, whether on-premises, cloud-based or virtualized.

SafeNet Trusted Access is a cloud-based access management service that combines the convenience of the cloud and web single sign-on (SSO) with granular access security.

By validating identities, enforcing access policies and applying Smart Single Sign-On, organizations can ensure secure and convenient access to multiple cloud applications from one easy-to-navigate console.

Cloud-based applications play a vital role in meeting the productivity, operational and infrastructure needs of the enterprise. However, the challenge of managing users’ multiple cloud identities increases as more cloud applications are used.

Each new service added to an organization’s cloud makes unified visibility of access events harder to achieve and increases compliance risk.

Users struggle to maintain countless usernames and passwords, while help desk tickets requiring password resets abound. And with cloud applications protected by default with only weak static passwords, the risk of a data breach increases.

Benefits of SafeNet Trusted Access

SafeNet Trusted Access prevents data breaches and helps organizations comply with requirements and regulations, such as the General Data Protection Law (LGPD), allowing them to migrate to the cloud in a simple and secure way. The most important features include:

  • Flexibility in deployment: on-premise or cloud-only installation, migration possible at any time;
  • Reduced help desk costs through SAS self-service portal and high degree of automation;
  • Protection for internal and cloud applications;
  • Quickly implemented, easy to operate and flexibly scalable;
  • Strong authentication for almost all platforms and applications;
  • Integration through SAML, agents, RADIUS or APIs;
  • Multiple authentication factors for every need: hardware and software tokens, SMS and more;
  • Automated registration via web and email;
  • Multi-client capability: centrally across the enterprise, also with delegation;
  • Certified processes: ISO 27001, SSAE 16 SOC-Type 2.

SafeNet Trusted Access from Thales brings security to access and authentication using the Zero Trust strategy

With SafeNet Trusted Access, customers can authenticate API access, reducing the threat surface in an organization’s IT environment.

While API adoption is increasing, many organizations still rely on on-premise systems to run their business (e.g. HR and ERP systems), making consistent access management and authentication increasingly complex, while negatively impacting user experience.

Many organizations face increasing complexity in their IT environments

Many organizations face the challenge of applying modern, uniform authentication and access management to these applications.

SafeNet Trusted Access reduces the risk of data breaches by providing organizations with a wide range of authentication and policy-based access. This gives companies the agility to provide flexible security and authentication across their environment.

Combined with best-in-class authentication and access security, customers can now overcome complexity, reduce access silos and thrive as they undergo their digital and cloud transformation.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Connected Cars: Data Protection in 3 Steps

We are steadily moving towards a future where high connectivity is becoming the industry standard. This is why data security in connected cars has become a concern.

This is largely due to the increase in consumer demand, fueled by the convenience that IoT (Internet of Things) connected vehicles can offer.

This consumer demand makes sense when we consider the long-term benefits of driving or owning connected vehicles. Here are just a few of them:

  • A connected car enhances the experience of owning or using a vast array of apps and services that pair seamlessly with the smartphone the user owns;
  • Passenger and driver safety is increased and hazards are more easily avoided;
  • The driver has more control over the vehicle as well as its remote diagnostics;
  • Many routine tasks, such as parking, can be automated or partially automated;
  • Potential problems with the vehicle can be detected much earlier and money on fuel can be saved when the most efficient route is always chosen.

Consumer fears despite connected car innovation

Although the global connected car market is expected to surpass $219 billion by 2025, with 60% of automobiles will be connected to the internet, the industry is still facing challenges in its quest to become fully mainstream due to its main drawback: consumers’ fear of cyber attacks.

We all know that the increase in connected devices, whether vehicles or other devices, automatically increases the number of entry points and opportunities for criminals.

Considering the often very serious consequences of such attacks, this consumer fear is legitimate and needs to be addressed both by the IoT industry but especially by connected vehicle manufacturers if the industry wants to gain full consumer trust and adoption of their products and keeping their data safe.

Current safety status of connected cars

Indeed, protective measures are being taken to set data security standards in other areas of data exchange.

For example, the General Data Protection Act (GDPR) has made a significant difference to how we experience web browsing and any interaction that involves the processing of personal data.

However, IoT service providers are not currently required to comply with any additional security laws or standards.

While some are calling for specific government legislation, there are already several companies working on solutions to increase the security of connected devices.

It is not yet clear exactly what the impact on our personal privacy will be as we embark on this connected future. What is clear, however, is that if car manufacturers themselves do not step in with some clear technologies to prevent data hacking, mismanagement or data privacy breaches, the connected car industry will continue to struggle to be accepted by the general public.

So what are the automakers themselves doing these days? Crucially, what else needs to be done to reassure users that their data is safe?

What can car manufacturers do to ensure data security in connected cars?

1. investment in hardware security

Typically, the vehicles we are most used to seeing and driving on a daily basis have not been equipped with any kind of hardware security in the car’s own electronics.

This is because the car was never originally designed to have an open system that could be connected to external systems such as IoT devices. Instead, the car system should be a closed system.

Because of this, as soon as you connect the vehicle to something external, there are not enough protections (e.g. a firewall) in place against malicious parties.

This is solved in new cars by installing something called a secure gateway.

For IoT devices, no interaction could happen with the vehicle without first passing through the secure gateway, making the exchange of data between two parties significantly more secure.

infographic HSM Moderno

2. Investment in software security

With the continued rise in cybersecurity incidents, automakers need to incorporate an approach to data security in connected cars that takes into account not only the obvious exposures in the car’s software, but also the hidden vulnerabilities that can be introduced by open-source software components.

Connected car software code is extremely complex to say the least, with the average car software based around 100 million lines of code.

With so much complexity comes many opportunities for vulnerabilities and an increased risk of malicious attacks from cybercriminals.

Nowadays, it’s not uncommon to hear about malware specifically designed to detect flaws in car software.

Today, several renowned car manufacturers and their software suppliers deploy testing tools that include safety assessments on static and dynamic software.

In connected cars, these tools are used to identify coding errors that can result in software vulnerabilities and opportunities for hackers and criminals to enable or disable certain features remotely.

While these tools are effective in detecting bugs in the code written by the connected car manufacturers’ own in-house team of developers. They are not effective in identifying open source vulnerabilities in third party code.

This leaves many of the key components of today’s apps exposed, due to the fact that they are made by developers working for external IoT providers rather than the carmakers themselves.

3. User awareness and consent

In addition to protecting the car’s hardware and the vehicle’s software, it is important to emphasize the responsibility of connected car manufacturers to alert users to the importance of which devices they allow to be connected and for what purpose.

This is where user consent needs to be obtained and regulations such as the GDPR rigorously enforced.

Third-party IoT providers must clearly define why they want to interact with connected cars and what they plan to do with any data they get from the automobile, but it is the job of manufacturers to assure users of the security of their data.

Eval & Thales technology partnership: bringing trust to connected cars

As we look to our increasingly connected future, we can be sure that the relationship between vehicles and IoT is only likely to increase in complexity.

With a dedicated approach to data privacy and security, any risks of cyber attacks or misuse of data in connected cars can be significantly mitigated.

The IoT industry is growing at an exponential rate now. Traditional car companies need to adopt a safety-first approach.

This approach is necessary to take advantage of the huge strides technology can make in the lives of drivers and road users through connected vehicles.

With more than 20 years of experience in connecting vehicles, Eval and Thales’ customers benefit from their leading position in mobile connectivity standardization, serving more than 450 mobile operators worldwide.

Global automotive connectivity solutions and remote management greatly reduce supply chain complexity for automotive manufacturers while enabling easier end-user experiences over long vehicle lifecycles.

Eval and Thales’ solutions enable the use of end-user subscriptions for infotainment services in mobility and provide the technical capability for infotainment/telematics connectivity.

Leveraging proven and advanced expertise in digital security and IoT, Thales Trusted Key Manager provides connected car manufacturers with support for digital transformation, ensuring the end-to-end security of the automotive ecosystem.

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Where We Are

Rua Paulistânia, nº 381, 2º andar,
Sumarezinho
São Paulo - SP,
ZIP CODE: 05440-000

Contact

(11) 3670 - 3825
(11) 3865 - 1124
[email protected]

Facebook Instagram Linkedin
logo-tales-azul
keyfactor-logo
logo-valid-certificadora-digital
google-safe-browsing
Privacy Policy

Copyright © 2023, EVAL TECNOLOGIA EM INFORMÁTICA. All rights reserved - CNPJ 05.278.889/0001-97