We have seen dozens of businesses pop up to help users store information in the cloud, both personal and business. The inherent benefits to data storage in the cloud are obvious: virtually limitless storage, no required maintenance or upgrades, and little to no administration overhead required. But what about the risks? You simply can’t ignore the security of the data you store in the cloud, particularly as the heat of constant cyber attacks intensifies. How can businesses trust that their data is safe when stored in third-party data centers?

Several factors play into the business decision to use cloud storage solutions today. One of these concerns the actual physical location of the stored data. This is especially relevant in today’s world of increasing government and industry regulation. Closely related to this is the need for privacy, which is itself an impetus for stricter regulations. Cloud providers deliver varying levels of service level agreements regarding the security of the information they store, and this information may need to be produced as part of legal proceedings. And yet, businesses can no longer afford to ignore one of the most significant drivers of cloud adoption – cost. The cloud can make storage far more cost-effective and workers more productive.

There have been many blog postings lately on the value of salting passwords to prevent attackers from discovering the actual password values.  Salting is very effective tool when implemented properly to protect passwords, but the problems are bigger than salting the passwords.  Attackers are able to access the systems where the passwords are stored and once they own the system then they can pretty much do whatever they want to.  Most will take the entire credential database and try to break the encryption/hashing schemes.  In addition to that, a lot of credential stores also include various bits of information about the users that own the passwords.  Encrypting/hashing/salting passwords is not enough and corporations need to go the next step of not only treating these as highly sensitive crown jewels of the company, but putting the controls on these systems to prevent/thwart the attackers/attacks in the first place.

U.S. companies are paying more to notify people impacted by data breaches, according to the 2011 Cost of a Data Breach Study: United States. The average cost to notify victims of breach increased in this year’s study from approximately $510,000 to $560,000. At the same time, the average size of a breach is down 16 percent and the costs associated with the detection and escalation of data breach events declined as well, suggesting that companies may be more efficient in investigating data breaches.

So, if companies are better at detecting breaches and breaches involve fewer records, why are notification costs continuing to creep up?

The simple answer is there are more laws and regulations governing data breach notification. Forty-six states now have data breach notification laws and there are other regulatory requirements to deal with, for instance HIPAA and HITECH. While each state’s requirements for notification vary, notification is typically required when personal identifying information (PII) has been or is “reasonably believed” to have been breached.

When it comes to healthcare, accuracy and attention to detail are not only important, they can mean the difference between life and death. Preventing misdiagnoses or mistreatment is taken very seriously.

Today, not only are patient lives on the line, but also, their information is increasingly online—on the hospital’s IT system, on private networks and even on the Internet. Mishandling of this data, or unauthorized use of it, can result in the wrong medical treatment, identity theft, data breaches and more. At the same time, more people need access to this information than ever before and from a variety of devices. The proper administration of healthcare data should be taken very seriously.

Just as clinicians use the “Five Rights of Medication Administration” to ensure proper patient care, the digitization of healthcare records and patient information means healthcare providers need to adopt best practices for ensuring proper security and privacy for patient data. To help organizations better understand their role in the administration of patient data Symantec has outlined specific best practices to ensure that patient information is kept secure regardless of where it is.

The year 1991 was an important year for the Internet. In August 1991 came the announcement of the World Wide Web project, which has changed the face of our world forever. Another event that year,though less publicized, has had an equally important impact online: the release of the first PGP software.

Even back in the days of Usenet, many people were concerned about privacy and whether the government would have ultimate control over information in the digital age. In an effort to give individuals the right to control their own data, Phil Zimmermann developed PGP and released the first version, to rave reviews. Soon engineers around the world were clamoring to port the software to different platforms, and Zimmermann began to see his project take on a life of its own. In many ways, the privacy we enjoy today online is a direct result of PGP and the power it gives each user to control his online privacy.