Boosting Client Data Protection

Posted by Frank Strafford on June 6, 2018 in Data Security,
client data protection

Streamline Verify takes data security very seriously. It maintains up-to-date security systems, performs enhancements as required and implements recommendations. The company is on track to integrate further safeguards to its cryptographic protocols. This is concerning the June 30, 2018 deadline in compliance with the PCI Data Security Standard (PCI DSS). It was established to ensure that current security standards are adhered to for the protection of client data.

A Brief History of Data Security

Transfer of data necessarily requires that online communications are protected. It does this by encrypting such data through a cryptographic protocol. The parties can freely transact through a secured channel, keeping their data safe and confidential.

Netscape introduced this Transport Security Layer process through the development of its Secure Sockets Layer (SSL) in the early 1990’s. It has received multiple upgrades to its  capabilities to successfully repel online attackers from accessing sensitive information. Modifications to the following cryptographic protocols were conducted: SSL 3.0 (1996), TLS 1.0 (1990) TLS 1.1 (2006) and TLS 1.2 (2008).

How Does Removing Old SSL/TLS Help?

Currently, SSL and early TLS are open to attacks resulting in potential exposure of delicate data it seeks to protect. Its vulnerabilities were laid bare by the BEAST and POODLE exploits. The latter especially, underscores SSL 3.0’s inability to defend against it. BEAST on the other hand, is a “man in the middle attack” (MITM) which can capture encrypted data and acquire session cookies.

In light of this, the PCI DSS has prescribed a 30 June 2018 deadline to migrate from SSL/early TLS to TLS 1.1 or higher. TLS 1.2 is more favorable to further decrease any risks of data breach. Online and e-commerce websites using SSL/early TLS encryption protocols were advised to implement the necessary upgrades to preclude POODLE exposure and similar exploits.

Streamline Verify Servers Are Already Secure

The Streamline Verify servers are not vulnerable to these attacks and other known SSL/TLS. The Streamline Verify application has an A+ rating at SSL Labs though it will not stop there. Our servers have transitioned to TLS 1.2 to further boost security measures. Moving forward, Streamline Verify will consider upgrading to the recently ratified TLS 1.3 once more browsers support it.

As such, outdated browsers that do not comply with current security standards are advised to upgrade them immediately. This includes Internet Explorer versions prior to version 11 that do not support TLS 1.1 and TLS 1.2 by default. Streamline Verify will no longer support TLS 1.0 or TLS 1.1 (even though removal of TLS 1.1 is not mandated by PCI).

Clients using outdated versions may experience service interruptions. The company apologizes for any inconvenience this may cause and is on hand to assist with any concerns.

About Frank Strafford

About Frank Strafford

Related Articles

MANAGING THROUGH AN EXCLUSION BY THE ...

June 1, 2021

AN OVERVIEW of THE OIG’S LIST OF EXCLUDED INDIVIDUALS AND ENTITIES Since 1977, the federal government has maintained a list of individuals and entities that are excluded from participation in any...

Top 10 Reasons NOT to Invest in ...

October 12, 2015

Why Not to Invest in Exclusion Screening Software Plenty of healthcare organizations don't use exclusion screening software. Wondering why not?  Here's what they'll tell you! It's no big dea...

A Quick Guide to OIG Compliance ...

May 8, 2018

OIG compliance procedures through regular LEIE checks can verify if you are employing individuals or contracting with entities who are listed on the OIG sanction list. The Office of the Inspector Gene...