A Successful Data Security Plan

Security inside and outside the firewall are vital to storage

We live in a world where computer hacking, data breaches, identity theft, and stolen records of all sizes have become worldwide events that can happen at any time. Here are a few recent examples of breaches, the financial impact/consequence, and a couple of product solutions that can help prevent such undesired publicity.

According to the Identity Theft Resource Center, in the United States alone there have been 864 total breaches exposing over 34-million records between Jan. 1 and Aug. 31.1 A Thales Security report shows that nearly 50 percent of retailers have been breached in the past year— and 75 percent breached in total. It also highlights two major points: Breach rates in the last year are up 2.5 times from the results in 2017 and lack of perceived need is the top reason for not implementing data security in U.S. retail at 52 percent. Encryption technologies help to solve new privacy requirements and traditional problems with protecting sensitive data.2

Most notably of these, of course, is Facebook, which had a major data breach in 2015 that went unreported until earlier this year. The company owned up to the fact that Cambridge Analytica had been collecting private information from almost 87-million Facebook users for political research. An additional breach, which was discovered in October, was the largest in Facebook’s 14-year history compromising 50-million users.

Also, this year, it was revealed that the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations were compromised between May 2017 and March 2018, affecting over five million customers. Making matters worse, approximately 125,000 of these records were released for sale on the Dark Web.

Not to belabor the point, but this last example is a doozy. Under Armour’s nutrition- logging app MyFitnessPal was targeted in what is now considered one of the largest cyberattacks of all time—roughly 150 million app users had sensitive data exposed—such as usernames, email addresses, and hashed passwords.

That’s not all. There is a major financial consequence side to greatly consider as well.

Such activity costs companies, educational institutions, governments, organizations, and even everyday folks millions upon millions of dollars. The cost of a typical data breach can be as much as $3.6 million for some organizations, with the average number of stolen records exceeding 20,000 at a cost of $141 per record (totaling just over $2.8 million).

According to Ponemon Institute’s June 2017 Cost of Data Breach study, organizations can significantly reduce their costs by using cyber security data protection.3 By staffing an incident response team, organizations can save over $400,000 per breach. The report also finds that the extensive use of encryption can save organizations an additional $385,000.

In the last few years, there has been a rise in breaches, critical amounts of records exposures, theft, and loss of confidential company and personal information. With global regulations, such as the EU GDPR (General Data Protection Regulation) focused on data security, the reality of fines (GDPR can fine organizations up to €20 million or four percent of their annual global turnover, whichever is greater) due to careless loss of data has driven many organizations to effectively secure their everyday business data. Such data is at the heart of every organization and maintaining effective protection against data security threats to avoid any legal and financial impact is critical.

A firewall is essential in protecting organizations against data security threats from known, unknown, and not trusted networks. Borrowed from the fire-safety industry’s use of the word for a physical barrier that is intended to limit the spread of a fire, a computer firewall is a virtual barrier that is designed to limit the spread or damage of a cyberattack.

One of the keys to a successful data-security plan—and a way to lower the cost of a data breach—is ensuring that encrypted protection is provided both inside the firewall as well as outside the firewall. Many memory-product manufacturers, such as Kingston Technology, offer both types of solutions.

Protection Inside the Firewall

Encrypted data security inside the firewall centers around what type of drive is inside your computer or servers—SSD/SED or HDD. Since an SSD (solid-state drive) is significantly faster, it makes encryption seamless and accelerates system and application performance, which is critical in cybersecurity. Compared to an HDD (hard-disk drive) that is unprotected and unsecured, the use of a SED (self-encrypting drive) minimizes the risk of data loss. Independent Software Vendors (ISV) such as WinMagic, Symantec, McAfee and Sophos provide endpoint drive security solutions that compliment and simplify an SSD/SED drive deployment.

SSD/SEDs are used across organizations large and small, and in many cases must be used in order to comply with industry standards and government regulations, such as the GDPR. Their use is one element of a managed security solution’s quest toward the compliance of such regulations.

Several features to look for while purchasing SSD/SEDs are 256-bit AES hardware-based encryption and support for the Trusted Computing Group (TCG) Opal 2.0 security policy standard—such as, Kingston SSDs for business, enterprise, and consumers they are ideal for protecting company and personal data. Hardware-based encryption requires lower overhead, reducing the need for complex infrastructure to manage encryption, encryption keys, and requires no modifications to the OS or apps.

TCG is the international industry standards group that defines hardware-based root of trust for interoperable trusted computing platforms. Opal is a standard for managing self-encrypting drives enabling. They ensure that only authorized machines can access networks and ensure the health and compliance of storage drives. The TCG OPAL standard provides centrally managed security policy, password recovery, automatic updates, and user creation/deletion.

The flexibility from multiple form factors, such as 2.5”, M.2 and mSATA, simplifies the deployment of PCs, laptops and or tablets, which saves time for IT management.

Protection Outside the Firewall

Unencrypted USB drives, such as removable media, flash drives, thumb drives, among other terms, abound outside an organization’s firewall protection. And, for that reason, they pose a major risk, when floating in and out of an ecosystem. They are used as file-sharing, mobility tools, service tools, backup drives, and more. While they have revolutionized data transfers, they have also introduced serious security concerns. With their extreme portability, USB drives can turn up anywhere, making them very susceptible to being lost, breached, and misappropriated. And that leads to the possibility of critical, classified, sensitive data landing in the wrong hands.

The solution: secure, hardware-based encrypted USB devices. Encrypted USB drives—such as Kingston’s IronKey and DataTraveler models—are powerful tools in closing security gaps, complimenting existing endpoint DLP strategies to help ensure security and compliance by offering.

  • Hardware-based AES 256-bit encryption
  • Optional anti-virus protection
  • Complex password protection
  • Ability to be managed remotely
  • Wide-capacity range

These flash drives are an essential pillar of a comprehensive data loss-prevention (DLP) strategy. It is imperative that companies and organizations standardize and insist their employees only use encrypted USB drives, which combine the productivity advantages of allowing USB access while protecting the information on the drive. They are designed to protect even the most sensitive data, using the strictest security regulations and protocols.

A USB drive with hardware-based encryption is an excellent, simple solution to protecting data from breaches, while also meeting evolving governmental regulations. Such devices meet tough industry security standards and offer the ultimate security in data protection to confidently manage threats and reduce risks.

Hardware-based encrypted USB drives are self-contained and do not require a software or driver element on the host computer. No software vulnerability eliminates the possibility of bruteforce, sniffing, and memory hash attacks.

A hardware-centric/software-free encryption approach to data security is the best defense against data loss outside a firewall, as it eliminates the most commonly used attack routes. Independent Software Vendors (ISV) such as Symantec, McAfee, Sophos, and others provide endpoint DLP security solutions that compliment and simplify an encrypted USB drive deployment for users and group policy management.

This article originally appeared in the November/December 2018 issue of Security Today.


  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • 91 Percent of Security Leaders Believe AI Set to Outpace Security Teams

    Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

Featured Cybersecurity


New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3