A Successful Data Security Plan

Security inside and outside the firewall are vital to storage

We live in a world where computer hacking, data breaches, identity theft, and stolen records of all sizes have become worldwide events that can happen at any time. Here are a few recent examples of breaches, the financial impact/consequence, and a couple of product solutions that can help prevent such undesired publicity.

According to the Identity Theft Resource Center, in the United States alone there have been 864 total breaches exposing over 34-million records between Jan. 1 and Aug. 31.1 A Thales Security report shows that nearly 50 percent of retailers have been breached in the past year— and 75 percent breached in total. It also highlights two major points: Breach rates in the last year are up 2.5 times from the results in 2017 and lack of perceived need is the top reason for not implementing data security in U.S. retail at 52 percent. Encryption technologies help to solve new privacy requirements and traditional problems with protecting sensitive data.2

Most notably of these, of course, is Facebook, which had a major data breach in 2015 that went unreported until earlier this year. The company owned up to the fact that Cambridge Analytica had been collecting private information from almost 87-million Facebook users for political research. An additional breach, which was discovered in October, was the largest in Facebook’s 14-year history compromising 50-million users.

Also, this year, it was revealed that the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations were compromised between May 2017 and March 2018, affecting over five million customers. Making matters worse, approximately 125,000 of these records were released for sale on the Dark Web.

Not to belabor the point, but this last example is a doozy. Under Armour’s nutrition- logging app MyFitnessPal was targeted in what is now considered one of the largest cyberattacks of all time—roughly 150 million app users had sensitive data exposed—such as usernames, email addresses, and hashed passwords.

That’s not all. There is a major financial consequence side to greatly consider as well.

Such activity costs companies, educational institutions, governments, organizations, and even everyday folks millions upon millions of dollars. The cost of a typical data breach can be as much as $3.6 million for some organizations, with the average number of stolen records exceeding 20,000 at a cost of $141 per record (totaling just over $2.8 million).

According to Ponemon Institute’s June 2017 Cost of Data Breach study, organizations can significantly reduce their costs by using cyber security data protection.3 By staffing an incident response team, organizations can save over $400,000 per breach. The report also finds that the extensive use of encryption can save organizations an additional $385,000.

In the last few years, there has been a rise in breaches, critical amounts of records exposures, theft, and loss of confidential company and personal information. With global regulations, such as the EU GDPR (General Data Protection Regulation) focused on data security, the reality of fines (GDPR can fine organizations up to €20 million or four percent of their annual global turnover, whichever is greater) due to careless loss of data has driven many organizations to effectively secure their everyday business data. Such data is at the heart of every organization and maintaining effective protection against data security threats to avoid any legal and financial impact is critical.

A firewall is essential in protecting organizations against data security threats from known, unknown, and not trusted networks. Borrowed from the fire-safety industry’s use of the word for a physical barrier that is intended to limit the spread of a fire, a computer firewall is a virtual barrier that is designed to limit the spread or damage of a cyberattack.

One of the keys to a successful data-security plan—and a way to lower the cost of a data breach—is ensuring that encrypted protection is provided both inside the firewall as well as outside the firewall. Many memory-product manufacturers, such as Kingston Technology, offer both types of solutions.

Protection Inside the Firewall

Encrypted data security inside the firewall centers around what type of drive is inside your computer or servers—SSD/SED or HDD. Since an SSD (solid-state drive) is significantly faster, it makes encryption seamless and accelerates system and application performance, which is critical in cybersecurity. Compared to an HDD (hard-disk drive) that is unprotected and unsecured, the use of a SED (self-encrypting drive) minimizes the risk of data loss. Independent Software Vendors (ISV) such as WinMagic, Symantec, McAfee and Sophos provide endpoint drive security solutions that compliment and simplify an SSD/SED drive deployment.

SSD/SEDs are used across organizations large and small, and in many cases must be used in order to comply with industry standards and government regulations, such as the GDPR. Their use is one element of a managed security solution’s quest toward the compliance of such regulations.

Several features to look for while purchasing SSD/SEDs are 256-bit AES hardware-based encryption and support for the Trusted Computing Group (TCG) Opal 2.0 security policy standard—such as, Kingston SSDs for business, enterprise, and consumers they are ideal for protecting company and personal data. Hardware-based encryption requires lower overhead, reducing the need for complex infrastructure to manage encryption, encryption keys, and requires no modifications to the OS or apps.

TCG is the international industry standards group that defines hardware-based root of trust for interoperable trusted computing platforms. Opal is a standard for managing self-encrypting drives enabling. They ensure that only authorized machines can access networks and ensure the health and compliance of storage drives. The TCG OPAL standard provides centrally managed security policy, password recovery, automatic updates, and user creation/deletion.

The flexibility from multiple form factors, such as 2.5”, M.2 and mSATA, simplifies the deployment of PCs, laptops and or tablets, which saves time for IT management.

Protection Outside the Firewall

Unencrypted USB drives, such as removable media, flash drives, thumb drives, among other terms, abound outside an organization’s firewall protection. And, for that reason, they pose a major risk, when floating in and out of an ecosystem. They are used as file-sharing, mobility tools, service tools, backup drives, and more. While they have revolutionized data transfers, they have also introduced serious security concerns. With their extreme portability, USB drives can turn up anywhere, making them very susceptible to being lost, breached, and misappropriated. And that leads to the possibility of critical, classified, sensitive data landing in the wrong hands.

The solution: secure, hardware-based encrypted USB devices. Encrypted USB drives—such as Kingston’s IronKey and DataTraveler models—are powerful tools in closing security gaps, complimenting existing endpoint DLP strategies to help ensure security and compliance by offering.

  • Hardware-based AES 256-bit encryption
  • Optional anti-virus protection
  • Complex password protection
  • Ability to be managed remotely
  • Wide-capacity range

These flash drives are an essential pillar of a comprehensive data loss-prevention (DLP) strategy. It is imperative that companies and organizations standardize and insist their employees only use encrypted USB drives, which combine the productivity advantages of allowing USB access while protecting the information on the drive. They are designed to protect even the most sensitive data, using the strictest security regulations and protocols.

A USB drive with hardware-based encryption is an excellent, simple solution to protecting data from breaches, while also meeting evolving governmental regulations. Such devices meet tough industry security standards and offer the ultimate security in data protection to confidently manage threats and reduce risks.

Hardware-based encrypted USB drives are self-contained and do not require a software or driver element on the host computer. No software vulnerability eliminates the possibility of bruteforce, sniffing, and memory hash attacks.

A hardware-centric/software-free encryption approach to data security is the best defense against data loss outside a firewall, as it eliminates the most commonly used attack routes. Independent Software Vendors (ISV) such as Symantec, McAfee, Sophos, and others provide endpoint DLP security solutions that compliment and simplify an encrypted USB drive deployment for users and group policy management.

This article originally appeared in the November/December 2018 issue of Security Today.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3