A Successful Data Security Plan
Security inside and outside the firewall are vital to storage
- By Ruben Lugo
- Dec 01, 2018
We live in a world
where computer hacking,
identity theft, and stolen
records of all sizes
have become worldwide
events that can happen at any
time. Here are a few recent examples of
breaches, the financial impact/consequence,
and a couple of product solutions
that can help prevent such undesired
According to the Identity Theft Resource
Center, in the United States alone
there have been 864 total breaches exposing
over 34-million records between Jan.
1 and Aug. 31.1 A Thales Security report
shows that nearly 50 percent of retailers
have been breached in the past year—
and 75 percent breached in total. It also
highlights two major points: Breach rates
in the last year are up 2.5 times from the
results in 2017 and lack of perceived need
is the top reason for not implementing
data security in U.S. retail at 52 percent.
Encryption technologies help to solve
new privacy requirements and traditional
problems with protecting sensitive data.2
Most notably of these, of course, is
Facebook, which had a major data breach
in 2015 that went unreported until earlier
this year. The company owned up to the
fact that Cambridge Analytica had been
collecting private information from almost
87-million Facebook users for political
research. An additional breach, which
was discovered in October, was the largest
in Facebook’s 14-year history compromising
Also, this year, it was revealed that the
entire network of Lord & Taylor and 83
Saks Fifth Avenue locations were compromised
between May 2017 and March
2018, affecting over five million customers.
Making matters worse, approximately
125,000 of these records were released for
sale on the Dark Web.
Not to belabor the point, but this last
example is a doozy. Under Armour’s nutrition-
logging app MyFitnessPal was targeted
in what is now considered one of the
largest cyberattacks of all time—roughly
150 million app users had sensitive data
exposed—such as usernames, email addresses,
and hashed passwords.
That’s not all. There is a major financial
consequence side to greatly consider as well.
Such activity costs companies, educational
institutions, governments, organizations,
and even everyday folks millions
upon millions of dollars. The cost of a
typical data breach can be as much as $3.6
million for some organizations, with the
average number of stolen records exceeding
20,000 at a cost of $141 per record (totaling
just over $2.8 million).
According to Ponemon Institute’s June
2017 Cost of Data Breach study, organizations
can significantly reduce their costs by
using cyber security data protection.3 By
staffing an incident response team, organizations
can save over $400,000 per breach.
The report also finds that the extensive use
of encryption can save organizations an
In the last few years, there has been a
rise in breaches, critical amounts of records
exposures, theft, and loss of confidential
company and personal information.
With global regulations, such as
the EU GDPR (General Data Protection
Regulation) focused on data security, the
reality of fines (GDPR can fine organizations
up to €20 million or four percent of
their annual global turnover, whichever is
greater) due to careless loss of data has
driven many organizations to effectively
secure their everyday business data. Such
data is at the heart of every organization
and maintaining effective protection
against data security threats to avoid any
legal and financial impact is critical.
A firewall is essential in protecting organizations
against data security threats
from known, unknown, and not trusted
networks. Borrowed from the fire-safety
industry’s use of the word for a physical
barrier that is intended to limit the spread
of a fire, a computer firewall is a virtual
barrier that is designed to limit the spread
or damage of a cyberattack.
One of the keys to a successful data-security plan—and a way to lower the cost of a data breach—is
ensuring that encrypted protection is provided both inside the
firewall as well as outside the firewall. Many memory-product
manufacturers, such as Kingston Technology, offer both types
Protection Inside the Firewall
Encrypted data security inside the firewall centers around what
type of drive is inside your computer or servers—SSD/SED or
HDD. Since an SSD (solid-state drive) is significantly faster, it
makes encryption seamless and accelerates system and application
performance, which is critical in cybersecurity. Compared to an
HDD (hard-disk drive) that is unprotected and unsecured, the use
of a SED (self-encrypting drive) minimizes the risk of data loss. Independent
Software Vendors (ISV) such as WinMagic, Symantec,
McAfee and Sophos provide endpoint drive security solutions that
compliment and simplify an SSD/SED drive deployment.
SSD/SEDs are used across organizations large and small, and
in many cases must be used in order to comply with industry standards
and government regulations, such as the GDPR. Their use
is one element of a managed security solution’s quest toward the
compliance of such regulations.
Several features to look for while purchasing SSD/SEDs
are 256-bit AES hardware-based encryption and support for
the Trusted Computing Group (TCG) Opal 2.0 security policy
standard—such as, Kingston SSDs for business, enterprise, and
consumers they are ideal for protecting company and personal
data. Hardware-based encryption requires lower overhead, reducing
the need for complex infrastructure to manage encryption,
encryption keys, and requires no modifications to the OS
TCG is the international industry standards group that defines
hardware-based root of trust for interoperable trusted computing
platforms. Opal is a standard for managing self-encrypting
drives enabling. They ensure that only authorized machines
can access networks and ensure the health and compliance of
storage drives. The TCG OPAL standard provides centrally
managed security policy, password recovery, automatic updates,
and user creation/deletion.
The flexibility from multiple form factors, such as 2.5”, M.2
and mSATA, simplifies the deployment of PCs, laptops and or
tablets, which saves time for IT management.
Protection Outside the Firewall
Unencrypted USB drives, such as removable media, flash drives,
thumb drives, among other terms, abound outside an organization’s
firewall protection. And, for that reason, they pose a major
risk, when floating in and out of an ecosystem. They are used
as file-sharing, mobility tools, service tools, backup drives, and
more. While they have revolutionized data transfers, they have
also introduced serious security concerns. With their extreme
portability, USB drives can turn up anywhere, making them very
susceptible to being lost, breached, and misappropriated. And
that leads to the possibility of critical, classified, sensitive data
landing in the wrong hands.
The solution: secure, hardware-based encrypted USB devices.
Encrypted USB drives—such as Kingston’s IronKey and
DataTraveler models—are powerful tools in closing security
gaps, complimenting existing endpoint DLP strategies to help ensure
security and compliance by offering.
- Hardware-based AES 256-bit encryption
- Optional anti-virus protection
- Complex password protection
- Ability to be managed remotely
- Wide-capacity range
These flash drives are an essential pillar of a comprehensive
data loss-prevention (DLP) strategy. It is imperative that companies
and organizations standardize and insist their employees
only use encrypted USB drives, which combine the productivity
advantages of allowing USB access while protecting the information
on the drive. They are designed to protect even the most sensitive
data, using the strictest security regulations and protocols.
A USB drive with hardware-based encryption is an excellent,
simple solution to protecting data from breaches, while also meeting
evolving governmental regulations. Such devices meet tough
industry security standards and offer the ultimate security in data
protection to confidently manage threats and reduce risks.
Hardware-based encrypted USB drives are self-contained and
do not require a software or driver element on the host computer.
No software vulnerability eliminates the possibility of bruteforce,
sniffing, and memory hash attacks.
A hardware-centric/software-free encryption approach to data
security is the best defense against data loss outside a firewall, as
it eliminates the most commonly used attack routes. Independent
Software Vendors (ISV) such as Symantec, McAfee, Sophos, and
others provide endpoint DLP security solutions that compliment
and simplify an encrypted USB drive deployment for users and
group policy management.
This article originally appeared in the November/December 2018 issue of Security Today.