A Successful Data Security Plan

Security inside and outside the firewall are vital to storage

• By Ruben Lugo
• Dec 01, 2018

We live in a world where computer hacking, data breaches, identity theft, and stolen records of all sizes have become worldwide events that can happen at any time. Here are a few recent examples of breaches, the financial impact/consequence, and a couple of product solutions that can help prevent such undesired publicity.

According to the Identity Theft Resource Center, in the United States alone there have been 864 total breaches exposing over 34-million records between Jan. 1 and Aug. 31.1 A Thales Security report shows that nearly 50 percent of retailers have been breached in the past year— and 75 percent breached in total. It also highlights two major points: Breach rates in the last year are up 2.5 times from the results in 2017 and lack of perceived need is the top reason for not implementing data security in U.S. retail at 52 percent. Encryption technologies help to solve new privacy requirements and traditional problems with protecting sensitive data.2

Most notably of these, of course, is Facebook, which had a major data breach in 2015 that went unreported until earlier this year. The company owned up to the fact that Cambridge Analytica had been collecting private information from almost 87-million Facebook users for political research. An additional breach, which was discovered in October, was the largest in Facebook’s 14-year history compromising 50-million users.

Also, this year, it was revealed that the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations were compromised between May 2017 and March 2018, affecting over five million customers. Making matters worse, approximately 125,000 of these records were released for sale on the Dark Web.

Not to belabor the point, but this last example is a doozy. Under Armour’s nutrition- logging app MyFitnessPal was targeted in what is now considered one of the largest cyberattacks of all time—roughly 150 million app users had sensitive data exposed—such as usernames, email addresses, and hashed passwords.

That’s not all. There is a major financial consequence side to greatly consider as well.

Such activity costs companies, educational institutions, governments, organizations, and even everyday folks millions upon millions of dollars. The cost of a typical data breach can be as much as $3.6 million for some organizations, with the average number of stolen records exceeding 20,000 at a cost of $141 per record (totaling just over $2.8 million).

According to Ponemon Institute’s June 2017 Cost of Data Breach study, organizations can significantly reduce their costs by using cyber security data protection.3 By staffing an incident response team, organizations can save over $400,000 per breach. The report also finds that the extensive use of encryption can save organizations an additional $385,000.

In the last few years, there has been a rise in breaches, critical amounts of records exposures, theft, and loss of confidential company and personal information. With global regulations, such as the EU GDPR (General Data Protection Regulation) focused on data security, the reality of fines (GDPR can fine organizations up to €20 million or four percent of their annual global turnover, whichever is greater) due to careless loss of data has driven many organizations to effectively secure their everyday business data. Such data is at the heart of every organization and maintaining effective protection against data security threats to avoid any legal and financial impact is critical.

A firewall is essential in protecting organizations against data security threats from known, unknown, and not trusted networks. Borrowed from the fire-safety industry’s use of the word for a physical barrier that is intended to limit the spread of a fire, a computer firewall is a virtual barrier that is designed to limit the spread or damage of a cyberattack.

One of the keys to a successful data-security plan—and a way to lower the cost of a data breach—is ensuring that encrypted protection is provided both inside the firewall as well as outside the firewall. Many memory-product manufacturers, such as Kingston Technology, offer both types of solutions.

Protection Inside the Firewall

Encrypted data security inside the firewall centers around what type of drive is inside your computer or servers—SSD/SED or HDD. Since an SSD (solid-state drive) is significantly faster, it makes encryption seamless and accelerates system and application performance, which is critical in cybersecurity. Compared to an HDD (hard-disk drive) that is unprotected and unsecured, the use of a SED (self-encrypting drive) minimizes the risk of data loss. Independent Software Vendors (ISV) such as WinMagic, Symantec, McAfee and Sophos provide endpoint drive security solutions that compliment and simplify an SSD/SED drive deployment.

SSD/SEDs are used across organizations large and small, and in many cases must be used in order to comply with industry standards and government regulations, such as the GDPR. Their use is one element of a managed security solution’s quest toward the compliance of such regulations.

Several features to look for while purchasing SSD/SEDs are 256-bit AES hardware-based encryption and support for the Trusted Computing Group (TCG) Opal 2.0 security policy standard—such as, Kingston SSDs for business, enterprise, and consumers they are ideal for protecting company and personal data. Hardware-based encryption requires lower overhead, reducing the need for complex infrastructure to manage encryption, encryption keys, and requires no modifications to the OS or apps.

TCG is the international industry standards group that defines hardware-based root of trust for interoperable trusted computing platforms. Opal is a standard for managing self-encrypting drives enabling. They ensure that only authorized machines can access networks and ensure the health and compliance of storage drives. The TCG OPAL standard provides centrally managed security policy, password recovery, automatic updates, and user creation/deletion.

The flexibility from multiple form factors, such as 2.5”, M.2 and mSATA, simplifies the deployment of PCs, laptops and or tablets, which saves time for IT management.

Protection Outside the Firewall

Unencrypted USB drives, such as removable media, flash drives, thumb drives, among other terms, abound outside an organization’s firewall protection. And, for that reason, they pose a major risk, when floating in and out of an ecosystem. They are used as file-sharing, mobility tools, service tools, backup drives, and more. While they have revolutionized data transfers, they have also introduced serious security concerns. With their extreme portability, USB drives can turn up anywhere, making them very susceptible to being lost, breached, and misappropriated. And that leads to the possibility of critical, classified, sensitive data landing in the wrong hands.

The solution: secure, hardware-based encrypted USB devices. Encrypted USB drives—such as Kingston’s IronKey and DataTraveler models—are powerful tools in closing security gaps, complimenting existing endpoint DLP strategies to help ensure security and compliance by offering.

• Hardware-based AES 256-bit encryption
• Optional anti-virus protection
• Complex password protection
• Ability to be managed remotely
• Wide-capacity range

These flash drives are an essential pillar of a comprehensive data loss-prevention (DLP) strategy. It is imperative that companies and organizations standardize and insist their employees only use encrypted USB drives, which combine the productivity advantages of allowing USB access while protecting the information on the drive. They are designed to protect even the most sensitive data, using the strictest security regulations and protocols.

A USB drive with hardware-based encryption is an excellent, simple solution to protecting data from breaches, while also meeting evolving governmental regulations. Such devices meet tough industry security standards and offer the ultimate security in data protection to confidently manage threats and reduce risks.

Hardware-based encrypted USB drives are self-contained and do not require a software or driver element on the host computer. No software vulnerability eliminates the possibility of bruteforce, sniffing, and memory hash attacks.

A hardware-centric/software-free encryption approach to data security is the best defense against data loss outside a firewall, as it eliminates the most commonly used attack routes. Independent Software Vendors (ISV) such as Symantec, McAfee, Sophos, and others provide endpoint DLP security solutions that compliment and simplify an encrypted USB drive deployment for users and group policy management.

This article originally appeared in the November/December 2018 issue of Security Today.