A Successful Data Security Plan

Security inside and outside the firewall are vital to storage

We live in a world where computer hacking, data breaches, identity theft, and stolen records of all sizes have become worldwide events that can happen at any time. Here are a few recent examples of breaches, the financial impact/consequence, and a couple of product solutions that can help prevent such undesired publicity.

According to the Identity Theft Resource Center, in the United States alone there have been 864 total breaches exposing over 34-million records between Jan. 1 and Aug. 31.1 A Thales Security report shows that nearly 50 percent of retailers have been breached in the past year— and 75 percent breached in total. It also highlights two major points: Breach rates in the last year are up 2.5 times from the results in 2017 and lack of perceived need is the top reason for not implementing data security in U.S. retail at 52 percent. Encryption technologies help to solve new privacy requirements and traditional problems with protecting sensitive data.2

Most notably of these, of course, is Facebook, which had a major data breach in 2015 that went unreported until earlier this year. The company owned up to the fact that Cambridge Analytica had been collecting private information from almost 87-million Facebook users for political research. An additional breach, which was discovered in October, was the largest in Facebook’s 14-year history compromising 50-million users.

Also, this year, it was revealed that the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations were compromised between May 2017 and March 2018, affecting over five million customers. Making matters worse, approximately 125,000 of these records were released for sale on the Dark Web.

Not to belabor the point, but this last example is a doozy. Under Armour’s nutrition- logging app MyFitnessPal was targeted in what is now considered one of the largest cyberattacks of all time—roughly 150 million app users had sensitive data exposed—such as usernames, email addresses, and hashed passwords.

That’s not all. There is a major financial consequence side to greatly consider as well.

Such activity costs companies, educational institutions, governments, organizations, and even everyday folks millions upon millions of dollars. The cost of a typical data breach can be as much as $3.6 million for some organizations, with the average number of stolen records exceeding 20,000 at a cost of $141 per record (totaling just over $2.8 million).

According to Ponemon Institute’s June 2017 Cost of Data Breach study, organizations can significantly reduce their costs by using cyber security data protection.3 By staffing an incident response team, organizations can save over $400,000 per breach. The report also finds that the extensive use of encryption can save organizations an additional $385,000.

In the last few years, there has been a rise in breaches, critical amounts of records exposures, theft, and loss of confidential company and personal information. With global regulations, such as the EU GDPR (General Data Protection Regulation) focused on data security, the reality of fines (GDPR can fine organizations up to €20 million or four percent of their annual global turnover, whichever is greater) due to careless loss of data has driven many organizations to effectively secure their everyday business data. Such data is at the heart of every organization and maintaining effective protection against data security threats to avoid any legal and financial impact is critical.

A firewall is essential in protecting organizations against data security threats from known, unknown, and not trusted networks. Borrowed from the fire-safety industry’s use of the word for a physical barrier that is intended to limit the spread of a fire, a computer firewall is a virtual barrier that is designed to limit the spread or damage of a cyberattack.

One of the keys to a successful data-security plan—and a way to lower the cost of a data breach—is ensuring that encrypted protection is provided both inside the firewall as well as outside the firewall. Many memory-product manufacturers, such as Kingston Technology, offer both types of solutions.

Protection Inside the Firewall

Encrypted data security inside the firewall centers around what type of drive is inside your computer or servers—SSD/SED or HDD. Since an SSD (solid-state drive) is significantly faster, it makes encryption seamless and accelerates system and application performance, which is critical in cybersecurity. Compared to an HDD (hard-disk drive) that is unprotected and unsecured, the use of a SED (self-encrypting drive) minimizes the risk of data loss. Independent Software Vendors (ISV) such as WinMagic, Symantec, McAfee and Sophos provide endpoint drive security solutions that compliment and simplify an SSD/SED drive deployment.

SSD/SEDs are used across organizations large and small, and in many cases must be used in order to comply with industry standards and government regulations, such as the GDPR. Their use is one element of a managed security solution’s quest toward the compliance of such regulations.

Several features to look for while purchasing SSD/SEDs are 256-bit AES hardware-based encryption and support for the Trusted Computing Group (TCG) Opal 2.0 security policy standard—such as, Kingston SSDs for business, enterprise, and consumers they are ideal for protecting company and personal data. Hardware-based encryption requires lower overhead, reducing the need for complex infrastructure to manage encryption, encryption keys, and requires no modifications to the OS or apps.

TCG is the international industry standards group that defines hardware-based root of trust for interoperable trusted computing platforms. Opal is a standard for managing self-encrypting drives enabling. They ensure that only authorized machines can access networks and ensure the health and compliance of storage drives. The TCG OPAL standard provides centrally managed security policy, password recovery, automatic updates, and user creation/deletion.

The flexibility from multiple form factors, such as 2.5”, M.2 and mSATA, simplifies the deployment of PCs, laptops and or tablets, which saves time for IT management.

Protection Outside the Firewall

Unencrypted USB drives, such as removable media, flash drives, thumb drives, among other terms, abound outside an organization’s firewall protection. And, for that reason, they pose a major risk, when floating in and out of an ecosystem. They are used as file-sharing, mobility tools, service tools, backup drives, and more. While they have revolutionized data transfers, they have also introduced serious security concerns. With their extreme portability, USB drives can turn up anywhere, making them very susceptible to being lost, breached, and misappropriated. And that leads to the possibility of critical, classified, sensitive data landing in the wrong hands.

The solution: secure, hardware-based encrypted USB devices. Encrypted USB drives—such as Kingston’s IronKey and DataTraveler models—are powerful tools in closing security gaps, complimenting existing endpoint DLP strategies to help ensure security and compliance by offering.

  • Hardware-based AES 256-bit encryption
  • Optional anti-virus protection
  • Complex password protection
  • Ability to be managed remotely
  • Wide-capacity range

These flash drives are an essential pillar of a comprehensive data loss-prevention (DLP) strategy. It is imperative that companies and organizations standardize and insist their employees only use encrypted USB drives, which combine the productivity advantages of allowing USB access while protecting the information on the drive. They are designed to protect even the most sensitive data, using the strictest security regulations and protocols.

A USB drive with hardware-based encryption is an excellent, simple solution to protecting data from breaches, while also meeting evolving governmental regulations. Such devices meet tough industry security standards and offer the ultimate security in data protection to confidently manage threats and reduce risks.

Hardware-based encrypted USB drives are self-contained and do not require a software or driver element on the host computer. No software vulnerability eliminates the possibility of bruteforce, sniffing, and memory hash attacks.

A hardware-centric/software-free encryption approach to data security is the best defense against data loss outside a firewall, as it eliminates the most commonly used attack routes. Independent Software Vendors (ISV) such as Symantec, McAfee, Sophos, and others provide endpoint DLP security solutions that compliment and simplify an encrypted USB drive deployment for users and group policy management.

This article originally appeared in the November/December 2018 issue of Security Today.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.