ENCRYPTED STORAGE
security plan—and a way to lower the cost of a data breach—is ensuring that encrypted protection is provided both inside the firewall as well as outside the firewall. Many memory-product manufacturers, such as Kingston Technology, offer both types of solutions.
Protection Inside the Firewall
Encrypted data security inside the firewall centers around what type of drive is inside your computer or servers—SSD/SED or HDD. Since an SSD (solid-state drive) is significantly faster, it makes encryption seamless and accelerates system and application performance, which is critical in cybersecurity. Compared to an HDD (hard-disk drive) that is unprotected and unsecured, the use of a SED (self-encrypting drive) minimizes the risk of data loss. In- dependent Software Vendors (ISV) such as WinMagic, Symantec, McAfee and Sophos provide endpoint drive security solutions that compliment and simplify an SSD/SED drive deployment.
SSD/SEDs are used across organizations large and small, and in many cases must be used in order to comply with industry stan- dards and government regulations, such as the GDPR. Their use is one element of a managed security solution’s quest toward the compliance of such regulations.
Several features to look for while purchasing SSD/SEDs are 256-bit AES hardware-based encryption and support for the Trusted Computing Group (TCG) Opal 2.0 security policy standard—such as, Kingston SSDs for business, enterprise, and consumers they are ideal for protecting company and personal data. Hardware-based encryption requires lower overhead, re- ducing the need for complex infrastructure to manage encryp- tion, encryption keys, and requires no modifications to the OS or apps.
TCG is the international industry standards group that de- fines hardware-based root of trust for interoperable trusted com- puting platforms. Opal is a standard for managing self-encrypt- ing drives enabling. They ensure that only authorized machines can access networks and ensure the health and compliance of storage drives. The TCG OPAL standard provides centrally managed security policy, password recovery, automatic updates, and user creation/deletion.
The flexibility from multiple form factors, such as 2.5”, M.2 and mSATA, simplifies the deployment of PCs, laptops and or tablets, which saves time for IT management.
Protection Outside the Firewall
Unencrypted USB drives, such as removable media, flash drives, thumb drives, among other terms, abound outside an organiza- tion’s firewall protection. And, for that reason, they pose a major risk, when floating in and out of an ecosystem. They are used as file-sharing, mobility tools, service tools, backup drives, and more. While they have revolutionized data transfers, they have also introduced serious security concerns. With their extreme portability, USB drives can turn up anywhere, making them very susceptible to being lost, breached, and misappropriated. And that leads to the possibility of critical, classified, sensitive data landing in the wrong hands.
The solution: secure, hardware-based encrypted USB devices.
Encrypted USB drives—such as Kingston’s IronKey and DataTraveler models—are powerful tools in closing security
gaps, complimenting existing endpoint DLP strategies to help en- sure security and compliance by offering.
• Hardware-based AES 256-bit encryption
• Optional anti-virus protection
• Complex password protection
• Ability to be managed remotely
• Wide-capacity range
These flash drives are an essential pillar of a comprehensive data loss-prevention (DLP) strategy. It is imperative that com- panies and organizations standardize and insist their employees only use encrypted USB drives, which combine the productivity advantages of allowing USB access while protecting the informa- tion on the drive. They are designed to protect even the most sen- sitive data, using the strictest security regulations and protocols.
A USB drive with hardware-based encryption is an excellent, simple solution to protecting data from breaches, while also meet- ing evolving governmental regulations. Such devices meet tough industry security standards and offer the ultimate security in data protection to confidently manage threats and reduce risks.
Hardware-based encrypted USB drives are self-contained and do not require a software or driver element on the host computer. No software vulnerability eliminates the possibility of brute- force, sniffing, and memory hash attacks.
A hardware-centric/software-free encryption approach to data security is the best defense against data loss outside a firewall, as it eliminates the most commonly used attack routes. Independent Software Vendors (ISV) such as Symantec, McAfee, Sophos, and others provide endpoint DLP security solutions that compliment and simplify an encrypted USB drive deployment for users and group policy management.
Ruben Lugo is the strategic product marketing manager at Kingston Technology.
1 https://www.idtheftcenter.org/wp-content/uploads/2018/09/2018- August-Data-Breach-Package.pdf; August 31, 2018
2 https://www.thalesesecurity.com/2018/data-threat-report-retail
3 https://www.ponemon.org/blog/2017-cost-of-data-breach-study- united-states; June 2017
NS12
NOVEMBER/DECEMBER 2018 | NETWORKING SECURITY