"Any information that can lead to the identity of a specific person falls under PII. A simple spreadsheet of student information and grades could fall under the wide umbrella of PII regulations."
Encrypted USB Drives
Standard USB drives (such as removable media, flash drives, thumb drives, etc.) are used as file-sharing and mobility tools, backup drives, and more. While they have revolutionized data storage and transfer, they have also introduced serious security concerns. USB drives can turn up anywhere with their extreme portability, making them a very vulnerable device, susceptible to being easily accessed causing a potential breach.
Considering how much data can be stored on these drives, the damage caused by a lost or hacked drive can be unfathomable. The most effective means to secure data on such a portable storage device is encrypted USB flash drives.
A hardware-centric/software-free encryption approach to data secu- rity is the most effective means of combating someone unauthorized from viewing private, student-related information. Such a USB drive is a cost-effective and easy to implement a solution to protecting private data.
These devices meet tough industry security standards and offer the ulti- mate security in data protection to confidently manage situations and reduce risks arising from missing drives. The encryption/decryption func- tions are self-contained within these devices and do not require a software element on the host computer. Brute-force, sniffing and memory hash attacks are eliminated because there is no software encryption vulnerability.
Hardware-centric and software-free encryption eliminates most of the common attack routes used by hackers. Complete cross-platform compatibility with any OS or embedded equipment using a USB drive for storage is also a benefit of software-free encryption.
AES 256-bit encryption in XTS mode is the top-of-the-line hard- ware-based encrypted USB drives use. This ensures that anyone who finds such a drive cannot easily access the information by cracking the encryption. Additionally, state-of-the-art drives will lock away data on the drive when the wrong password is attempted 10 times.
These USB drives also have digitally signed firmware that cannot be altered and add a physical layer of protection to a common hack called BadUSB. Access to the physical memory is also prevented by filling the cases with epoxy.
A hardware-centric/software-free encryption approach eliminates the most commonly used attack routes and is the best defense against a breach-causing data loss as it.
Encrypted Solid State Drives (SSD)
SSDs are the preferred storage medium for PCs as they feature unbeliev- able speed and reliability. They have gradually replaced older-style hard disk drives over the past 10 years. SSD encryption is similar to USB drives in that it is hardware-based, but requires software to engage it.
Many SSDs come standard with 256-bit AES encryption. This puts a wall around the data stored on the drive. However, as it is the com- puter’s hard drive, it requires software to lock that wall. Fortunately, organizations may have the lock in place already as part of their OS.
Education institutions and organizations who deploy data security measures from other major vendors are in luck as well as most of these companies also provide a software component to lock the encrypted data on SSDs.
Here are a few encryption methods that your SSDs should include. The more types an SSD has, the secure the personal-student data.
AES 256-Bit Encryption. AES (Advanced Encryption Standard) is a symmetric encryption algorithm (this means that the encryption and
By Richard Kanadjian
decryption keys are the same). AES is known as a "block cipher" where data is divided into 128-bit blocks before being scrambled with a 256-bit key. AES 256-bit encryption is an international standard and is recog- nized by the government, among others. AES-256 encryption is nearly undecipherable, making it the strongest encryption standard available.
TCG Opal 2.0. This protocol can initialize, authenticate and man- age encrypted SSDs by using independent software vendors featuring TCG Opal 2.0 security management solutions such as SymantecTM, McAfeeTM, WinMagic®, and others.
Microsoft eDrive Support. Microsoft eDrive is a security storage speci- fication program that is provided through the Pro and Enterprise editions of Windows 8, and above. While an SSD may feature AES 256-bit encryp- tion, it is wide open if not used in conjunction with eDrive or any of the other solutions listed above from the major security software vendors. In other words, AES 256-bit encryption on an SSD provides a fence around the data. The software solution is the lock that keeps the fence closed.
If you, your school or the school district are not using encrypted USB drives or encrypted SSDs, your personal student data could be at risk of being hacked or breached, as well as you not being compliant with strict federal and state regulations protecting personal student information.
Here are a couple of Kingston USB products to give you an idea of what is available and what you, as a teacher or school district, should be using.
• DataTraveler® 2000 (DT2000). It is designed with an alphanumeric
keypad that locks the drive with a word or number combination of your choosing for easy-to-use PIN protection. The keypad works on any device, such as a Windows PC, MacBook or Chromebook. It features hardware-based Full-disk AES 256-bit data encryption in XTS mode, which means the encryption is done on the drive with no trace of your PIN left on the system and provides a level of secu- rity that the government and other such organizations around the world have adopted.
It also has FIPS 140-2 Level 3 certification, including military-grade anti-tampering protections, to meet a frequently requested corporate IT requirement. Its fast storage speed allows for speedier data transfers. The DT2000 can be used on any device with a USB 2.0 or USB 3.0 port, which includes virtually all later model digital devices. With an adapt- er, it can also be used on devices with a USB-C data port.
• The DataTraveler® Vault Privacy 3.0 USB flash drive (DTVP30) pro- vides affordable business-grade security (thanks to its 256-bit AES hardware-based encryption in XTS mode) that ensures 100% protec- tion of stored data. Complex password protection with minimum char- acteristics prevents unauthorized access. Plus, for additional peace of mind, the drive locks down and reformats after 10 intrusion attempts.
School administrators will be glad to know that the DTVP30 can be customized in various ways to meet internal IT requirements. It is FIPS- 197 certified and TAA compliant to meet frequently requested corpo- rate and government IT requirements. Its SuperSpeed USB 3.0 technol- ogy means you will not be compromising transfer speeds for security.
It is unknown how long before students are back in the classroom but either way it’s best to be sure that all efforts in personal data pro- tection are being made.
Richard Kanadjian is currently the business manager, Encrypted USB unit at Kingston Technology.
MAY/JUNE 2021 campuslifesecurity.com 23