Data loss, theft and control are key to society. They concern not only the reputations of the user, organisation or department
but also the data might actually be about someone, or something important, sensitive or critical to a country's safety
and wellbeing. It also embraces legal obligations over its content (and handling) and the reputation of the company,
organisation or government can be at stake. The loss or theft might actually cause considerable distress or harm or enable
the preparation of such...
Encryption products are widely available - but not widely used?
Why, as many are really straightforward?
♦ Many organisations and corporate IT systems have the capabilities
and often the products available?
♦ And still they don't get used 100% of the time when the data
is at risk - Why?
A lot has to do with the psychology of being concerned about forgetting codes, passwords
and risk of not getting the data back... some is simply to do with not valuing the possibility of theft, loss or risk - some,
the organisation or department just doesn't do the risk analysis or won't put the budget and time investment in to
solving the problem. Some is about doing what isn't allowed procedurally and if encryption products were asked for then
the balloon would go up and stop the data going home or out of the office etc... Some is about doing the data mining or marketing
analysis and processing the data raw! Some is down to the wrong user, corporate or departmental strategy with respect to data
security - it is not a question of if it will happen it is more likely a question of when...
It is far better
to assume someone at some time will either have stolen or lost very valuable or very sensitive data - it might even
be in a very un-obvious way like do you crush all hard disks?... including the backups, complex switches, advanced printers and
cache servers - personal laptops may need hard disk crushing for those moments when your staff do work on their own laptop/IT...
What do you do with smart phones and tablets? What about email? Sometimes the loss/theft is circuitous and maybe your policies
are robust but not the policies of those you subcontract the work to... Maybe you need to find out how many staff have
email attachments going to smart phones and tablets - and what security (such as user authentication) is enabled! The
Leveson Inquiry is showing us all the damages and costs of not resetting (or setting) default pins/pass codes on voice
mail, answerphone and mobile phone voice mails...
Either way - it is far better to get the right
risk management strategies in place, get the right approach to segmented key data... and enable all to use encrypted products
◊ How many laptop losses/thefts have you heard about?
How many CDs lost with potentially no encryption of data?
◊ How many USB fobs lost with horrendous levels
of sensitive data?
Too many should be your answer. Some thankfully were encrypted - and the products available
are strong. Encryption is in many senses a key aspect - but it isn't the total answer - process, training, attitude and
responsible risk management are all key to getting this right... SOPHOS has several key products that allow you to enforce
a discipline about downloading to CDs and USB fobs - even stopping it from those clients that shouldn't.
are finalising to become a major supplier of encrypted USB drives for end-users - to drive up their use in authenticated access.
To also drive forward the use of tokens based on biomedical authentication combined with other tokens such as pins and/or
passwords - and network-level access from a server/client (or network access into a server/client) demanding and reliant on
such multifaceted authentication. If such is only ever code and algorithms - without simplifying the points too much
- both can be stolen, potentially hacked or duped (e.g. man in middle attack) - what we all need is much stronger cost-effective
approaches to protect valuable data and assets.
We have chosen a supplier that has products that can encode
up to ten fingerprints and encrypt the data using a powerful AES algorithm - there is even a completely integrated version
that is designed to help you give presentations - so you can encrypt that valuable corporate or government data, go give your
presentation and feel secure that your (or your organisations/departments) data isn't compromised nor can it be in the
hotel or in transit.
We are not going to stop at the USB - we are looking at secure login and authentication
too. Extremely secure firewalls and network designs will be on offer - using strong products that offer Unified Threat Management
[UTM] capabilities... It is critical to understand the threats to your infrastructure and exactly how it is being used by
your customers, suppliers and staff [temporary, new, existing, leavers, dismissals and retired]. Technology is becoming
widely used in the business that are personal items that are not part of the corporate governance nor security programme,
tools and techniques - yet that might be a key enabler to an efficient workforce - it may also be your key risk areas or even
But then a very strong infrastructure and firewalling moves your threat and risks potentially
to in-transit threats - so we have also chosen a supplier to offer products that are secure document carriers with
anti-slash, secure laptop, tablet and document protection for transit and overnight in hotels - more on that later.
Still even that isn't good enough with RFID-enabled tokens in credit/debit cards and corporate ID - so we have
also chosen a supplier to offer products that can protect passing capture of such on the move and hence thwart security
risks such as identity theft or secure access token sequence number theft.
Considerably more will follow shortly....
iStorage Secure USB Datasheet download PDF