With so many high profile data breaches happening to government agencies, healthcare organizations and also to businesses (e.g., financial services, data security, retail, etc.), there should be more of a move toward encryption and key management in order to prevent a full scale data breach. However, it seems as though this type of movement hasn’t garnered the attention of the IT security professionals in most organizations.
A recent survey by iStorage of 500 IT professionals revealed that more than one third had lost USB drives and portable devices that contained unencrypted personal and company data. Even more distressing is that over 50% of those surveyed reported to have transported data without any measure of encryption.
However, there are security experts who are opening calling on and urging companies and other organizations to adopt a full encryption of disks and to also implement proper key management to avoid the accidental or pre-mediated cyber criminal act from occurring.
One voice speaking about the need for encryption is the CEO of Venafi, Jeff Hudson. Hudson recently noted that he sees organizations beginning to rely on “ubiquitous encryption to protect data across the enterprise.” He pointed out that with last year’s high profile data breaches, many organizations are assuming that their firewalls and other defenses are in some way compromised or vulnerable to attack. This realization that the walls around data are relatively open has brought many to the realization that the data inside the network needs layers of protection as well. So much so, that Venafi’s Hudson is predicting that 2012 will be the “year of ubiquitous encryption.”
Other organizations have also stepped up efforts to promote encryption. The privacy rights group, Electronic Frontier Foundation has made recommendations that it’s members “commit” to a full disk encryption on all devices, both desktop and mobile. The obvious affect would be that all private data like sensitive business documents, personnel information, customer data and email correspondence. With the full encryption, even if the device is stolen or lost, the data would be safe from being accessed.
Ulf Mattsson, CTO of Protegrity spoke to eWeek and noted “Organizations need to make sure that all data, regardless of whether it is stored inhouse or managed by a third-party provider, is protected by either encryption or tokenization.” He went on to say that, “Incorporating these data security measures may add some complexity, but the protections would wind up saving the organization money in the event of a data breach.”
Jeff Hudson from Venafi also made note that as organizations begin to encrypt more and more of their data, they must also create effective processes to manage the keys for unencrypting. Often times, an employee will be tasked with encrypting their data and then leave the company. After they’ve left, the key is either missing or lost. This process will need to become more organized and have a central person or group who manages the keys as well as making note of what data has been encrypted or is next in line to be encrypted.
The issues with passwords when protecting data is that when they are entered online or through software, hackers can remotely replicate that act by penetrating a security layer. With LOK-IT, there is no way to remotely enter the password to unlock the drive, because LOK-IT uses hardware authentication where the user must have physical control of the device to enter the PIN through the onboard PIN-pad.
The Department of Defense (DoD) has announced plans to create a new methods and procedures in the way that the military handles classified material and sensitive data. This new procedure will utilize mobile technology and devices such as smartphones and tablets in the coming year.
This move by the DoD and Pentagon chiefs is controversial with some top military commanders. These commanders are afraid that the expansion of wireless technology, especially when handling classified material will put military operations and network systems at risk for data breaches. However, proponents of the meaures believe that using smartphone and table technology is the way of the future for the armed forces and their civilian counterparts.
“The question they are struggling with is this: In a military that is trying to get more secure, how do we approve technology and protocols that are inherently less secure?” said Brian Hajost, president and CEO of Steelcloud Steelcloud is providing the military and other government agencies with wireless security systems.
The move to greater use of mobile wireless devices is fraught with risk and reward. The DoD includes the use of wireless technology as a common sense move that will help to make the agency more efficient. This move is also part of a greater strategy that the Pentagon has for enhancing security of computer servers, the use of encryption codes and also the development and usage of various military frequency bands.
One area that the Pentagon is exploring to move into the mobile device realm is tht of the Common Access Card. This is a card system that troops use to verify their identity when sending sensitive emails or when they log into a DoD database. The card is swipe in order to gain access, which works in an office environment, but isn’t very practical when using a mobile device. The military is looking at alternatives to this system such as biometric identifiers on the device or usage of encrypted devices that can both identify the user, but also protect the data.
However, besides the various technical aspects and devices, there remains a fundamental concern within the DoD. This is of course, how to continually protect and safeguard American secrets and ultimately to make certain that military troops are not put into harms way by a breach that allows an enemy to use data to wage battle against the U.S.
As the military moves forward with these plans, it will continue to have a very strict policy on the popular BYOD culture in the rest of the U.S. As the military rolls out the usage of mobile devices, it plans to limit the use to only those devices that are owned and issued by the Defense Department. This strict control will allow the Pentagon to exert control over its phones and tablets. If a device is lost, there is not an issue of what to do. An administrator can quickly wipe out the contents. If a troop is placed in a sensitive situation the administrator could also disable camera and also shut off any GPS locator signal in order to protect the location of a troop or its members.
Finally, to answer the critics of the plan, the Pentagon is also exploring the possibility of operating its own mobile network, thereby giving ultimate control over security and protection to the military itself.
By 2014, the installed base of devices based on lightweight mobile operating systems, such as Apple’s iOS, Google’s Android, and Microsoft’s Windows 8 will exceed the total installed base of all PC-based systems, according to Gartner.
“Enterprise, government and military IT managers can not ignore the move to tablets and smartphones and must understand that devices they purchase today could quickly be obsolete unless those devices are platform independent,” said John Tate, Systematic Development Group’s executive vice president. “With operating budget dollars at a premium, the flexibility of LOK-IT is an extremely valuable benefit.”
LOK-IT is the first encrypted flash drive with enterprise-level security that can be used with any operating system since it doesn’t require software for user authentication or encryption. To gain access to the drive and data within, LOK-IT users just punch a pin code into a 10-key PIN-Pad*, much like an ATM.
FIPS Certification Required?
 |
FIPS 140-2 Level 3, Metal, Dustproof, Water-Resistant... Check it out |
Worldwide Sales Agencies
 |
Seeking agent representation and distributors worldwide Inquire Within |