One of the most important keys to cybersecurity is encrypting data. Particularly as many turn to public clouds for storage, the only way to truly keep data safe is to encrypt it before sending it to the cloud.
Easy in theory, but tough in practice. Rules, training, and processes must be put in place to determine exactly what data gets encrypted and who encrypts it. Since cybersecurity isn’t in the forefront of every knowledge worker’s mind, it’s easy to see how data could mistakenly fall through the cracks – and into the wrong hands. A study conducted by the Ponemon Institute found that 40 percent of organizations admitted their employees routinely turn off their laptops’ security protection, even though 68 percent claim they have policies in place that don’t allow this.
Especially for those in the healthcare sector, recent history hasn’t been kind with regard to data breaches. The alarming rise in cyberattacks coupled with the demand for managing growing applications portfolios is forcing healthcare companies to explore whether they can outsource application management services (AMS) to offshore providers while still keeping their data secure.
However, by offloading the work to a third-party AMS provider – particularly one outside the U.S. – the risk is simply transferred to other human beings. The healthcare companies collecting and processing the data are still ultimately responsible for its safety. To make matters more complicated, it’s extremely difficult to validate data control and security once information leaves U.S. borders. It doesn’t matter how secure a clean room these AMS providers can create, there’s still a great deal of risk that will need to be addressed.
What if there was a way to take human error out of the encryption process?
Well, there is a way – and it’s arguably the best-kept secret in the security industry today: the Self Encrypting Drive (SED).
SEDs provide hardware-based data security by continuously scrambling data using a key as it is written to the drive, and then descrambles the data with the key as the data is retrieved. The contents of SEDs – and the encryption keys themselves – are always encrypted, protected in hardware that can’t be accessed by other parts of your IT environment. Because disk encryption is handled in the drive, overall system performance isn’t affected and is safe from attacks targeting other components of the system.
SEDs also speed up and simplify the drive-redeployment process. By deleting the encryption key, the data is unreadable. This eliminates the need for time-consuming hard drive data overwriting processes.
Best of all, SED hard drive encryption is completely invisible to end users. They can just focus on processing data to do their jobs, rather than remember to encrypt data after every interaction.
Half of the companies surveyed by the Ponemon Institute believe that SEDs would significantly limit their knowledge workers going rogue and trying to circumvent security best practices. If that’s the case, then why do so few businesses actually use SEDs?
First, it’s a cost issue. SEDs aren’t shipped as standard hard drives, so procurement departments generally select the most cost-effective bundle they can find. However, given the fact that malicious insider and web-based attacks are two of the most costly and time-intensive cyberthreats to resolve, taking the time and extra expense to automate encryption of all data through SEDs is absolutely necessary. Second, awareness of SEDs’ existence is dangerously low. People can’t ask for hardware they don’t even know exists.
It’s time to give SEDs the visibility they deserve so companies can make truly informed decisions when purchasing hardware for their IT environments.
We believe in SEDs so much that we use them by default in our flagship Vault product. By exclusively using SEDs for secure data storage, all data at rest is compliant with regulations to which your organization must adhere, as well as completely protected from hackers and human error.
Instead of taking the time and extra expense to find a third-party AMS provider to build a clean room for data – which still can’t guarantee complete protection – use Vault to quickly protect your data and provide a safe place to manage IT application development. No negotiating with third-party vendors outside the U.S., no relinquishing control of data. US Cyber Vault has brought in the most seasoned cyberintelligence team and secure technology to monitor, protect, and secure your data from cyberattacks – right here in the U.S.
Visit our website to learn more about how we incorporate SEDs into our product line today.
Written by Rob LaMear, CEO, US Cyber Vault
Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community. Receive our next issue by signing up here.