Home Articles Regulated Data Security and Encryption

Regulated Data Security and Encryption

ssd_wave

With the changes in regulation for industries such as Accountancy, Legal, Financial and Healthcare, data governance comes under the spotlight again and again. For most mid-sized to large capital firms enterprise wide security and data protection systems is already in place (or should be). But what options are left for the SME market place? These firms still need to adhere to the rules and regulations of their governing body, but an enterprise class system is overkill for smaller companies.

It is a good thing for SMEs that the marketplace has an answer. Kingston and Trend Micro both offer an encryption method and set of products using Opal that can secure SSD (Solid State Drives) to an enterprise standard, and even remotely manage the attached devices.

The biggest challenge with any data is control. Once that data has left the corporate network compliance needs to be sure that information is secure and encrypted.

For example, let’s say I work in the insurance industry. I have all of my clients listed and saved on my laptop, along with their policies schedules. I am a road warrior so everything is on my laptop. I probably come to the company office once a week (maybe longer) and catch up with the endless paperwork I have to complete. How can I ensure that my data is secure on my laptop, or even (heaven forbid) on a pluggable device such as a USB stick? This is a massive risk for my business. Any loss of data, a slip in its integrity and security and I would be exactly the type of person that the regulating body wants to police.

As Trend Micro points out, “The proliferation of data and devices in today’s enterprises has increased the complexity of protecting confidential data, meeting compliance mandates, and preventing costly data breaches.” And they are right. The challenges become greater as more employees bring their own devices (BYOD), laptop and storage, to work. Productivity has improved but the risks are greater. Ensuring that sensitive data is secured in the case of device loss has never been more difficult.

Many of these credit companies are not aware that advances in technology can benefit these vulnerable firms.

With recent regulation changes in the UK on consumer credit firms the FCA will enforce extremely heavy penalties for companies that can comply with the rules. Around 50,000 firms currently make up the £200 billion a year consumer credit market. This mean there is a lot of sensitive data out there to secure.

Around 50,000 firms currently make up the £200 billion-a-year consumer credit market to be regulated under the FCA, these rules are and will be enforced with extremely heavy penalties if found non-compliant. Many of these credit companies are not aware that advances in technology can benefit these vulnerable firms; making it easier to meet data protection and security regulation.

Leading the way
Kingston Technology secures data using firmware customization across its SSDNow KC300 range, implementing self-encrypting drives (SEDs). The security focuses on data stored on the drive, allowing IT departments to protect company data.

Customizing the firmware enables TCG Opal 1.0. The Opal specification of the Trusted Computing Group (TCG) is a standard for creating and managing interoperable SEDs for the protection of stored data from compromise due to loss, theft or drive end of life. Using Opal Kingston reduces risk of data theft without impacting on the drive’s read/write transfer rate. Security compliance shouldn’t mean compromising performance.

Trend Micro encrypts data on a wide range of devices – PC and Macintosh laptops, desktops, CDs, DVDs, USB drives and other removable media – through Endpoint Encryption management console.

This solution combines enterprise-wide, full disk, file/folder and removable media encryption. There is also port and device control to prevent unauthorized access and use of private information. A single management console allows companies to manage users holistically. Deploying Trend Micro Endpoint Encryption helps ensure that important data will continue to be protected, even as mobile computing needs change.

Putting it all together
Combining these two solutions from Kingston and Trend Micro can benefit SMEs. Together they can create a complete enterprise solution for data protection and security. For SMEs this level of security not only complies with regulation but can also be very cost effective.

Both products from have the ability to use the Opal standards. Why Opal standards? Opal operates independently of the physical media type used to store the data. Back in the day when Opal was being designed most drives had spinning platters, the venerable Hard Disk Drive (HDD). These drives either had 512 byte physical block sizes which corresponded one-to-one with the 512 byte Logical Block Address (LBA) presented to the host computer or they had a pretty efficient method for dealing with the LBA in 4k or 8k physical storage blocks.

In the last few years we have seen HDD retreat from the advance of Solid State Drives (SSDs). These drives also have 4k or 8k or more physical block sizes but due to the underlying nature of the memory used in SSDs it is inefficient to let the host computer ignorantly write data to just any address in any size chunks.

Using these products together we get Opal standard SSDs with Opal standard management software that can remotely control, log, police and standardize data security. We’re looking for security without a hit on performance. For the road warrior like me an SME firm does not need to spend an absolute fortune on enterprise tech to achieve good data governance. However, regulatory compliance through IT governance is not always core competency for firms. Corners are often cut due to a lack of understanding; and this can often result in data loss and security breaches. But there are vendors out there, like Kingston and Trend Micro, are trying to help businesses understand security and data compliance issues.