Posts Tagged :

Privacy

Respecting data privacy rights through data encryption

960 640 Stuart O'Brien

John Michael, CEO at iStorage considers the need for increased privacy in relation to sensitive information and looks at the methods and mechanisms to ensure high levels of data security…

Data privacy should be a top priority for all organisations. As systems and services increasingly move into the cloud as part of the digital transformation agenda, company data, a much sought-after commodity to malicious threat actors, is ripe for the taking. And, there has never been a more critical time to protect it. Evolving intelligence indicates that the Russian government is exploring options for potential cyber-attacks [1] as a response to unprecedented sanctions and export controls to hold President Putin to account for his war against Ukraine. This puts organisations at risk and means that cybersecurity and data protection must be an absolute priority.

Even relatively small measures taken to secure data can have an immediate positive effect when rolled out across a business and its stakeholders, but companies are not always quick enough to respond and act. What, then, are the steps that organisations should be taking, and how can they be implemented quickly and effectively to respect the rights of the data owner while implementing the highest levels of protection to prevent data from becoming compromised?

Encrypting data in the cloud

Encrypting data is a requirement of most compliance standards. Organisations are under constant attack and, regardless of whether the attack makes headlines or not, the data should be protected. To ensure data privacy when faced with common threats, such as DDoS and malware attacks, data must be encrypted before it is sent to the cloud, in transit and at rest. For ultra-secure encryption, that data should preferably be encrypted with a FIPS certified randomly generated AES 256-bit encrypted encryption key. Confidential information stored on a local computer or drive, sent via email or file-sharing service, and shared in the cloud should be securely encrypted.

The more people the data is shared with, the greater the challenge to ensure data privacy. Storing data in one place and ensuring that it can only be accessed by authorised users who have a copy of the encrypted encryption key can allow for efficient working whilst ensuring data security. Sharing encrypted data allows for instant collaboration in the cloud, safe in the knowledge that the data is highly secure.

Controlling the encryption key

If the data is stored in the cloud, control of the encryption key is important. Granted, most cloud service providers (CSPs) will encrypt their customers’ data and some even offer a key management system service, allowing customers to manage their encryption keys. However, the encryption key is still stored in the cloud and thus accessible to hackers and even the CSP’s own staff. It’s imperative that the user has full and secure control of the encryption key in order to ensure the data is kept confidential even if the cloud account is hacked.

Having your own key management system will not only give you more control of encryption keys but is also more convenient for those using a multi-cloud solution. And security measures must go beyond simple cloud login credentials. If a hacker obtains a user’s credentials, the breach will go unnoticed to the CSP who will not be able to differentiate between the hacker and a legitimate user. Keeping the encryption key away from the cloud increases the number of security measures from just one authentication, the cloud account login, to as much as a five-factor authentication.

Back up encrypted data to secure drives

Backing up valuable data onto an encrypted hard drive can prevent organisations from losing access to their important information during, for example, a ransomware attack. Using a PIN-protected hard drive will secure the data even if the drive is lost or stolen, avoiding the risk of the data being accessed or viewed by unauthorised persons. To avoid losing sensitive information in the event of a ransomware attack, sharing information using PIN-protected USB flash drives is another safe option. This can be especially useful for remote workers as they can securely protect and back up their confidential data on the move.

Encrypting data within a dedicated hardware-based Common Criteria EAL5+ certified secure microprocessor is the ideal solution to data security. The ultra-secure microprocessor employs built-in physical protection mechanisms, designed to thwart cyber-attacks, and is designed to defend against external tampering, bypass laser attacks and fault injections. All critical components within the drive should be covered by a layer of tough epoxy resin which is virtually impossible to remove without causing permanent damage to the critical components. In addition, brute-force limitation ensures that if a PIN is continuously entered incorrectly the encrypted encryption key is deleted along with all data previously stored on the drive.

Following these recommendations will help today’s businesses keep their sensitive information confidential, regardless of where it is stored and how it is shared. Data encryption is an important part of ensuring ongoing data integrity, helping organisations comply with data protection regulations and earn customer trust in their abilities to manage safer data.

About John Michael, CEO, iStorage

After constantly reading about increasing data loss incidents, iStorage CEO and Founder, John Michael, saw this was clearly a growing problem with damaging consequences and identified a huge gap in the market to establish a business offering ultra-secure, easy-to-use and affordable data storage devices. Applying his 35 years’ worth of knowledge and experience within the data storage space enabled John to come up with ideas for products that would resolve such problems.

[1] https://www.cisa.gov/uscert/ncas/alerts/aa22-110a

Total Security Summit logo

Crises, CCTV and Cyber Crime top the total security summit

800 450 Jack Wynn

The global landscape has experienced a rather monumental change over the last year, with security being more relevant than ever as we go into 2017.

The first Total Security Summit of the year is determined to address these issues and uncertainties in a bespoke two-day event for security professionals.

Meet, share, connect and debate business relevant to your current and future projects with matchmade face-to-face meetings, experience a day of dining, drinks and discussion as you network with fellow business professionals and attend seminars covering a range of relevant topics.

Reaching a landmark age in political global challenges and uncertainties, it’s vital to prepare for the future, protecting crowded areas, addressing terror threats and discussing counter-terrorism is Dr Anna Maria Brudenell, Lecturer in Military and Security Studies,
Cranfield Defence and Security for the first seminar on Global Security Strategy.

As terror threats continue to rise and evolve without warning, discussing and understanding the implications is crucial to develop your security in a crisis. Chris Phillips, Managing Director, International Protect and Prepare Security Office (IPPSO) is presenting seminar 2 on Crisis Management and Communications

Video surveillance is being used in greater quantity and with higher quality expectations, with Britain among the leaders in CCTV operation, but are the benefits worth the cost? With few resources and increasing legal parameters, Simon Lambert, Independent CCTV Consultants, Lambert Associates is discussing  CCTV and Video Surveillance in seminar 3.

axis-excell-4

John Marsden, Head of Fraud, Equifax, is discussing how to identify and tackle theft as it happens, assessing risk, detecting threats and ensuring on-going training in Seminar 4: Keeping your Business’ Cash and Assets Safe and Secure

Going into your second day, and following morning networking, James Willison, Founder, Unified Security Ltd goes digital. As our dependency on technology grows, many companies are more vulnerable than ever, between data and privacy risks to ransomware, hackers are becoming more sophisticated, and businesses need to adapt quickly for Seminar 5 on Cyber Crime – the United Security Response.

With a continuing rise in companies at risk of fraud, from physical fraud to high level hacking, security needs to be tight across the board, and the final seminar before more discussion and networking addresses these fears. Fraud Prevention with David Lee, Fraud Prevention Manager, Transport for London sees the summit almost to a close.

Taking place between the 13-14 March at the Radisson Blu Hotel, London Stansted, this year’s Total Security Summit is the industry go-to for professionals.

To secure a complimentary delegate place at either of the two annual Total Security Summit events, call Liz Cowell on 01992 374 072 or email l.cowell@forumevents.co.uk.

Or, to attend either event as a supplier, call Nick Stannard on 01992 374 092 or email n.stannard@formumevents.co.uk.

For more information, visit www.totalsecuritysummit.co.uk.

UK start-up reveals ‘secret’ to solving identity fraud crisis…

800 450 Jack Wynn

ShowUp, a new British start-up which claims to be taking an ‘entirely independent approach’ to online digital identification, has created a solution to combat the rising issue whereby individuals can take a selfie with the company’s newly-created app.

By taking a selfie via the ShowUp app, a friend or family member proves the image of the person is correct, which is then securely stored on file as the reference photo. Therefore, when an individual logs into their online account, they take another ShowUp selfie whilst reading out a randomly generated phrase displayed on the screen; ensuring the selfie is unique to that moment, and that the camera is pointing at a live person.

The company removes the need for the complex mix of pins and passwords of memorable information that supposedly protect consumers across banking, social media and other secure interactions where despite these burdensome login processes, identity fraud still takes place.

Founder and executive director at ShowUp, Jeremy Newman, said: “ShowUp exploits the fact that for the first time nearly everyone has a camera connected to the internet. We work on the principle that organisations don’t know people, people know people. Therefore instead of relying on passwords or any other data to verify identity, we can now draw upon the natural ability of people to recognise one another.

He continued: “With mobiles, ShowUp and social collaboration, ordinary people become the source of true identity, rather than being the victims of outdated and flawed practices forced upon them by organisations.”

ShowUp is attracting investment from senior executives in key industries who are helping the company build and scale this new technology to the whole population.

 

Learn more about ShowUp here

BeCyberSure joins EEMA to provide ‘strong security’ education…

800 450 Jack Wynn

The cyber security information company, BeCyberSure, has been welcomed by the not-for-profit think tank, EEMA, which specialises in identification, privacy, risk management, authentication, cyber security, mobile applications and the Internet of Things (IoT), as its newest member.

It follows an appearance made by BeCyberSure in June at the two-day Trust in the Digital World (TDW) conference in The Hague, hosted by EEMA, TDL and IDnext. The company participated in a seminar which focused on cyber security for small and medium-sized enterprises (SMEs), and provided an opportunity to become involved in initiatives such as Information Security Solutions Europe (ISSE), Trust in the Digital World (TDW) and EEMA’s high-level fireside briefings.

Chairman of EEMA, Jon Shamah, commented: “We’re delighted to welcome BeCyberSure as members of EEMA. The company’s knowledge and expertise in assisting business throughout Europe with regards to their information security strategies makes it an important addition to our expanding network.”

 

To find out more about EEMA membership, click here 

Guest Blog, Paul Dodds: Delivering security and privacy with video surveillance systems…

800 450 Jack Wynn

Paul Dodds is the country manager UK & Ireland at Genetec Inc. Paul has over 14 years security industry experience across installation, manufacturing and distribution. Having trained as an electronic engineer and installer, Paul has held senior positions with Xtralis, Honeywell and ESI

With recent high profile cases in the media, it seems that the public is both increasingly aware of and concerned about the relationship between security and privacy. And while it’s often discussed as an either/or scenario, those of us in the security industry know that there are many more variables to consider than that.

After all, people are reassured by the presence of security devices like cameras and access control panels. Being aware of physical security installations can make us feel safe in locations where we might otherwise feel vulnerable. At the same time, however, no one likes the idea of being monitored while going about daily tasks.

The fact is that recent advances in technology are making it easier for us to secure our businesses, organisations and communities with new ‘privacy enabled’ encryption and masking features that also uphold our right to privacy by default.

Image masking for privacy

A really exciting advancement is ‘Foreground Masking’, a new technology that allows organisations to mask individuals in video by default. With Foreground Masking, the system captures two images. The first is a full-resolution or non-blurred image that is immediately encrypted and stored.  If the footage is ever required for an investigation, a copy of the full resolution, non-altered video data can be retrieved once the appropriate permissions have been acquired, albeit local, municipal, or federal order.

The second image is auto-redacted or blurred to obscure the identity of anyone seen on the video. Organisations can set their systems to blur or pixelate entire figures in their video footage. It is this second image that is seen by security operators or used on monitoring displays.

This advancement represents a shift in how we think about capturing video. Where once footage was broadcast as captured and then redacted after the fact to protect the identities of innocent civilians, Foreground Masking obscures identities at the source and then to provides unmasked copies only once a compelling reason to reveal them is established.

Authentication with multi-factor smart card credentials

Another advancement in security technology is the use of Credentialed High Assurance Video Encryption (CHAVE™), a protocol introduced by our technology partner Bosch Security Systems, Inc. Through the use of CHAVE™ enabled systems, like the one developed by Bosch, Genetec Inc., and Secure Experts, organisations can ensure that both live and recorded video is accessible to only a defined set of viewers.

CHAVE™ enabled systems provide secure identification and authentication through multi-factor smart card credentials. This IP video solution increases your system’s resilience against unauthorised access, malware, brute force cracking, and other exploit techniques.  In addition, it also helps to ensure privacy as only authorised and trained security personnel have access to video footage.

End-to-end encryption

A third tool that supports individual privacy by helping to maintain the security of a security system is end-to-end encryption. More specifically, this protocol is based on Secure Real-time Transport Protocol (SRTP), which hardens surveillance content against cyber-attacks and unauthorised interception.

SRTP encryption for content archiving, as well as for content in transmission between servers and their clients, protects the integrity and privacy of surveillance content from the ‘edge’, or the camera, all the way to the Archiver and Security Desk.

As the public is catching up with our concerns, those of us in the security industry have been hard at work developing tools and solutions that will deliver both security and privacy.  With new Foreground Masking technology that masks identities by default, CHAVE™ enabled technology for authenticating users and access and SRTP encryption for protecting the data from the time it leaves the ‘edge’ all the way to the archive in a security system, we are able to provide the security that organisations and citizens need while ensuring the privacy that they want.