Public and private enterprises across all verticals must be concerned with the secure handling of personally identifiable information (PII) of their employees and customers, trade secrets and intellectual property (IP), financial, product and planning information, and other data critical to their business. Mishandling of PII data can result in a violation of stringent regulations, including the General Data Protection Regulation (GDPR) and the Gramm-Leach-Bliley Act (GLBA), opening the firm to financially and reputationally damaging fines. The loss of IP and other data can damage an enterprise’s ability to compete or do business effectively and result in reputation loss.
By Grant Evans, Chairman and Chief Executive Officer, SPYRUS
The Data Protection Conundrum
Protecting data is a daunting task and requires a view towards preserving the Confidentiality, Integrity, and Availability of data — also known as the CIA triad. Data must be protected when it is in motion, at rest and in use. The mobility of an enterprise’s workforce complicates matters further. The current pandemic has extended every office environment to every home and location with a hotspot, which is likely to be the new normal.
While telecommuting offers employers the flexibility to “extend the office” into environments where employees want to work, or must when circumstances demand, it also expands the threat landscape exponentially. Whether it is a home office, local coffee shop, or a hotel lobby, employees can continue contributing to the business from anywhere in any way. Unfortunately, perceived increased productivity could quickly become detrimental. Extending the office beyond a “controlled” building also extends the company’s network, stretching security thin and opening holes for hackers. Most often, hotel, home, and coffee shop Wi-Fi networks are not secure enough to protect sensitive data used by insurance, banking, and health care companies. This exposes the company to fines stemming from violations associated with Code of Federal Regulations (CFR) Standards for Safeguarding Customer Information, Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and the growing number of privacy regulation at Federal and Municipal levels. While securing and managing endpoints with software protection and mandatory VPN usage mitigates the risks associated with data in motion, it does not address the protection of shared data and often hinders stakeholder collaboration.
How can teams effectively collaborate on projects if employees and managers and even third-party partners cannot see who made what changes and when to presentations, whitepapers, contracts, et al.? Perhaps more importantly, how can enterprises ensure that their stakeholders only share data with authorized persons and be confident that the data is still protected at its destinations? Most data protection schemes focus on either limiting access or sharing data and hoping for the best.
SPYRUS believes a true long-term data protection solution requires a holistic approach that quickly identifies and thwarts threats without extensive financial and labor resources.
SPYRUS Solutions provides a holistic approach with cost-conscious and easy to use cryptographic solutions incorporating encryption, authentication, and management. The SPYRUS DevicePatrol™ Platform comprises of hardened endpoints and endpoint cryptographic management, in a secure collaboration environment.
SPYRUS hardened endpoints are the most secure in the industry — FIPS 140-2 Level 3 validated, ensuring both physical and logical security controls resulting in an anti-tamper design that provides Military-grade encryption and multi-factor authentication for any enterprise.
With the SPYRUS DevicePatrol management software, endpoint activity is audited and logged even when used offline. If the endpoint activity is concerning, an enterprise administrator can “disable” the token or “destroy” the endpoint keys remotely anywhere in the world, rendering all data on the drive useless (temporarily or indefinitely).
Enterprises also need to enable secure collaboration between employees and sometimes with external parties, protecting both the critical data and critical workflow. To that end, SPYRUS offers a unique and secure collaboration environment.
Secure Data Protection and Collaboration
The SPYRUS NcryptNshare application allows for individual documents, files, and folders to include digital signatures, ensuring the shared data source. NcryptNshare also creates a secure personal vault on each user’s personal computer(s) that cannot be accessed or viewed without applying and unlocking the user’s Rosetta token that protects the encryption and authentication/signature keys in FIPS 140-2 Level 3 hardware.
NcryptNshare provides the highest level of object encryption and controlled access so that cloud or other unsecured communication locations/paths can be used with the highest levels of confidence. For example, a user can share information with only the intended recipient(s) via email, instant message, or any medium in the public cloud. A user can create secret file folders only accessible to individuals in groups who have their own Rosetta token.
The SPYRUS patented “seal” of the encrypted file prohibits any tampering (for instance, by malware), ensuring data is protected wherever it is stored. SPYRUS also provides data recovery capability that can be managed by the enterprise should a user’s key be lost, disabled, or destroyed.
NcryptNshare is powered by the SPYRUS Hardware Roots of Trust (aka “Rosetta”). Rosetta is a FIPS 140-2 Level 3 validated security controller chip embedded in all DevicePatrol tokens. In addition to being anti-tamper, Rosetta offers a comprehensive list of cryptographic functions with RSA, elliptic curves, and custom algorithms. By leveraging Rosetta’s key protection, NcryptNshare allows users to dynamically assign access to encrypted objects to enforce multifactor authentication, ensuring that only the right user(s) have access to the information being shared.
All enterprises have a myriad of data that must be secured — both on-premise, in the Cloud environment, and at any location its stakeholders find themselves. The financial and reputational impact of not securing data can be severe. Enterprises need to embrace intuitive solutions and business practices that enhance their stakeholders’ ability to protect data in motion, at rest and in use, avoiding mishaps that exacerbate the insider threat. For more than 20 years, SPYRUS has ensured public and private enterprises have security solutions to protect their data at the highest levels of confidence by exceeding CIA requirements. The SPYRUS DevicePatrol Platform and SPYRUS NcryptNshare enable enterprises to extend the office worldwide — and secure the collaboration of its employees and key third parties.
For more information, visit www.spyrus.com.
About the Author
Grant Evans was named Chairman and CEO of SPYRUS in late 2018. He is a seasoned senior executive and serial CEO with nearly 30 years of operating experience. He has served as Chairman and CEO of multiple public and private companies on a global basis, including NetFortris and ActivIdentity.
Evans is a notable industry leader and has received wide acknowledgment of his contribution to the security industry. He serves and has served on multiple company and industry boards that have included NetFortris, 3VR, Bell ID, Congressman Honda’s Blue Ribbon Security Board for Homeland Security, American Electronics Executive Advisory Committee, Comdex Advisory Board on Security, Pearl Street Ventures Advisory Board and TCSV-Trans Global Secure Communications Board.
All views are personal and attributed to the author. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.