We notice you are currently visiting the UK site. Would you like to visit our main site instead?

Changing behaviours towards encrypted storage – Expert insights

In an era where data breaches and cyber threats are becoming increasingly sophisticated, the importance of secure and encrypted storage solutions cannot be overstated. To shed light on the changing behaviours towards encrypted storage, we interviewed David Clarke, a leading cybersecurity and data protection expert.

Clarke’s extensive experience includes managing security for the world’s largest private trading networks and running one of Europe’s biggest security operation centres. Here are the key takeaways – along with clips from the interview.

The impact of regulatory changes

Regulatory changes across the globe, whether in the EU, UK, or US, have significantly influenced the adoption of hardware-encrypted storage solutions. Clarke emphasises that demonstrating strong control over an organisations’ own environment is key. “If you can’t demonstrate that, you’re already on the back foot,” he notes. Hardware-encrypted secure storage and its enforcement throughout an organisation are now critical components of compliance with these regulations.

Understanding the difference between hardware and software encryption

One of the key challenges that organisations face is knowing the difference between hardware- and software-based encryption. Clarke explains that while both have their merits, hardware-based encryption is often faster, significantly more secure and more resilient to hacker attacks. Interestingly, Clarke offers an example where insurance questionnaires sometimes specify a preference for one over the other, adding to the complexity for companies, especially if they don’t know how the differences between the two methods.

For many reasons, hardware encryption is the best option to strongly protect data and ensure full compliance with regulations; for example, software-encryption on mobile storage drives can easily be removed, negating compliance and opening up risks of data breach. In addition, the use of password-protected and software encrypted files can often be hacked with free or paid password-guessing tools easily found on the internet.

A woman leading a data security training session in a meeting room, with a lock icon displayed on the screen behind her

Increasing awareness and proper usage

To ensure proper usage of hardware-encrypted storage devices, Clarke advocates for regular data security hygiene training and enforcement. However, he cautions against generic, standardised training, which can become monotonous. Instead, he suggests organisations look towards customised training sessions that engage employees more effectively. For instance, workshops with developers can help employees understand the importance of security measures and encourage them to report blind spots or deficiencies.

Clarke goes on to recommend the concept of a “cyber data champion” in each department within an organisation. These individuals act as local points of contact, providing feedback and sharing new ideas. This approach helps scale the compliance message and ensures that it truly connects with employees.

The shift towards passphrases

Password management remains a significant challenge for employees. Clarke observes a growing trend towards using longer passphrases instead of more complex passwords that are more difficult for employees to recall. Government guidelines in the UK and US now recommend longer passwords, making passphrases a more practical and employee-friendly solution.

The importance of air gapping data

Air gapping data – keeping it isolated from the Internet – is key for preventing compromises in this age of constant cloud breaches. Clarke explains that having sensitive data on the corporate network can be risky, as it can be used as leverage by malicious entities. Air gapping ensures that key information remains secure, even if the network is compromised. Air gapping is often the preferred security method used by government agencies and military for highly sensitive data.

Real-world example of encrypted storage

Clarke shares a compelling case study where a client was advised by their insurance company not to store their cyber insurance policy on their network. The solution was to use secure, hardware-encrypted storage, which proved to be a cost-effective and reliable method for safeguarding critical information.

Kingston IronKey drives placed next to each other on a grey table

The advantages of hardware-based encryption

To comply with various regulations and ensure robust security, hardware-encrypted USB drives and external SSDs are essential. Clarke points out that hardware-based encryption offers several advantages over software-based solutions. Hardware-based encryption is more secure because it is less susceptible to software vulnerabilities. The encryption process is handled by a dedicated secure microprocessor on the drive, which is isolated from the computer’s operating system and software environment. Unlike its software-based counterpart, this isolation makes it much harder for malware or hackers to compromise the encryption.

Hardware-encrypted drives are designed to be tamper-resistant if they are FIPS 140-3 compliant. If someone attempts to physically tamper with the drive, it can trigger mechanisms that eventually erase the data, thereby mitigating the risk of data breach. This feature adds an extra layer of protection against physical attacks.

This is why hardware-encrypted storage can help organisations meet regulatory requirements and demonstrate their commitment to data security. Kingston IronKey USBs and external SSDs, for example, offer robust hardware-based encryption, ensuring that sensitive data remains securely protected and compliant with laws and regulations.

Conclusion

As cyber threats continue to evolve, so too must our approaches to protect sensitive data. Clarke’s insights are a valuable reminder of the importance of staying ahead of regulatory requirements, choosing the right method of encryption when it comes to secure storage, and engaging employees in meaningful security practices. By adopting these strategies, organisations can better protect their important data and maintain robust security practices.

Watch video

Was this helpful?

Kingston’s ask an expert icon on a circuit board chipset

Ask an Expert

Planning the right solution requires an understanding of your project’s security goals. Let Kingston’s experts guide you.

Related Articles