The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years.

According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured.

Nuanced approach to data security

Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analysed at both the hardware and software level, we need a new and more nuanced approach to data security.

Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example.

The importance of data-at-rest encryption

In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse.

A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data
Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways

A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data.

Ensuring drives to be Common Criteria compliant

One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security.

One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on.

Providing an additional layer of security

The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack.

Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised.

Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals.

Industries in need of data-at-rest encryption

Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records.

Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption
With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack

The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report.

It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its part

SMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across.

Securing every hardware and software

Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part.

There’s a clear need for more industry dialogue and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Andrew Palmer Sales Manager - UK, Ireland & Israel, Seagate Technology

In case you missed it

Thermal cameras and smart cities: Preventing COVID-19 in public places
Thermal cameras and smart cities: Preventing COVID-19 in public places

With the pandemic still in full swing and no certainty as to when exactly it will come to an end, the world has been battling anxiety for months now. And with each day, circumstances change quickly and almost make it impossible to predict what will happen next, how events will unfold, and what actions to take in light of a new situation. But one thing is certain: the world has been shut down and paralysed for way too long, and the eventual reopening is unavoidable – in fact, it’s well under way. In this situation, what is possible to control is how the world will continue reopening – and specifically, how to ensure the safest possible reopening that will ensure the return of some degree of normalcy to people’s lives and business operations, while also managing the risk of COVID’s spread in the most efficient way. Our highly digitised, technologically advanced world This is when the power of technology comes to rescue the day: what truly sets the global crisis we face today apart from other calamities that humanity has encountered over year is the fact that it has developed in a highly digitised, technologically advanced world where each day brings about innovations with a sole purpose to make daily life and operations easier and more streamlined. And among these, the star of the past decade has been artificial intelligence. The world has been shut down and paralysed for way too long, and the eventual reopening is unavoidable – in fact, it’s well under way While AI has many avenues of introducing efficiency and fast problem-solving, there is one specific application that will further fuel the reopening of the world and successfully keep the spread of the virus abate. This “collaborative security” application includes a synthesis of smart video analytics, facial recognition, object identification/detection, and thermal cameras that can support the reopening of businesses globally when installed within those facilities frequented by customers. With such a level of sophistication that can ensure uninterrupted monitoring and analysis of large public spaces, these AI technologies can ideally operate best as cloud solutions to ensure a collaborative network with maximum scalability and widespread implementation. As these technologies increase in ubiquity and find their way into daily operations of businesses globally, the cost of the smart solutions will decrease proportionally to the growth of their reach. There are some highly specific ways to create this collaborative network of interconnected safety tools in the current climate. Here are some applications that have been successful to date and will increase in usability in the foreseeable future, creating “smart cities” working together towards a safer, more secure world. Maintaining social distancing practices The most important step everyone around the world has taken to contribute to the effort of slowing the spread of the virus has been social distancing. A six-foot-distance has become a new social norm that has quickly been adopted globally and become a habit to people who are naturally used to being close to others and socialising without giving distance a second thought. The star of the past decade has been artificial intelligence So, it is natural that such distancing measures take time to get accustomed to – and it is also natural that individuals may forget about them from time to time. To help maintain the six-foot distance between people at all times and give them slight nudges to keep the rule top of their minds, AI video technology can be trained to estimate the distance between individuals in public and commercial areas and identify the cases in which people get too close to each other. By notifying local merchants or authorities about such cases, the system can help ensure the safety of everyone in the area at all times while positively reinforcing the public to gradually get more accustomed to maintaining the distance and thus helping stop the spread of the virus. Detecting the virus through facial recognition Perhaps the straightforward application of such high-level technology is using video surveillance to identify persons of interest who have tested positive for the virus. Modern AI has the ability to identify facial features and characteristics with a unique level of granularity, making it possible to identify individuals whose records show they have antibodies from those who can be potential carriers of the virus. After the initial differentiation and identification, the system can then notify the employers and employees of the facility about the results of the conducted analysis and the pursuant results, allowing them to be more vigilant and take action where necessary to ensure a safe experience for everyone. PPE reinforcement Wearing a mask or some sort of face coverage in public spaces and especially within facilities (such as stores, for instance) has been - and will continue to be - a requirement for maintaining a safe and healthy environment for people to continue with their day-to-day lives and businesses to resume regular operations. To this extent, the object detection and identification abilities of smart cameras can further reinforce this requirement and ensure that the absence of protective equipment doesn’t go unnoticed.  Essentially, these cameras can easily identify if an individual has coverage at any given point of time or not, notifying the local authorities about any risks immediately and helping them maintain necessary safety measures without having to interrupt their workflow or worry about missing a visitor without a mask. Detecting high temperature One of the key (and the most widespread) symptoms of COVID-19 is a high fever - a certain indicator of whether an individual may have been infected with the virus or not. While identifying fever with a regular human eye is nearly impossible, AI can do so at a fraction of time by quickly scanning body temperatures of any incoming individuals and determine whether it’s above CDC’s recommended temperature of 100.4F in order to determine the risk factor and notify the local authorities to take action. Modern AI has the ability to identify facial features and characteristics with a unique level of granularity This technology is a good tactic to objectively assess potential risks that come with elevated temperatures - and sometimes, the people themselves might not realise they might (unconsciously) be carriers of the virus and thus endanger the safety of others in their vicinity. The technology is yet another step towards ensuring a safer reopening of the global economy and a more streamlined way of getting back on track while minimising the risk of spreading the virus further. It’s not all about the theory  We have tested the described approaches in our own R&D campus in Europe. The latest release of the IREX cloud enables remote fever detection and monitoring of social isolation and mask policies with AI. We have integrated thermal cameras to detect people with elevated temperature and CCTV cameras for identification and notifying those who potentially ill. In case of any health threat, the venue manager gets an instant message with a picture and exact location. These preventive steps helped our employees return to the office months earlier than it's happening in other countries. Moreover, personnel coming back to the office by their own wish as now they feel a virus-free environment in the campus - even safer than in their own homes. Now we are launching a pilot project for a well-known pharmacy chain in Florida, USA. With the help of a Computer Vision platform, staff will be able to divide customer traffic into those with normal body temperature and those who come in with elevated temperatures, as well as effectively monitor social distance norms. The goal of our potential client is to maximise the safety of customers in the post-pandemic period. Also, IREX is already deployed across hundreds of locations in the UK and will add health monitoring capability soon.

Why cloud-enabled physical security must be part of your long-term digital strategy
Why cloud-enabled physical security must be part of your long-term digital strategy

COVID-19 and the resultant lockdown saw an unprecedented demand for cloud-enabled technologies across Europe. Such services enabled people to stay connected and allowed some businesses to relocate personnel and continue to operate successfully. With enterprise-focused video conferencing mobile app downloads showing a weekly 90% increase in comparison to pre-COVID-19 figures, it’s clear that cloud services have proven invaluable in these challenging times. Now, as the benefits to business of cloud technology become apparent, and the grip of COVID-19 begins to loosen, senior decision makers must consider the learnings from the past few months and look to apply them to boost productivity, streamline costs or become more agile in the long term. Digital transformation presents some enticing advantages for those companies that have been slow to adapt. The physical security industry, traditionally video surveillance cameras (CCTV) and access control, will have witnessed how cloud infrastructure is not only cost effective and safe, but is a force multiplier for connecting platforms, services and people with potent business benefits. The future is VSaaS and ACaaS In today’s modern, connected world, dated technologies are giving way to their cloud-enabled successors, video surveillance as-a-service (VSaaS) and access control as-a-service (ACaaS). In this context, cameras and readers are added to a network as IoT devices that bring security systems up to date and represent a vital component in any modern, cyber-secure digital strategy. Frictionless access control has meant touch free access to buildings But better security is just one benefit of a much greater system that can bring real value. Built in analytics, for example, that utilise the data from network video cameras and smart access control devices, produce valuable business insights that help to inform and automate decision making. In the recent pandemic, frictionless access control has meant touch free access to buildings; while occupancy tools have helped retailers adhere to strict government guidelines on social distancing. And as more security equipment becomes connected to the wider IT network, the advantages have not been lost on the IT industry that is expressing more than a passing interest in the adoption and management of such systems. Morphean recently conducted a survey of 1000 IT decision makers across the UK and Europe, with the purpose of providing clarity around their security purchasing intent in the 2020s. Findings revealed that as many as 84% of IT managers are currently using or considering VSaaS or ACaaS systems, pointing to an appreciation of the convergence of physical security and IT security, and a willingness to embrace systems when integrated with IT in the cloud. An adaptable business model with recurring revenues Of course, it is not just the IT industry that is changing mindsets towards hosted physical security. As a result of COVID-19, end customers are demanding it too and found it easier to scale at speed when business circumstances changed. Rather than being tied to fixed IT infrastructure on premises, a hosted solution offered greater dexterity as operational challenges around the pandemic arose. Businesses were able to customise and scale quickly to meet ongoing need without the need for large upfront capital investment, instead, paying for the convenience as-a-service out of operational expenditure as a monthly cost. This is the proven business model of cloud, yet the security industry has been slow to adopt it. One key challenge is the way in which the prevalent business models in the sector operate. VSaaS is still alien to installers and integrators used to selling hardware on narrow margins, reliant on existing financial arrangements with distributors to fund new equipment. Transitioning to sales cycles based on monthly licences rather than up-front purchases won’t be easy, but the security channel must learn how if it is to remain competitive and drive new business opportunities. This recurring revenue model will be interesting for the physical security industry who will have witnessed uncertainty and, in some cases, a downturn in revenues as decisions around capital expenditure were put on hold during the crisis. Instead, convenient and recurring monthly payments will have put the installer on a firmer footing and guaranteed ongoing vendor support backed by the latest software updates and firmware upgrades to ensure delivery of a high quality service that’s always up to date and online. What is driving your digital strategy? VSaaS and ACaaS provide a flexible and fluid security and business solution Cloud is here to stay. Its resilience and ability to connect the world during the COVID-19 pandemic has proved its worth, even to the uninitiated who have now witnessed first-hand the value of connected systems. VSaaS and ACaaS provide a flexible and fluid security and business solution to meet the demands of a rapidly evolving industry, where the changing threat landscape means investing in the cloud is an investment towards success. CEOs and CIOs within the physical security reseller industry must learn the lessons and apply the learnings to drive their businesses forward in the ‘new normal’ where hosted security solutions must surely play a major part to expand their offering to a wiser customer base. Cloud-enabled physical security solutions represent an investment into improving security and operations, and a chance to forge new business relationships to face the challenges of an ever changing world.

Facial recognition: Contactless solutions for a safe, post-pandemic world
Facial recognition: Contactless solutions for a safe, post-pandemic world

Facial recognition technology has come a long way since it first came to market several years ago. Initially plagued with technical challenges and widely viewed as a futuristic solution, facial recognition is now firmly implanted in numerous consumer and business products and applications. New advancement in software, specifically in the areas of algorithms, neural networks and deep learning and/or artificial intelligence (AI), have all dramatically improved both the performance and accuracy of facial recognition, further expanding its use for an increasing number of applications. From a purely business perspective, facial recognition’s powerful identification and authentication capabilities make it ideal for two primary applications: first as a security tool, and second as a workforce management solution. The touchless, accurate credential solution Facial recognition readers meet the new emerging need to limit physical exposure to germs and viruses Even before the COVID-19 pandemic, the touchless nature of facial recognition as an access credential was gaining traction with physical and cyber security professionals. By using an individual’s face as an access control credential, facial recognition eliminates the need and expense of physical cards and proximity devices, or the need to physically enter PIN codes. In addition, facial recognition readers meet the new emerging need to limit physical exposure to germs and viruses by offering a highly accurate touchless access control credentialing solution. As a workforce management tool, facial recognition helps preserve the health of employees checking into work, while providing management with an infallible means of documenting employee time and attendance while providing a detailed history of overall workforce activity and individual personnel tracking. Both of which have been longstanding challenges due to easily compromised time tracking systems and practices. Now, nothing is left to question based on hard data. With the growing popularity of facial recognition technology, there are many choices already available with more undoubtedly on the way. Selecting the right solution for your specific access control and/or workforce management application is dependent on a very wide range of variables. But there are a few core characteristics that you should look for when evaluating facial recognition readers. Wide and near-angle LEDs Most facial recognition terminals employ some form of IR (Infrared) technology to help ensure high visibility by the unit’s image sensor. This often limits where the unit can be installed such as outdoors or near windows due to strong ambient light. More advanced facial recognition readers employ as many as 80 wide-angle near infrared LEDs and 60 narrow-angle near infrared LEDs, allowing the unit to recognise faces even in full daylight and brightly lit environments (not direct sun). This enables installation at indoor locations near windows, lobbies and building entries. 3D pixel intensity distribution analysis Another facial recognition reader advancement to look for involves three-dimensional pixel intensity analysis. Ambient lighting contains ultraviolet rays which can negate near infrared LED lighting, and can also cast shadows making it difficult for a facial recognition reader to pinpoint the facial recognition points required for identification and authentication. Three-dimensional pixel intensity distribution analysis minimises the effects of ambient light when acquiring facial images by minimising lighting contrasts. As a result, it is easier for the algorithm to recognise the shape of the face, enabling it to extract more facial features and create higher quality face templates, which are critical for accurate facial recognition. Functional ergonomics This results in a faster, more comfortable, and convenient user experience The angle and position of a facial recognition reader directly impact the performance of the unit. Facial recognition readers with different viewing angles for built-in visual and infrared cameras allows users to stand at positions that are most suitable for facial recognition with little or no effort of contortions. This results in a faster, more comfortable, and convenient user experience. High performance processing Like any intelligent edge device, the performance of a facial recognition solution is directly reliant on its processing power. New advanced facial recognition readers deliver exceptional performance by employing enhanced face template extraction technology combined with powerful processor. For example, a facial recognition reader with a 1.4 GHz quad-core processor can perform up to 3,000 facial database matches (1:N) within one second. More advanced solutions also feature Group Matching functionality capable of executing up to 30,000 matches within one second. Live face detection It is most important that the facial recognition readers you evaluate are capable of analysing faces in real time to maintain fluid entry/egress even during high volumes of employee traffic. Hardware-dependent live face detection systems employing technologies such as facial thermogram recognition and facial vein recognition require expensive hardware components, provide less accurate matches and slower authentication performance, which is counterintuitive for mainstream access control and workforce management applications. Dual authentication for added security Although the use of an advanced facial recognition reader provides the convenience, health benefits and cost-savings of touchless identification and authentication, there are many applications where more than one credential may be necessary to ensure the highest levels of security. Advanced facial recognition readers with multimodal, multifactor credentialing capabilities provide this added security benefit. For example, facial recognition readers that support multiple RFID proximity devices supporting 125 kHz and 13.56 MHz provide varying degrees of protection and greater implementation versatility. Videophone or intercom capabilities Facial recognition readers with multifunctionality can solve several challenges with one solution Facial recognition readers with multifunctionality can solve several challenges with one solution. A perfect example includes devices with SIP (session initiation protocol) videophone capabilities which effectively eliminate the need and associated expense of  installing separate intercom devices while adding another layer of security to one’s facility. The COVID-19 pandemic, and hopefully soon to follow post-pandemic world, have surely accelerated the need for highly accurate, cost-efficient, and reliable facial recognition technologies to help get people back to work safely. Selecting the right facial recognition solution for your specific access control and/or workforce management is now more important than ever before, making a little extra due diligence during the evaluation process a smart decision.