The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years.

According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured.

Nuanced approach to data security

Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analysed at both the hardware and software level, we need a new and more nuanced approach to data security.

Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example.

The importance of data-at-rest encryption

In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse.

A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data
Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways

A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data.

Ensuring drives to be Common Criteria compliant

One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security.

One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on.

Providing an additional layer of security

The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack.

Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised.

Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals.

Industries in need of data-at-rest encryption

Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records.

Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption
With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack

The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report.

It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its part

SMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across.

Securing every hardware and software

Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part.

There’s a clear need for more industry dialogue and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.

Download PDF version

Author profile

Andrew Palmer Sales Manager - UK, Ireland & Israel, Seagate Technology

In case you missed it

Artificial intelligence: why you should enable deep learning and video analytics
Artificial intelligence: why you should enable deep learning and video analytics

Constantly optimising deep learning algorithms yields better video analytics performance, even in complex applications such as facial recognition or in scenarios with variable lighting, angles, postures, expressions, accessories, resolution, etc. Deep learning, a form of artificial intelligence (AI), holds the potential to enable video analytics to deliver on long-promised, but not often delivered performance. Our AI series continues here with part 2. Adapting existing hardware Today, low-cost system-on-chip (SoC) camera components enable deep neural network (DNN) processing for the next generation of intelligent cameras, thus expanding the availability of AI processing to a broader market. AI software can even add learning capabilities by adapting existing hardware to AI applications AI software can even add learning capabilities by adapting existing hardware to AI applications. Today’s smartphones include cameras, gyroscopes and accelerometers to provide sufficient data to drive AI applications. Software can adapt existing hardware to transform them into AI devices capable of continuous learning in the field. Inside a video camera, real-time deep learning processing can be used to detect discarded objects, issue loitering alarms and detect people or objects entering a pre-defined field. Data capture form to appear here! Detect anomalous data Additional capabilities are applicable to demanding environments and mission-critical applications, such as the perimeter protection of airports, critical infrastructures and government buildings, border patrol, ship-tracking and traffic-monitoring (e.g. wrong-way detection, traffic-counts and monitoring roadsides for parked cars: all vital video security solutions). IoT is transforming the lowly security camera from a device that simply captures images, into an intelligent sensor that plays an integral role in gathering the kind of vital business data that can be used to improve commercial operations in areas beyond security. For example, cities are transitioning into smart cities. Deep learning enables systems to search surveillance footage, to detect anomalous data, and to shift surveillance from post-incident response to providing alerts during, or even before, an event. The ability of deep learning for video analytics is much more sophisticated and accurate Make critical decisions Deep learning can eliminate previous video analytics limitations such as dependence on a scene’s background. Deep learning is also more adept than humans at discerning subtle changes in an image. The ability of deep learning for video analytics is much more sophisticated – and accurate – than the programmed approaches previously employed to identify targets. AI is a timely solution in an age when there is more video surveillance than ever. There are too many cameras and too much recorded video for security operators to keep pace with. On top of that, people have short attention spans. AI is a technology that doesn’t get bored and can analyse more video data than humans. Systems are designed to bring the most important events and insight to users’ attention, freeing them to do what they do best: make critical decisions. Multiple camera streams AI can reduce information overload to enable humans to work with the data more efficiently The video benefits reflect the larger goal of AI to amplify human skills. AI can reduce information overload to enable humans to work with the data more efficiently. Another benefit is faster search, and new systems make searching video as easy as searching the internet. AI enables specific people or cameras to be located quickly across all the cameras at a site. Searching can be directed by a reference images or by physical descriptors such as gender or clothing colour. Consider a scenario of a child missing from a crowded shopping mall: Every second can seem like hours, and artificial intelligence and neural networks can enable a rapid search among multiple camera streams using only one photo of the child. The photo does not have to be a full-frontal passport-type photos; it could be a selfie from a party as long as the face is there. Intrusion detection scenario AI can find her and match her face from among hundreds of thousands of faces captured from video, in nearly real time. AI can also continuously analyse video streams from the surveillance cameras in its network, distinguishing human faces from non-human objects such as statues and animals. Privacy concerns are minimal as there is no ID or personal information on the photo, and the image can be erased after use. And there is no database of stored images.    In a perimeter security/intrusion detection scenario, an AI-driven video system can avoid false alarms by easily distinguishing different types of people and objects, e.g., in a region set up to detect people, a car driving by, a cat walking by, or a person’s shadow will not trigger the alarm. Part three coming soon. If you missed part one, see it here.

3 key security tips for public event planners
3 key security tips for public event planners

Public spaces in cities and suburbs are important places for community development and promoting outdoor recreation. These areas may include main streets, parks, promenades, band shells and fields. Such locations are often utilised by public event planners for community activities, including summer festivals, wintertime ice skating rink installations, music concerts and art fairs. As the year draws to a close, holiday and Christmas markets as well as major New Year’s Eve events, present cities with constant public event security needs. The public nature of these events increases risks of incidents with high-speed vehicles that put attendees in danger. Fortunately, there are three ways for public space managers to prevent casualty-causing collisions and further promote the use of local public areas. Developing an effective action plan    When strategising how to react to an alert, think about what time of the year and time of day the event is occurring It is important to have a plan developed before an incident or accident occurs. Warning systems, utilising doppler radar and digital loop technologies, alert guards to abnormal vehicle velocity changes in the surrounding area. Managers of public areas should organise a meeting with public safety authorities and local agencies to discuss what must immediately occur when a high-speed vehicle is approaching a public event. When strategising how to react to an alert, think about what time of the year and time of day the event is occurring. Having such a reaction plan in place combines technology and strategic planning to ensure everyone is on the same page to effectively target a threat and promote overall event safety. Securing public areas  Ideally, there will be no need to implement a well-conceived action plan. After all, taking preventive measures to secure public areas where events take place is important to keep people safe from accidental vehicle collisions and intentional attacks. Protect attendees by clearly separating pedestrian and vehicle locations using security devices such as – Barricades Portable barriers Bollards Install guard booths  Avoid the risk of vandalism and theft, making sure people are safe when walking back to the cars at night by keeping parking areas illuminated with flood lights. Install guard booths with employees who monitor activity in the parking area and who are prepared to react if an alert is triggered. Furthermore, prevent accidental collisions by clearly marking the parking area with informative warning signs and using barricades to direct traffic. These three tips can be used by public area managers to promote security at the next community event. Additionally, the technologies used to secure an event can also be used as infrastructure for year-round security. Installing gates that shut when the public space is closed or using aesthetically pleasing bollards are steps any public area manager can take to promote community safety.

Choosing your security entrance installation in line with your company culture
Choosing your security entrance installation in line with your company culture

The extensive analysis and discussion preceding any decision to implement a new physical security solution – whether it’s hardware, software or a combination of both – often focuses on technology, ROI and effectiveness. When it comes to deciding what type of security entrances to install at your facility, you will almost certainly also consider the aesthetics of the product, along with throughput and, if you’re smart, you’ll also look into service concerns. Each of these factors has its important place within the evaluation process, and none should be overlooked as they all have a significant effect on how well your entrances will perform once they are installed. Culture influences door solution decisions How significant will the change from current entrances to security entrances be for employees? Still, one additional factor actually trumps everything: if you have not considered your organisation’s culture in choosing a security entrance, you may be missing the most important piece of the puzzle. Culture is a part of every other decision factor when selecting an entry solution. Before you make a decision about what type of entrance to deploy, you need to consider and understand the values, environment and personality of your organisation and personnel. For example, how significant will the change from current entrances to security entrances be for employees? If people are accustomed to simply walking through a standard swinging door with no access control, this will be a culture change. Beyond this, whether you are considering a type of turnstile, a security revolving door or possibly a mantrap portal, simply walking through it will be a significant change as well. Training employees on door security You’ll want to know whether employees have ever used security entrances before. If these types of entrances are in place in another part of the facility, or in a facility they’ve worked in at an earlier time, the adjustment will not be as great as if they’ve never used them at all. Consider, too, how your personnel typically react to changes like this in the organisation or at your facility. They may be quite adaptable, in which case there will be less work to do in advance to prepare them. However, the opposite may also be true, which will require you to take meaningful steps in order to achieve buy-in and train employees to properly use the new entrances. With the increased importance of workplace security, discussing new entrances with  workforces will help maintain a safer environment Communicate through the decision-making process All of this will need to be communicated to your staff, of course. There are a number of ways to disseminate information without it appearing to come down as a dictate. Your personnel are a community, so news about changes should be shared rather than simply decreed. As part of this process, you’ll need to give some thought to the level of involvement you want for your staff in the decision-making process. Finally, do not overlook the special needs among your personnel population. You undoubtedly have older individuals on staff, as well as disabled persons and others who bring service animals to the office. Entrances need to be accessible to all, and you never want to be in the position of having a gap in accessibility pointed out to you by the individual who has been adversely affected. New security entrance installation By communicating early and often with your personnel, you can alleviate a great deal of the anxiety Once you have made the decision about which security entrances to install, training your personnel on how to use the new security entrances – both before and after the installation – will help to smooth the transition. Because workplace security is such a big issue right now, it makes sense to discuss the new entrances in the context of helping to maintain a safer environment. They will prevent violent individuals from entering, decrease theft, and most of all, promote greater peace of mind during the workday. If you can help them take control of their own safety in a responsible way, you have achieved much more than just a compliant workforce. By communicating early and often with your personnel, you can alleviate a great deal of the anxiety and concern that surrounds a significant change in the work environment. Schedule group meetings Consider your employees; what type of communications do they respond best to? A few suggestions to educate staff on the benefits of the new entrances include: Typically, you would communicate a general message 2-3 months in advance and then provide more specific information (for example, impacts to fire egress, using certain entrances during construction) in a follow up message closer to the installation date. Schedule group meetings to: announce the rationale for increased security, share statistics on crime, review the new security changes that are coming, show drawings/photos of the new doors/turnstiles, and show the orientation videos available from the manufacturer. These meetings are an excellent way to work through user questions and directly address any concerns. Once the installation of a new security system is complete, it is a good idea to have an "ambassador" on board to help employees use these new systems Ensure you monitor public areas If you are implementing a lot of new changes, such as a new access control system, new guard service and security entrances, you might consider hosting a ‘security fair’ on a given day and have the selected vendors come for a day with tabletop displays to meet employees and answer questions during their lunch. This could be a great way to break the ice in a large organisation. Make user orientation videos (provided by the manufacturer) available in several ways, for example: Intranet Site Monitors in public areas—lounges, cafeteria, hallways, etc. Send to all staff as email attachments Immediately after installation, once the doors or turnstiles are operational but before they are put into service, train ‘ambassadors’ on how to use the door/turnstile. Have these people monitor and assist employees during peak traffic times. What is the ultimate success of the installation? By communicating clearly and openly with your population you can greatly facilitate adoption and satisfaction If you have thousands of employees, consider dividing them into groups and introduce the new entrance to one group at a time (Group A on Monday, Group B on Tuesday, etc.) to allow a little extra orientation time. Place user education ‘quick steps’ posters next to the door/turnstiles for a few weeks to help employees remember the basic steps and guidelines, e.g., ‘stand in front of the turnstile, swipe badge, wait for green light, proceed.’ Ask your manufacturer to provide these or artwork. While there are always going to be people who are resistant to change, by communicating clearly and openly with your population you can greatly facilitate adoption and satisfaction. Your responsiveness to any issues and complaints that arise during and after the implementation is equally fundamental to the ultimate success of the installation.