What every CSO needs to know about protecting an organization’s data, effectively managing risk, and providing secured network access
Becrypt was formed in 2001 to meet the growing demand for high-level software encryption products in the personal computer and PDA marketplace. Becrypt is now a leading supplier of innovative Information Assurance solutions and services, providing secure, feature-rich, out-of-the-box products that are government-certified and suitable for all industry sectors. Becrypt products protect worldwide customers in key government areas including: central, federal, state and local government, the defense sector, law enforcement and transportation, as well as in a wealth of commercial sectors such as manufacturing, healthcare and financial services.
Info Security PG: What are the risks and opportunities that should be top of mind for every CSO considering the impact of BYOD, allowing social media in the workplace and enterprise mobility?
Bernard Parsons: One key consideration when enabling and embracing technologies such as BYOD, social media and enterprise mobility is safe data sharing. Today’s workforce is now working from any location whether public, office or home. While on the move, users leverage a variety of different devices including PCs, laptops, tablets and smartphones and expect them to be synchronized so as to access documents and resources from any device, in any location. While this promotes employees’ work flexibility and enhances motivation and productivity, it may represent challenges for the Security Officer, who understands the business benefits but needs to balance them with the core responsibility of safeguarding sensitive data, whether it be intellectual property, commercially competitive information or customer data.
Organizations need to keep data safe within the organization itself. With the advent of mobile and home working, this in itself is a lot more complex than it used to be. They also need to ensure that data shared with trusted third parties continues to remain secure.
While the use of encryption and other cyber security products play an important part, the deployment and the policy framework around them are critical to ensure a robustly secure system. Modern encryption algorithms are extremely strong and typically not directly targeted. For this reason, cyber criminals, fraudsters and even disgruntled employees, will simply target a weak point in the system: oftentimes the end point.
About Bernard Parsons
A co-founder of Becrypt, Bernard draws upon a thorough understanding of both the security market and Becrypt technology, having been Chief Technology Officer he was responsible for all aspects of product development. Bernard became CEO in 2008 and has led the company through significant growth, prior to Becrypt, he held a range of development and management posts within the security industry. Bernard has a research and lecturing background, having gained a Doctorate in Robotics, and lectured in Computer Science.
Info Security PG: How can organisations best protect their data, effectively manage their risks, and secure network access?
Bernard Parsons: Strong data security policies and procedures are vital. Understanding the location of your data is equally important. As data location is no longer straightforward so data protection becomes much more complex.
It is key to know what you are trying to achieve. First, decide your policy(ies): who has access to which data, including what can be shared with outside organizations. You need to balance keeping data confidential, protecting its integrity and enabling seamless data access.
Organizations ought to think about where their data is actually stored, particularly if using Cloud technologies. Beyond encrypting data while in transit to, from and through the cloud, should it also be encrypted while at rest in the cloud? Could an ex-employee access it? Did you define and setup processes to ensure that this can’t happen?
While there is much written about various external attack vectors, for most organisations it is the threat from within, ie. employee related, that is by far the highest threat to corporate data. Whether malicious, thoughtless or just unlucky, employees will lose laptops, tablets, smartphones, with all the data stored on them. Staff education and, in some cases, a complete change in culture and attitudes towards data protection need to be implemented. Processes must be designed to ensure that policy is maintained, and that staff understand both the policy and why they need to follow it.
Info Security PG: What solutions are enabling remote access for unmanaged PCs and mobile devices?
Bernard Parsons: Technology can be harnessed to ensure seamless and easy-to-follow data security procedures for everyone. Top-level encryption operating in the background for desktops, laptops, tablets and even smartphones is now available. Once logged-on, end users are unaware of it and therefore benefit effortlessly. Solutions ensuring that only granularly authorised USB devices store data, or that certain data cannot be saved to an external device, are also available. There are various virtual desktop solutions that enable staff to connect to the corporate network securely. It is important to ensure that such connections are secured end-to-end, without any possibility for the endpoint, and thus the network, to be compromised by malware, or for any trace of the session, including data saved to be left on the device after the session.
These solutions need to be operationally viable, i.e. managed from a central console, to spare an engineer “touch” on a device (system install, upgrade). Audit trails can be produced so organisations not only comply with legislation such as Sarbannes Oxley, but can also prove compliance. Should any issues arise, the right department or office can be alerted immediately and rights can be repudiated remotely.
With key market trends such as BYOD and IT consumerization, protecting data is getting more complex. Harnessing technology, adopting common sense policies and educating staff to treat data with the respect it deserves go a long way to keeping out of the headlines and ensuring that intellectual property, commercial sensitive information and valuable customer data remain protected.
Company: Becrypt 1600 Tysons Boulevard, 8th Floor, McLean, Virginia 22102, U.S.A.
90 Long Acre, London, WC2E 9RA, UK
Founded in: 2001 CEO: Dr. Bernard Parsons Public or Private: Private Head Office in Country: United States Products: Becrypt provides a range of cyber security solutions to protect data at rest and data in use. This includes top-level encryption solutions for servers, desktops, laptops and tablet devices, as well as end point solutions that enable secure mobile working and secure virtual and cloud resources access.
Becrypt’s Cryptographic Library has been certified through the Cryptographic Module Validation Program (CMVP) at FIPS 140-2 Level 1. The Cryptographic Library provides support for all of Becrypt’s data security solutions requiring assured cryptographic functionalities and services. The full range of Becrypt products is available to the U.S. and Canadian Federal governments and organizations requiring a FIPS compliant solution.
Through technology and OEM partnerships, Becrypt also enables innovative third-party solutions with top-level data security and embedded endpoint security capabilities.
Company’s Goals: Becrypt aims to provide the best software encryption and secure access products available, to enable the highest possible protection for users and systems worldwide.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN