Memory and storage has come a long way since its inception and technology has moved at an alarming pace over the last 15 years, writes the memory and storage product company Simms.
Security and data preservation in storage can be seen as an afterthought but the need to retain data in a secure environment has never been more prevalent, especially as criminals are becoming ever more ingenious to steal data.
Big companies pay big money to protect their servers from attacks. Most companies do this very well but what about the workers using desktops, laptops and tablets? Downloading data onto a USB flash drive is easy, portable and in most cases unsecure.
USB Flash drives or as they are more commonly known ‘memory sticks’ have seen incredible advances in capacity and speed over the last 10 years. From maximum capacities of 128 MB in 2005 to 1TB ten years later, technology is moving at a very fast pace and will continue to do so. But how have security measures kept up with these developments in capacity? Until recently they hadn’t.
Encrypted data storage is on the rise mainly due to consumer concerns, industrial espionage, privacy compliance regulation and cyber-attacks. Data breaches, lost laptops and memory sticks can carry some very large fines as we have seen for public sector providers, notably on unencrypted USB flash drives. In the UK HMRC was heavily fined for losing data on 6500 private pension holders. In the USA USB flash drives with Army classified military information was up for sale in an Afghan market. Serious breaches in security like this put lives in danger. In the corporate world a SanDisk survey identified that the top three data areas corporate companies most frequently copy are; customer data, financial information and business plans.
Within companies of any size sensitive data can easily be downloaded from the desktop and saved on a USB, a daily and common occurrence. From there they may end up left in a meeting room, at the bottom of bag or more often than not taken home. But how safe is the data and what are the options to ensure that the information stays secure?
Ironkey, Datalocker and Safexs lead the market in secure USB drives. Most of their products are FIPS 140-2 or FIPS 197 validated. 256-bit AES encryption is certainly the industry standard. Typically encrypted USB’s top out at 128GB storage capacity although there are certain manufacturers that have 240GB and 480GB available but at a price. Encrypted USBs have been in the UK since 2008 but it’s only been the last couple of years that have seen a significant rise in demand. These flash drives come with either a numeric keypad which requires anywhere between 7-16 digit pin to access are password protected. Some also have auto lock on removal, no software to install and some can have the data wiped remotely after a set amount of time. This last function, auto destruct, is particularly useful for cost conscious Procurement and IT managers to ensure that drives are returned and not ‘lost’. They can then be unlocked by an admin password.
The GDPR (General Data Protection Regulation) is due to come into force in 2018. Although this is an EU regulation, the advice to UK organisations is to keep planning for GDPR because even if the regulation itself doesn’t become UK law, something very similar will appear in its place. The GDPR (or whatever is used in the UK post Brexit) is designed to help organisations achieve best practices for data protection and that it is actually a good set of rules to follow. It recommends privacy by design and good information management policies, procedures, and technologies to minimise possible data loss incident. So encrypted storage devices as a way to transfer data quickly and securely makes perfect sense.
The European Union and the law is very clear that any organisation that collects, controls, handles or processes data on those individuals is liable under this law, no matter where that organisation conducts business – whether the United States, India, the EU itself, or the UK whether inside or outside the European Union. Fines will be heavy for loss of data and company reputations can be ruined. Encrypted storage devices are not cheap but they certainly do not run into thousands of pounds. USB’s can be picked up for less than £100, a small price to pay with potential fines for loss of data in excess of £100,000.
But what about other form factors that need to store extreme amounts of data. As mentioned USBs have a maximum capacity. One manufacturer, Apricorn have long been established in the US market (where their products are designed and made) with a plethora of US Government departments as clients. They are now launched in the UK with their suite of encrypted products suitable for a wide range of industries where data needs to be removed quickly and securely. Capacities go up to 8TB for the HDD version and 1TB for the SSD option. Some of the key features of their range include; Secure 6-17 PIN Access or fingerprint recognition, on-The-Fly 256-bit Military Grade AES-XTS Hardware Encryption, brute force protection – erases data in the event of a breach, auto lock on removal or no activity, software-free design and are compatible with any Operating system – Windows, Mac & Linux.
The most relevant industries for their range include aerospace, defence, government, health and education sectors but it’s not limited to just these. Commercial organisations that require bulk data transfer which is not conducted over a network, so possibly financial institutions, pharmaceutical, technology and software industries in particular.
With the developments we have recently seen in NAND Flash technology it may be possible in a year or two that capacities for these disks could be doubled, trebled or even quadrupled. However there is an SSD solution currently on the market that offers 8TB of storage which is 256-bit AES encrypted and suitable for fixed installations and has sequential read/write speeds of 1.5GB/s, which is phenomenal in the industrial sector, making it ideal for capturing high resolution real time 8K imagery. This is from Korean manufacturer Novachips and is starting to make other manufacturers sit up and take notice of the technology they are using. Novachips can even produce 32TB SSD but of course this comes at a price.
We often get asked ‘what is the difference between industrial and consumer storage’? In short there is a world of difference.
COTS (commercial off the shelf) storage is readily available and focused on the corporate and consumer market. Industrial however is targeted at high performance and demanding applications that require; a controlled Build of Materials, Product registration, Obsolescence notifications, fixed pricing, call offs, operation in wide temperatures of between -40°C to 80°C and most importantly are reliable. In addition customisation features such as the firmware, hardware and power settings can be set at point of manufacture. Conformal coating to stop dust and moisture getting into the critical components is also a pre-requisite for applications that use storage in harsh environments. Industrial grade storage is bespoke manufactured so could take up to three weeks to arrive and often there are no minimum order quantities. Most manufacturers offer loan samples for testing which can save time and money when seeking an alternative or for new product development and testing. Industrial grade can’t compete when it comes to price against COTS, so it really is a case of you get what you pay for. We have seen time and time again companies coming to us only to discover they purchased storage off the internet and it stops working, is too slow and is of poor build quality. Specialist kit requires specialist storage so it always pays to speak to experts that know how to configure this hardware correctly into your technology.
With over 300 manufacturers across the globe there is a plethora of choice, so always go to a distributor who has the technical expertise to assist and advice on the right kind of data storage. Visit www.simms.co.uk.
