Hardware encryption for a multi-layered approach to cyber security
In the digital age, where 60% of all corporate data worldwide is stored in the cloud, storage via USB stick or hard drive may seem outdated. However, since their appearance, these storage basics have never ceased to evolve. For a long time, these methods of storage were shunned because of the possibility of losing them or having them stolen. Today, in an age of widespread cyber-attacks, storage on encrypted hardware enables users and businesses to manage threats and reduce the risk of data leaks in complete confidence.
Why integrate encrypted solutions into your cyber security strategy?
The use of the cloud to store files has become widespread with the democratisation of teleworking. However, even if it is practical and has definite advantages, cloud storage still has a number of limits, including data security. The need to connect to the network can create an additional security problem, because the simple fact of accessing a VPN using a personal or public Wi-Fi connection opens up the risk of being hacked. In addition, files in the cloud can be under constant attack, as cybercriminals can test an unlimited number of passwords in a very short space of time. Finally, to make matters even worse, cybercriminals are very fond of cloud services: a large majority of malicious software (61%) is now distributed via cloud applications.
While the cloud has evolved with the times, so have USB sticks and hard drives. Some of these secure storage solutions are veritable safes, enabling sensitive data to be stored and protected in complete security. These solutions protect against brute force and BadUSB attacks, and some can even be certified to FIPS 140-2 level 3, FIPS 197 and compatible with XTS-AES 256-bit encryption. These storage solutions can be encrypted in two ways: software encryption, which is the least expensive solution, and hardware encryption, which is the most effective way of protecting data against cyber-attacks.
What are the differences between software and hardware encryption?
Many businesses opt for software-based encryption because of its cost. But while there are definite advantages, there are also some shortcomings. Software-based encryption solutions share the host device’s encryption resources with other applications, so their security depends on that of the computer, and they often require software updates. If these are not properly managed, they can lead to vulnerabilities. Like the cloud, they also have no way of resisting software-based dictionary attacks, which can test millions of character combinations in a very short space of time. Moreover, in the enterprise, software-encrypted USB drives also present the risk that any user can disable encryption by formatting them from any computer.
Hardware encryption, on the other hand, offers a much more effective and robust defence against data breaches and can meet stringent compliance standards. Because they are self-contained, hardware encryption solutions do not require a software component on the host computer, and this lack of software vulnerability therefore eliminates the possibility of brute force attacks.
There are many hardware-encrypted storage solutions on the market. However, solutions with a "passphrase" mode are preferable, as they are more secure. Passphrases take exponentially longer to crack than a standard 12-character password. They are also easier to memorise than a series of letters and numbers.
In conclusion, at a time when cyber-attacks have become the norm, businesses need to anticipate what would happen in the event of a vulnerability, or simply in the event of the cloud becoming unavailable, and plan accordingly. Encrypted keys or hard disks can be used to establish criteria for access to information by a user or administrator, and can form an integral part of a cybersecurity strategy. For example, if we consider a company’s data to be ’hot’ or ’cold’ depending on its level of day-to-day usefulness and sensitivity, it may be more effective to rely on localised USB storage for ’hot’ data, and place ’cold’ data in the cloud. This could be an effective strategy for the business, particularly if business continuity and high performance are essential to the organisation.