Cryptography in 2016
Kingston Technology was founded in 1987 and has grown to be the world’s largest independent manufacturer of memory products. But what is the story behind their success? And what advice and insight do they offer on the hot topic of the European Union General Data Protection Regulation?
In a nutshell, Kingston offers a full range of memory products that address complex IT business requirements, including DRAM for servers, desktop and notebook computers. In addition, Kingston provides a wide range of Flash memory based products, including encrypted USB drives, to store and protect sensible data. Moreover, in March 2016, Kingston acquired the IronKey encrypted USB business and will utilise the IronKey product line to deliver FIPS 140-2 Level 3 certification solutions for customers who need the highest level of encryption and security (FIPS 140-2 Level 3 certification is a requirement for civilian and government agencies as well as military branches in the United States and Canada).
As such, Kingston serves an international network of distributors, resellers, retailers, OEM customers and data centres on six continents. The company also provides contract manufacturing and supply chain management services for semiconductor manufacturers and system OEMs.
From our perspective, perhaps one of the biggest developments in digital technology is the forthcoming European Union General Data Protection Regulation. The European Union General Data Protection Regulation (EU GDPR) replaces the 1995 Data Protection Directive and aims to better protect personal data of EU residents as well as generally future proof data protection in the EU whilst unifying 28 different national legislations at the same time.
Thinking back to 1995, the Internet was in its early days and most of us used Altavista as a search engine, AOL as an Internet provider as well as instant messaging platform and Amazon was called Cadabra. Companies like Google, Facebook or Twitter who process a big chunk of today’s data and personal data were not around back then and this demonstrates how urgent the need for a new data protection regulation that is digital age-proof was.
As such, the EU Commission put forward a first draft of an updated legislation in 2012 and after four years of negotiations between EU Commission, EU Parliament and the Council of Ministers, the final version of the EU GDPR passed the European Parliament in April this year. There is a two-year transition period which means that the legislation will take full effect in May 2018. So organisations have two years to develop and work on policies, processes and technology to comply with the EU GDPR.
The new regulation applies to every organisation that processes personal data, for example name, date of birth, bank details or medical records, of EU residents no matter if the organisation itself is based within or outside the EU. The GDPR furthermore doesn’t prescribe in detail how organisations should protect personal data but strongly recommends carrying out a risk assessment and evaluation and then taking appropriate and state-of-the-art measures such as for instance encrypting data to mitigate the risks found. In case of a data breach businesses will face fines of up to 4% of their global revenue or €20 million (whichever is greater).
Additionally, individuals will have the right to be notified if their personal data has been compromised and data breaches must be reported to a national supervisory authority. This means that a data breach in addition to the direct costs like fines or legal fees will also generate indirect costs such as negative publicity, loss of customer trust and ultimately business.
In order to become GDPR compliant, we recommend following five steps. First and foremost, companies need to understand the new regulation and what it means to your organisation. Secondly, they need to understand which personal data your organisation processes and who uses and has access to them.
Once there is an understanding, the third step is to define a strategy for the data and who gets access to which data and on which medium. Our fourth step refers to the technology being used. As recommended in the GDPR, hardware encryption and endpoint-management are the options to be considered, especially for data on the move. Lastly, but certainly not least, you need to ensure your staff is aware of the GDPR and best practice data protection policies are followed.
This also applies to data on the move. Mobile devices such as phones, laptops or USB-drives generally have a certain risk of getting stolen, lost or misplaced. Hence employees carrying data out of the office on these devices increase the overall risk of data being compromised and leaving an organisation open to hefty fines, recovery costs and a potential PR disaster. It is also important to remember that this not only applies to data that you need to protect from a legal point of view but also to sensitive data that you want to protect.
As mentioned previously, encryption of personal and sensitive data is currently the recommended and state-of-the art way to be safe. Organisations invest heavily in protecting data inside the network. By investing in encrypted USB drives with 256-bit AES hardware-based encryption organisations can get a small but important item ticked off their GDPR to-do list. Data outside the network or beyond a company’s firewall is every bit as important.
Naturally, improving network security is an ongoing task for IT departments as hacking is more prevalent.
In an increasingly mobile world where more employees work from home or in a BYOD (bring your own device) environment, companies will need to better address security concerns and this especially includes “data on the go” which is where USB drives come in.
Due to the new regulation and its impact on businesses, we expect encryption to become a boardroom topic. Currently the encryption of personal and sensitive data is more of a topic for IT departments and IT security managers. However, the potential 4% revenue or €20 million fines if a data breach occurs will ensure a heightened overall awareness for encryption within organisations.
At Kingston Technology, we offer an affordable business-grade encrypted (DTVP 3.0), highsecurity (DT4000 G2) as well as keypad USB-drives (DT2000), to help make sure organisations comply with the EU General Data Protection Regulation (GDPR) and their data gets the security it deserves.
In addition, Kingston uses the IronKey product line to deliver FIPS 140-2 Level 3 certification solutions for customers who need the highest level of encryption and security. Furthermore, Kingston’s close software partner DataLocker® Inc. will continue to manage the SafeConsole® and Enterprise Management Services (EMS) platforms that both Kingston and IronKey managed encrypted drives utilise. Thus IT administrators can centrally manage encrypted USB drives to meet compliance requirements and provide a higher level of support. Features include setting passwords remotely, configuring password and device policies, activating audit for compliance and more.
Although the development is unfamiliar territory for many businesses, we are confident that we can assist any business in meeting its requirements and thereby ensuring them a smooth transition and allowing them to do what they do best.
Company: Kingston Technology
Name: Christoph Bader,
Strategic Marketing Manager B2B
Address: 17600 Newhope
Street, Fountain Valley,
CA 92708, USA
TW16 7EP, United Kingdom