Cloud Hosting

Data at restmay be a known term to technology enthusiasts, but not for many others. So what does data at rest mean? It refers to data that is not actively being transferred, processed, or accessed by users or applications. This data is typically stored in databases, file systems, or other storage devices, such as hard drives, flash drives, or tape backup systems. Data at rest can include a variety of types of data, including personal information, financial data, intellectual property, and other sensitive or confidential information.

This data may be encrypted or protected by other security measures to prevent unauthorized access or theft. Ensuring the security of data at rest is an important aspect of information security, as it can be vulnerable to theft, hacking, or other unauthorized access if not properly protected. Organizations may use a range of security measures to protect data at rest, including access controls, encryption, and physical security measures such as locked data centers or storage rooms.

How is it beneficial to the IT teams?

Data at rest plays a critical role in IT as it allows organizations to protect, manage, and leverage their data assets effectively. In IT, data at rest is used for various purposes, including:

Data at rest needs security to protect sensitive information, comply with regulations, maintain reputation and protect intellectual property. Data encryption is an effective way to protect data at rest and helps to ensure that sensitive information remains confidential and secure. It helps protect data at rest by converting it into an unreadable form, making it difficult for unauthorized parties to access and read the data even if they gain physical access to the storage device where the data is stored. Here are some ways data encryption helps the data at rest:

But why is security necessary for data at rest considering it is actively being transferred, processed, or accessed by users or applications?

(The author is Prashanth GJ, CEO, TechnoBind Solutions, and the views expressed in this article are his own)

Read the original post:
Data at Rest Why Data Encryption, Data Security and Beneficial to ... - CXOToday.com

Why are supposedly pro-choice Senators supporting bills that would make it harder for abortion seekers to communicate privately? asks Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory.

Senate Judiciary Committee chair Dick Durbin (D-IL) recently highlighted the crucial role of digital privacy in Americans access to abortion care. During an April 26 hearing about the devastating impact on Americans reproductive rights of the Supreme Courts June 2022 decision to overturn Roe v. Wade, Sen. Durbin rightly noted that without robust privacy protections, abortion seekers leave a digital trail that can be used against them in states that have criminalized abortion.

So why are he and his fellow committee Democrats aiding the GOPs assault on abortion by supporting bills that threaten Americans ability to communicate privately about abortion care?

Two bills introduced last month would expand online services potential liability for child safety offenses by their users: the EARN IT Act, co-sponsored by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC), and Sen. Durbins own STOP CSAM Act. Its already a federal crime if a service knowingly hosts child sex abuse material (CSAM, also known as child pornography). Under these new bills, when certain crimes against children occur on their services, tech companies could also be sued civilly by victims or charged by prosecutors at the state level.

These bills threaten Americans communication privacy by using the specter of potentially ruinous liability to disincentivize online services from offering end-to-end encryption, a widely-used technology that protects our digital communications. In encrypted apps like WhatsApp, iMessage, and FaceTime, messages and calls are encoded so that theyre decipherable only by the intended participants in a conversation. This makes encryption a vital tool for safeguarding sensitive communications including financial transactions, national security correspondence, attorney-client conversations, and so on.

However, because encrypted services cant read their users conversations or wiretap them for law enforcement, some members of Congress are concerned that criminals use encryption to hide their conversations. To that end, while neither bill overtly bans encryption, EARN IT and STOP CSAM both contain language that could let courts hold encrypted services liable for their users child safety offenses, which can be harder to detect in encrypted environments than unencrypted ones.

The bills potential to penalize encrypted services is no accident, as their sponsors have made clear: Sen. Blumenthal previously refused to amend EARN IT to avoid negatively impacting encryption, claiming he didnt want encryption to be a get-out-of-jail-free card for tech companies. More recently, Sen. Durbins comments at a February hearing framed end-to-end encryption as an impediment to protecting childrens safety.

The thing is, theres no way to make an end-to-end encrypted service that allows the detection only of malicious communications while keeping innocuous ones unreadable by outside eyes. Thats been the consensus of computer security experts for the last quarter-century. If Congress passes a law that induces encrypted services to remove or weaken their end-to-end encryption for fear of liability, that will affect everyone who uses these apps.

That includes someone trying to get an abortion in post-Roe America. For abortion providers, abortion seekers, and those who want to offer a helping hand, the ability to communicate privately and securely has never been more crucial. And using encryption is the best way to do that.

Encryption helps everyone involved in abortion care protect themselves. From law enforcement and prosecutors in states that have criminalized abortion. From anti-abortion activists motivated to hack into the communications of reproductive health clinics. From tech company employees whod like to sift through users messages, looking for someone they can turn in for a bounty.

To show that Democratic lawmakers really care about Americans abortion rights, they should embrace encrypted apps and encourage people to use them when discussing abortion care. Instead, its two Democrats who are leading the offensive against encryption in the Senate. Having just discussed digital privacys importance to post-Roe abortion access last Wednesday, Sen. Durbins committee is now considering bills that would harm digital privacy unless significant amendments are made.

The last time the committee voted on EARN IT, before the Supreme Court overturned Roe, every single Democrat voted yes. Now its 2023 and Roe has fallen and yet at todays hearing, they all voted yes again. Encouragingly, though, several members (including one Republican) raised the need to amend the bill to better protect encryption, with Sen. Alex Padilla (D-CA) noting encryptions importance to abortion access and recalling last weeks hearing on that topic. What remains to be seen is whether todays supportive comments about encryption will be translated into effective language in future versions of the EARN IT and STOP CSAM bills.

Abortion shouldnt be a crime. Neither should protecting users digital privacy. By pushing to make it easier for criminal investigators to access Americans private communications, Sens. Durbin and Blumenthal and every Democrat who joined them while staying silent about privacy are carrying water for the GOPs war on Americans reproductive rights. Lawmakers cant have it both ways: You simply cannot be both pro-choice and anti-encryption.

Riana Pfefferkorn is a Research Scholar at the Stanford Internet Observatory. She investigates the U.S. and other governments policies and practices for forcing decryption and/or influencing the security design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also studies novel forms of electronic surveillance and data access by U.S. law enforcement and their impact on civil liberties. Previously, Riana was the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society, where she remains an affiliate. Prior to joining Stanford, she was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, and a law clerk to the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. During law school, she interned for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Rianahas spoken at various legal and security conferences, including Black Hat and DEF CONs Crypto & Privacy Village. She is frequently quoted in the press, including the New York Times, the Washington Post, and NPR.Rianais a graduate of the University of Washington School of Law and Whitman College.

Related

Continue reading here:
Threatening Encryption, Senate Democrats Aid GOP War on Abortion - Tech Policy Press

Apricorn has released the USB 10Gbps Aegis NVX, the first encrypted device the company has offered to feature an NVME SSD inside.

Apricorn makes software-free, 256-bit AES XTS hardware-encrypted USB drives, and its latest offering uses proprietary architecture.

The companys new offering has been designed to address the immediate protection of raw data delivered directly from its source at high speeds.

In fact, the NVX was created to meet demands and product requirements such as those necessary for using a USB with high-definition video cameras, which need an offering capable of writing to an external SSD through a USB C or HDMI.

The NVX can read/write at 1000 megabytes per second, a high-speed capability that is sought after in military intelligence, digital forensics, filmmaking, and healthcare, where write speeds over 600 megabytes per second are crucial.

With the advent of NVMe technology, Apricorn saw an opportunity to develop encrypted storage for users who are operating ultra-fast devices, but have had to settle for awkward, multi-step means of securing data, says Kurt Markley, U.S. Managing Director at Apricorn.

We built the NVX with NVMe speeds and took it a step further with our own unique approach based on Apricorns 40-year legacy as pioneers in secure device innovation.

We patented our design, which takes high-speed output and simultaneously writes and encrypts on the fly. It can keep up with whatever machine its hooked up to, with speed to spare.

The Aegis NVX is Apricorns first device to use the companys new design patented NVME architecture.

However, the offering still functions the same as all Apricorn secure devices: it shares no CSPs with its host and employs no software component in its authentication and encryption processes.

The Aegis NVX also has a keyboard built in that provides the ability to authenticate a user without needing them to interact with a host computer, as is the way for other software-encrypted devices.

Further, the product comes with an internal encryption module that platforms all encryption and decryption processes.

Apricorn notes this is vital to the offerings compatibility with virtually any operating system, as well as equipment with no operating system or keyboard.

For most applications, the speeds of our encrypted HDDs and SSDs continue to do a great job of covering the performance needs of our users, Markley adds.

But teams who are working with technology such as HD video cameras, medical imaging and forensic tools are going to be excited about the speed and rugged security of this device.

They can take the NVX in any environment and its going to protect their data in real-time with USB 10Gbps, a superspeed transfer rate that is not limited by the traditional USB type. Plus, it doesnt require software.

Apricorns Aegis NVX is approximately 75% the size of a smartphone, and its enclosure is milled from a solid block of 6061 aluminium alloy and assembled using breakaway headless fasteners and epoxy threadlock.

In addition, each USB has a wear-resistant membrane keypad that has been tested to 10,000 presses.

The Aegis NVX comes standard with AegisWare, Apricorns proprietary firmware and feature set, which the company developed to address constantly evolving security threats and business needs for highly regulated sectors such as government, defence, finance, manufacturing and healthcare.

Further security advantages of Apricorns USB 10Gbps hardware-encrypted Secure Keys include:

Initial capacity offerings will be 500 gigabytes and two terabytes, with a price range of 280.00 - 600.00 MSRP.

See the original post:
Apricorn releases its first offering to feature NVME SSD - SecurityBrief New Zealand

Hardware Encryption Devices Market

Study uses 2022 as a base year while forecast data between 2023 to 2028 is considered as forecast data. The research report includes Macro & Micro economic factors insight to understand industry dynamics. Research furthermore consolidates the impact of government regulations and standards on the market. The percentage splits, market shares, growth rate and breakdowns of the product markets are determined by using secondary sources and verified through primary sources. The study also provides key market indicators affecting the growth of the market.Access Full Report @https://www.profsharemarketresearch.com/hardware-encryption-devices-market-report/

Major players in the market are identified through secondary research and their market revenues are determined through various research techniques. Secondary research included the research of the annual and financial reports of the top manufacturers. The wide spectrum of the analytical methods used to prepare the research study helps to achieve a higher precision level. Research study on Hardware Encryption Devices Market helps clients to make precise decisions to expand their market share globally. Precise insight into the segments and sub-segments of the market has been delivered from the research study.Analytical data presented in the form of Tables & Figures makes it easier for the user to understand the complex market insight. The research report is prepared by using various analytical methodologies and models. Some of the important methodologies are SWOT analysis, PESTEL, PORTERS and various others. A wide spectrum of analytical methods used to prepare the research study helps to achieve a higher precision level. The study focuses on industry chain analysis, upstream and downstream aspects, key players, process analysis, cost analysis, market distribution channels, and major downstream buyers.

Access sample report @https://www.profsharemarketresearch.com/enquiry/hardware-encryption-devices-market-report-enquiry/

The Hardware Encryption Devices Market report is segmented based on below parameters:Hardware Encryption Devices types:

Encrypted Hard Disk DrivesEncrypted Solid-State DrivesHardware Security Module

Competitive analysis:

Western Digital CorpSeagate Technology PLCSamsung ElectronicsThalesMicron Technology IncNetAppKingston Technology CorpToshibaGemaltoCertes Networks Inc.Kanguru SolutionsApplication analysis:

IT & TelecomBFSIGovernment & Public UtilitiesManufacturing Enterprise

Research study on Hardware Encryption Devices Market is based on the following regions and countries:North America U.S.A CanadaEurope France Germany Spain UK Rest of EuropeAsia Pacific China Japan India South East AsiaLatin America BrazilMiddle East and AfricaHardware Encryption Devices Market Report delivers a comprehensive analysis of : Challenges and Opportunities Emerging and Current market trends Market player Capacity, Production, Revenue (Value) Market Forecast for 2023-29 Market growth drivers Supply (Production), Consumption, Export, and Import analysis End user/application Analysis

Contact :Jes JSales ManagerProfshare Market ResearchUS : +1 917 7225960jesj@profsharemarketresearch.com

About Us:Profshare Market Research is a full-service market research company that delivers in-depth market research globally. We operate within consumer and business-to-business markets offering both qualitative and quantitative research services. We work for private sector clients, along with public sector and voluntary organizations. Profshare Market Research publishes high-quality, in-depth market research studies, to help clients obtain granular level clarity on current business trends and expected future developments. We are committed to our client's needs, providing custom solutions best fit for strategy development and implementation to extract tangible results.

This release was published on openPR.

Read the original:
Hardware Encryption Devices Market is anticipated to reach USD 805.5 billion by the end of 2026 - openPR

As supply chain attacks become an increasingly common type of cyberattack, cybersecurity professionals are pressured to come up with new, more powerful solutions to combat this ongoing threat to individuals and organizations across the world.

However, before being able to develop efficient defenses against cyberattacks, we must figure out why supply chain attacks are on the rise and learn from our past mistakes.

A supply chain attack is a type of cyberattack that targets organizations by seeking weak links in their supply chain, such as third-party software, hardware, and services. Even if an organization itself has strong cybersecurity, there are usually insecure software suppliers or other third parties that can be used as a backdoor to bypass an organization's security systems.

In short, an attacker finds an easy target and takes advantage of the trusted relationship between parties inside a supply chain. Usually, they infect the suppliers software with malware to get unauthorized access to the supply chain, and then they spread malware across the network. As you suspect, this can cause large-scale data breaches.

Unfortunately, since the compromised components in a successful supply chain attack spread like wildfire, these types of cyberattacks are hard to detect. If you suspect your sensitive data has been compromised, there are ways you can protect yourself after a data breach, but youll have to act swiftly.

What makes supply chain attacks particularly perilous is the fact that even the slightest crack in security or the smallest change could have serious consequences. For instance, if a single piece of code gets compromised, the entire supply chain could suffer. Even trusted software isnt safe from these types of attacks since even the most trusted software has its weaknesses, and attackers are more than willing to exploit them.

Now, lets look at some of the primary reasons why supply chain attacks are on the rise.

While open source software comes with superb benefits to organizations (from flexibility and transparency to cost-cutting), its vulnerabilities pose serious risks to app security. Since anyone can inspect, improve, or otherwise modify open source software, this makes it open to supply chain attacks.

Cybercriminals could easily exploit its vulnerabilities to gain unauthorized access to the organizations systems, where they could steal sensitive data or sabotage software or the entire system.

As you can already guess, reliance on third-party apps can raise the risk of network cyberattacks and network-level security threats. If a third-party app gets hacked, cybercriminals could get their hands on sensitive data from all those who are currently using it.

Plus, the app may not have the same privacy protections the organization has, which means the user data could be shared with third parties without their consentor worse, it could be sold to advertisers for a quick buck.

Whether were talking about ransomware, spyware, or control-and-command attack, malicious software (aka malware) is becoming more sophisticatedeven ChatGPT is being used for malware creation.

As malware evolves, its getting harder to detect it within a supply chain as it can disguise itself as a secure app or a legitimate software update.

With supply chain attacks, insider threats dont stop at the organizations employees but also include all third parties the organization cooperates with. To counter this type of threat, its critical to apply strict access control and user activity monitoring. Although these attacks are relatively rare, their consequences could be catastrophic for an organization.

The human error factor cant be completely eliminated, but it can be minimized with proper security practices, such as promoting awareness about supply chain issues and providing training for the employees. After all, a human error can be something as simple as clicking on a wrong link in an email and unknowingly downloading malware to spy on you and steal your data.

While trusting business partners, third-party providers, employees, and end-users is a pretty polite thing to do, it wont do much for the security of the organization. For sensitive data within an organization to be secure, end-to-end encryption is a must-have.

With strong encryption at your side, cybercriminals will have trouble establishing the backdoor for data exfiltration during a supply chain attack. In short, all your private data will stay private.

A zero-trust model does not assume that users and apps are trustworthy by default, but requires authentication before allowing access to data and other IT assets. By blocking unauthorized activities within a network, a zero-trust framework can reduce supply chain attacks.

However, another thing the zero-trust framework could reduce is productivity, which is why many organizations are slow to adopt it. Moreover, there is also a problem of compliance with existing security systems, as well as time and costs that could set small organizations back.

Yes, we can, although its not as simple as it may seem. In most cases, supply chain attacks are far-reaching, well-researched, and well-resourced operations. They also exploit the trust between business partners and third-party software providers, which makes these types of attacks difficult to prevent and detect before damage is done.

But we can start by applying the zero-trust model (involving multi-factor authentication and end-to-end encryption) as well as strengthening security systems and conducting regular security audits. Also, never underestimate what employee training can do for the overall security of an organization.

Visit link:
6 Reasons Why Supply Chain Attacks Are on the Rise - MUO - MakeUseOf