No matter what latest technology an organization might have in place, it is often the unassuming employees who open the doors for threat actors.
With so many teams working remotely these days, it is clear that simply encrypting the corporate network is not enough. The growing need to share and access important information anywhere in the world calls for stronger data security measures, including building the human firewall.
To discuss such measures, today we are talking with Chris Kruell, the Director of Marketing at CRU, a company providing secure data storage and transport solutions.
CRU has grown exponentially since its launch in 1986 and is now trusted by many well-known organizations. How did the idea of CRU come to life?
CRU is well-known for providing physical data security and data transport solutions for the military, government agencies, digital cinema (Hollywood), and other organizations worldwide. It is one of the four brands comprising CRU Data Security Group. Our other brands include DIGISTOR – a market leader in secure, encrypted SSDs for data at rest, ioSafe – the pioneer in fireproof, waterproof, privacy-oriented data storage devices, and WiebeTech – an innovator in solutions for digital forensic investigation.
CRU is indeed the genesis of CDSG and has been in the data security business for over 30 years. Early in the company’s history, CRU was approached by the military to develop a solution to easily remove and insert hard drives in computers. The military needed a way to securely lock up data when it wasn’t being used or when moving data from sensor systems to computers and data centers for analysis. In addition to easy removal and insertion, it was and still is critical that the solution is rugged enough to withstand handling in extreme environments, e.g. military vehicles in inhospitable conditions. Finally, it had to be robust enough for tens of thousands of insertion and removal cycles.
As the entertainment industry moved from film to digital, Hollywood adopted CRU removables as the default solution for rapidly and securely moving digital content to theaters, film festivals, and other venues. The entertainment industry needed solutions with capabilities similar to those of the military – an ability to withstand rough handling, security, and high insertion and removal rates.
Can you tell us more about what you do? In which industries are your products mainly used?
Military and government agencies rely on our DIGISTOR SSDs and CRU removable drives to secure "Data at Rest” (DAR), which is data stored on SSDs and hard drives. This differs from data in use, which is temporarily stored in RAM or cache, or data in flight, which is in transit between a source and destination, typically across a network. Our customers use our products because they work with standard computers and provide the appropriate level of encryption security at a commercial off-the-shelf (COTS) price point.
Our customers’ typical applications include recording and transferring surveillance and sensor data from military vehicles, aircraft, and naval vessels. Additionally, autonomous vehicle manufacturers use our products as they record and analyze vast amounts of data during prototype trials. And as mentioned, CRU removable drives are used exclusively by worldwide digital cinema/content delivery distributors for transporting films.
What are some of the key changes have you witnessed in the data security and mobility field throughout the years?
We’ve seen numerous changes in this area; however, one major change is the explosion in the number of devices and sensors that create data that needs to be stored. Previously, companies could physically secure computers and storage devices in data centers or secure facilities. Now, everyone carries powerful computers and communications devices in their pockets or briefcases. Drones and UAVs collect massive amounts of data from surveillance, mapping, and other missions. As a result, orders of magnitude more data is generated that needs to be secured.
A second important change is the growing awareness of the heightened need to protect organizations, individuals, and their data from cyberthreats. These threats include ransomware and data theft.
Finally, we see increasing interest in deploying zero-trust environments. The industry once relied on physical barriers to prevent access to sensitive information. This is no longer effective. The proliferation of devices, and the need to record, generate, or access data anywhere, created a high demand for ways to flexibly provide security, a demand CRU answers.
Do you think the pandemic affected the way people perceive cybersecurity?
Absolutely. With the dispersion of office workers to their homes, there was an immediate and extraordinary demand to provide laptops and the infrastructure required to support remote workers regardless of location. The remote world placed the workforce using proprietary and sensitive information in locations that are not necessarily the corporate network. While the corporate network is challenging enough to keep secure, companies and agencies now needed to protect millions of home network routers and unencrypted laptop SSDs that deployed virtually overnight. Clearly the “attack surface” grew exponentially giving hackers and bad actors exponentially more potential points of entry into disrupting or stealing sensitive information.
Have you noticed any misconceptions people tend to have regarding data security? If so, what are the most common myths?
One common myth is that technology will solve all data security issues. We more than most know that a first step is using appropriate technology such as:
- Self-encrypting drives to keep data from prying eyes,
- Hardware-based multi-factor authentication so only authorized people can access data,
- Matching the technology to the need (the more secure the solution, the higher the price tag).
However, it’s important to ensure that an organization’s processes, workflows, and training are designed to manage data in a secure manner. After all, people can be the soft spot in maintaining a secure wall around data.
With remote work becoming the new normal, what are the main issues that arise when dealing with large amounts of data?
Security, transport, access, and privacy have been persistent issues in the history of data creation, storage, and transfer.
- Security: A first step is to ensure that data is encrypted using government agency validated techniques.
- Transport: If large amounts of data need to be safely shipped, it’s best to use a secure removable drive solution. Sending an occasional off-the-shelf encrypted external drive is okay, but if repeated use is anticipated, nothing beats a rugged removable solution.
- Access: In addition to data encryption, make sure that the data can only be accessed by authorized people—multi-factor authentication is a must-have.
- Privacy: For those concerned with shielding their information from would-be hackers, it makes sense in many cases to keep data off of the Internet.
As more organizations are making the switch to cloud solutions, what are the advantages of physical data storage over storing data in the cloud?
The three primary advantages are cost, local control, and privacy.
- Cost. If an organization has any sizable amount of data, it is less expensive to purchase network-attached storage (NAS) devices than to store data in the cloud, especially if the data needs to be accessed.
- Local control. When data is stored on-premise, Internet or cloud outages have no impact. This also eliminates the chance of unintentionally violating privacy laws based on where the data is stored. And should disaster strike, with our ioSafe fireproof/waterproof storage devices, an organization will have immediate access to its data without waiting for drives to be sent to another location, possibly from across the country.
- Privacy. When an organization stores data locally, it has immediate control over who can access the data storage. Additionally, with the ability to use hardware encryption, the data is protected from prying eyes.
What security solutions do you think everyone should implement to protect themselves online?
First, make sure to practice good Internet hygiene. For instance, use a different password for every login or account. While this sounds unwieldy, using a password manager actually makes this quite easy. These are applications that work across Windows, macOS, Linux, iOS, and Android that securely store login credentials.
When using a shared or public computer or device, log out of every session - log out of email and other accounts, close the browser, log out of the device.
And of course, I’m an advocate of encrypting data, whether on a laptop or any other place data is stored.
Share with us, what’s next for CRU?
We are excited about the work we’re doing with our customers and partners to ensure they are implementing secure storage solutions to protect their DAR. It’s heartening to work with people who are truly invested in safeguarding information, whether for missions vital to protecting our country and critical infrastructure or for maintaining a competitive edge in commercial marketplaces.
CRU is planning to announce a range of innovative products throughout the year, so I'd stay tuned and watch our digistor.com blog for details, and follow us on Twitter (@digistor, @cru_inc, @iosafe, @wiebetech) and LinkedIn.