ITSPmagazine Interviews SecureData’s Senior Product Specialist

Anthony PeroCybersecurityLeave a Comment

itpsmagazine-interview-secure-data

Mike Vanoverbeke, SecureData’s Senior Product Specialist spoke with ITSPmagazine’s John Dasher to discuss SecureData’s role in the future of data recovery, data protection, data security, and digital forensics. The full interview and transcription of the interview is below.

John: Hello, This is John Dasher with ITSP Magazine. Today we are joined with Mike Vanoverbeke with SecureData. Mike, Welcome!

Mike: Thank you for having me.

John: Why don’t you introduce yourself and tell us a little bit about SecureData and what the company is all about.

Mike:I am the Senior Product Specialist at SecureData. Just to give you some background, SecureData started in 2007 in LA and started out as a single lab doing data recovery and computer forensics. It had a mission to have the most secure sole source for customers to repair and recover their information. It started small with our founder starting it in his garage. As the company grew we expanded to over six clean room labs and really over 50 plus drop off locations in North America where people can drop off their corrupted data and send it into us and we can basically analyze it and recover it for them.

Along with that, we developed products to complement our existing services to meet our customer’s growing demands such as file back-up software which allows the users to auto- backup data locally as well as use any major cloud providers. And then throughout that time using R&D we developed our own secure hardware, so hardware encrypted storage devices. Essentially, a one-stop shop for data management, data security, and data recovery.

John: Having been involved with encryption myself in the same time frame I was actually, back in the day, involved with the PGP Corporation, so I have some familiarity with the SecureDrive and you guys have weathered the storm. You guys have been in business for 12 years, I’m sure you’ve seen a lot of changes in what customers are demanding from a vendor such as yourself as well as how they are taking advantage of encryption. Tell me a little bit about how organizations are taking advantage of encryption.

Mike: Well data encryption has been around for a while, some things that are changing are people want to figure out different ways to manage their encrypted data. So, how does a company know if people (employees) know if their data is being used the right way? So we worked with a company called CLEVX for something we call remote management. So all of this data you are compiling and storing gives a company peace of mind that their employees are managing the data responsibly for whatever industry they are in.

Basically, there are ways to track it now and before with central management systems they were IP based and not as thorough as they could be. Now with things being moved to the cloud and being able to access any piece of data wherever you are, we want to think of ways to make it easier for companies and users to have peace of mind.

John:Let’s help our listeners kind of frame this in their minds a little bit. Most of us are kind of familiar with encryption features built into our operating systems of choice. Windows has a bit locker and MAC OS has file vault, but that’s just for desktops and laptops. So, tell us what SecureDrive and SeucreUSB provide to either complement or replace substitute for those things.

Mike: Really what we developed is hardware encrypted flash drives and portable hard drives. The encryption happens in real time on the hard drive. The best part about these is that they are OS independent, so they will work with virtually anything that has a USB port. Additionally, we have a means of authentication. Some of the hardware encrypted devices you’ve seen around might have a built-in keypad where you would enter in the pin number directly to unlock it, where you can decrypt and view your files. Where we really set ourselves apart, we have a device called the SecureDrive BT and SecureUSB BT which you unlock with your mobile device.

John: Is it single factor?

Mike:No, in a way it’s dual factor authentication, because you need to unlock it with your mobile device. So, you’d need to unlock your phone first, then you unlock the drive with the Data Lock app which connects to the drive via Bluetooth. It’s the only wireless means of authentication currently.

John: Just to give our listeners a visual, a lot of these devices just look like a regular thumb drive right?

Mike:Exactly, they quite literally look like a regular hard drive. But if someone lost it, and someone else found it, they wouldn’t know what to do with it.

John:Now one of the challenges we had before, going back a decade, was either performance or management. It’s pretty visible from a performance perspective. Back then, encryption was not normally a concern, but decryption.

Mike:Yeah, lets says this scenario, say an employee is at a company and maybe they have a flash drive and going to a competitor. Even if their drive is encrypted that the user has the password and they can do whatever with it. What we did and changed is cutting off their user access and that is something you can do with our SecureDrive BT and remote management. Basically, you can cut off user access with the drive.

John:So that prevents an employee who is terminated or who quit from continuing to access that information. You talked a little bit about the cloud, so tell us a little bit more about that.

Mike:Yeah, so there really won’t be anything as safe as having your data backed up offline. Of course, the ways to protect your data on the cloud will improve, but at the end of the day, there are a lot more ways to breach that data than there is on hardware. But coupling our drive with our remote management, which is a web-based console, means you can access it from any device and send out security policies and commands. We’re trying to almost merge the two of using online to communicate to an offline storage medium.

John:10 years ago, what was the primary use case of customers going to a company like yours?

Mike:Especially nowadays, we can recover virtually anything from SD cards to mobile devices. 10 years ago, most people weren’t storing anything on their mobile devices. Now, almost everyone is storing information on their mobile device. Mobile devices changed virtually everyone’s life, and that’s probably the biggest thing that has changed. We work with large companies who have terabytes upon terabytes to a consumer who wants to get their photos from 2007 retrieved.

John:Certainly outsourcing has increased in intensity in the last five or ten years. With that comes partnering with companies in Asia and Europe where laws around privacy are important. I would assume that taking advantage of portable encryption has a big use in those types of cases, as well.

Mike:Yeah there are certainly many different use cases. If you think about how important digital media is now, everything is digital media. More than likely, you’re going to have more portable storage devices that are encrypted than not encrypted. It is going to be becoming more of the norm now because these files are people’s livelihoods. Another part of what makes our devices important is that they are FIPS validated. Which means they spend over a year in a government facility being tested to meet that standard.

John:One of the things that is interesting about encryption is the government regulations and the various cryptographic standards and validations that surround quality encryption. One of the better-known government standards is the Federal Information Processing Standard, which is more commonly known as FIPS. I understand that your products are 140-2 validated, but what I thought was certainly interesting is that most companies don’t often have the level of FIPS validation you have achieved. What’s so special about level 3?

Mike:Our device’s interior is coated in epoxy, which increases the avoidance of physical breakage and physical tampering. So if someone takes it apart, they can remove it, but with our devices, everything is covered in a solid capsule so even if they put it together again, everything would be much more difficult to uncover.

John:From a pure ease of use perspective, you guys have certainly conquered the ease of use for the average user who wants to protect their data all the way up to a government employee who wants to protect their data and needs to be compliant with data security and physical security of the device. One of the things employers want is management. You talked about an employee leaving who doesn’t have access but talk to me more about the kind of centralized management you offer over the devices and what they are in.

Mike:What we have is a unique solution, with our SecureDrive BT, in order to unlock these, you have to use a mobile device like an Android or iOS phone or tablet. With that Data Lock app we can do things like GPS geo-fencing and time fencing. You can pick a specific employee and say, “you can only unlock your drive in our corporate headquarters or 300 feet of our headquarters. And if you try to unlock that drive anywhere outside of that, we will know you tried to. So you can see what an employee is doing and if they tried to open it outside of the location or the specific set time. It’s kind of the only technology of its kind.”

John:So wide range of policies giving organizations control over when and where data is accessed. Help me understand a typical day in the life of your enterprise customer.

Mike:We have such a wide range with so many different use cases, so I guess it depends on who you are talking about. For example, we deal with law firms, so people in litigation need to protect their data and if they lose that they can get in a large amount of trouble.

Even the video production space, these dailies, after a day of shooting, they will put their video content on a regular hard drive and the people dealing with these hard drives don’t necessarily work for that company, they are contracted in, so they are uploading the videos and who knows. That hardware needs to go to the directors or producers and if it is not protected, leaks happen and can cost production companies millions of dollars. This is a solution in terms of managing it so you can say this person is in charge of managing it.

John:Fascinating. The entertainment industry example you gave us is fascinating. Largely in the last decade, we’ve gone from physical to digital, whether you are talking about the music industry or the movie industry, I imagine they are making much greater use of encryption to protect their intellectual property before their movie makes an international release.

Mike:That is absolutely it, it’s kind of funny too when I talk to people, unless they are really into technology and care, some people don’t really ever think about protecting their millions of dollars of shoots from the day or litigations. There is such a wide range, and I think people are not understanding encryption is easier and that is one thing that has changed over the years as you said at the beginning. The ease of use of what you can have now with a keypad built onto your device. Or, I don’t step out of my house without my phone. It’s a strange feeling how attached you are to such a device, so it makes accessing the BT drive easy. In fact, it’s the only way I can access it or anyone can access it.

John:Pretty much with every industry, health care also is under a digital transformation. Something as simple as an X-Ray or MRI, are you seeing a lot of use of healthcare industry using encryption?

Mike:Actually the healthcare industry has moved a lot to the cloud. A lot of it is app-based and all of the data is on there. There are certain instances with x-rays, but there are use cases for remote workers like nurses traveling to people’s house for taking care of patients there. It allows them to boot the drive onto their laptop at a patients house, but you should do it on an encrypted drive.

John:I’m going to put you on the spot a little, I know one of the threats people are concerned about are external threats like ransomware, where someone manages to get code on your system and encrypt it until they get paid a ransom. Talk to me a little bit about SecureData helps in that regard.

Mike:Yeah, for our own devices, first we have a USB antivirus built into every single drive that runs in the background, it’s an algorithm that protects against malicious files running on there and if there is a malicious file it recognizes it and won’t allow it to be on there. Also, the drive is always locked, even when you connect it to your computer unless you actually unlock it. Once you are done transferring your drive, simply lock your drive. We’ve created an interesting way to protect your drive with proximity lock, and our drive can auto-lock. So when someone steps away from their computer, the drive automatically locks.

John: It’s interesting how some of the security mechanism you have chosen so naturally work with how we live our lives now. We carry our phones with us, we tend to be really good with not letting our phone out of sight, but don’t have the same regard for our employer’s computers.

Mike:Yeah, for our own devices, first we have a USB antivirus built into every single drive that runs in the background, it’s an algorithm that protects against malicious files running on there and if there is a malicious file it recognizes it and won’t allow it to be on there. Also, the drive is always locked, even when you connect it to your computer unless you actually unlock it. Once you are done transferring your drive, simply lock your drive. We’ve created an interesting way to protect your drive with proximity lock, and our drive can auto-lock. So when someone steps away from their computer, the drive automatically locks.

John: That’s awesome, and I think you guys have done a great job at overcoming one of the most common barriers to an organization’s successfully deploying encryption, and that is ease of use. As soon as it becomes visible, of course, it becomes used and people don’t need to do anything other than their normal routine, it’s secure and noninvasive. It can also be used in industries outside of the traditional financial, government industries and it can be used almost anywhere.

Mike:Right and that kind of needed to happen that way because years ago, people cared less about encryption it was obviously not as present and it was more for those hard, regulated industries, but it is becoming more common since people want to protect their data. So we need to think of creative, interesting and unique ways to protect your data.

John: hat’s a great summary, I’d like to encourage our listeners to check out SecureData’s products at www.securedrive.com. Mike I’d like to thank you for joining us today.

Mike:Thank-you, I really enjoyed it.

John: Myself as well.