The ‘humble’ USB is back in business
Jon Fielding, Managing Director EMEA, Apricorn, explains why USB is returning to popularity, in his latest exclusive with Business Chief.
Cyber-criminals are fundamentally lazy. Given the chance, they will always go for the low hanging fruit; the path of least resistance. Most cyber-attacks are not carried out using sophisticated techniques, but by exploiting simple weaknesses such as out-of-date software, or phishing employees who haven’t been educated in good security hygiene.
Data is particularly vulnerable to attack when it’s moved outside of the organisation’s central systems. A survey carried out this year by Apricorn found that 29 per cent of organisations have suffered a data breach or loss as a direct result of employees mobile working. Nearly a quarter admitted they couldn’t be certain their data was adequately secured in remote working environments.
Step forward an old friend from the nineties and noughties: the USB storage device. This might seem like an old-fashioned way to do business now we can store pretty much unlimited volumes of data in the cloud, and access corporate information from wherever we are. But used as part of a multi-layered cybersecurity approach that centres around encryption, highly secure portable storage drives provide a practical way to safely store and transfer large amounts of sensitive data. Moving data physically and offline avoids the possibility that it might be targeted in the cloud, for example.
The GDPR wake-up call
GDPR began to bare its teeth this summer, with the Information Commissioner’s Office (ICO) hitting British Airways and the Marriott hotel group with hefty fines. This had a ripple effect on businesses. Cybersecurity has become a firm fixture on the agenda at board meetings, and organisations have recognised the urgent need to invest properly in data protection. In a recent survey carried out by Clearswift, 32 per cent of enterprise financial organisations in the UK cited the penalties levied against BA and Marriott as the main reason for increased board level involvement and IT security spend.
The enhanced awareness of the need for a stronger security posture has driven organisations to change the way they treat sensitive and personal data, with a focus on the end-to-end encryption of information when it’s being stored and moved.
The last line of defence
A process that transforms data so that it is unreadable by anyone without authorised access, encryption is specifically recommended in Article 32 of GDPR as a means to protect personal data. Two thirds of organisations now hardware-encrypt all information as standard – up from just half last year, according to Apricorn’s survey. There’s also a high level of awareness of the risk of not doing so: lack of encryption is behind 27 per cent of all data breaches, according to IT decision makers. Hardware encryption is seen as the gold standard. This offers much greater security than software encryption, and is particularly appropriate for highly regulated sectors such as defence, finance, government and healthcare.
By using portable hard drives and USBs with in-built encryption capability, businesses can extend this last line of defence outside of the organisation. All data is automatically hardware encrypted as an employee uploads it, locking it down so that even if a device is lost or stolen the information on it will be completely inaccessible. The human risk is eliminated, because responsibility for encrypting data is taken out of the user’s hands.
- Top 10 digital disruptors of 2019
- Why 2020 will be the year of sustainable business
- City Focus: Lagos
- Read the latest issue of Business Chief, Africa edition, here
The need to enforce – and reinforce
Mandating the use of encrypted storage devices is not a silver bullet on its own. This approach must be bolstered with clear policies and processes that set out how devices are to be used, and how employees are expected to behave when they work remotely. These policies should then be enforced at a technical level, by blocking access to USB ports from all non-approved devices.
Protecting data from loss or theft is everyone’s responsibility – and senior teams need to lead by example and build a culture of accountability and compliance across the whole organisation. In addition to being trained in good cybersecurity practice, this means educating employees in the specific risks and legislation that apply to the business, how to be a responsible information owner, and the consequences of failing to follow procedure.
Cyber-risk in business will continue to escalate, and the number of successful data breaches will rise. There’s a plethora of high-tech sophisticated security solutions and tools on the market, and these should certainly be investigated. But there’s also merit in taking a leaf out of the cyber-criminals’ book; reverting back to basics and taking a straightforward approach to safeguarding the organisation’s data.
Integrating brand new, untested technologies can easily introduce more complexity and risk to an already challenging operational environment, and make it harder for employees to follow security policies. That’s why, backed up by policies and education, business hardware such as USBs have a new and a valuable role to play in an organisation’s cybersecurity defences.
For more information on business topics in the Middle East and Africa, please take a look at the latest edition of Business Chief MEA.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”