Data Storage Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Storage That Can't Be Hacked?

It seems that security breaches have become a commonplace. Hearing about a company’s data falling into the hands of hackers is hardly a surprise nowadays. The reasons for this vary, like human error or failure in the software or hardware. As a reaction to it, the security industry is bursting with investment and start-up companies who are aiming to solve this security problem. Is it really possible to create a storage solution which can’t be hacked?

One British firm, Silicon:SAFE, believes that it is. Founded two years ago by two old colleagues Roger Gross and Dr Will Harwood, the company eschews software and focusses solely on hardware.

Sony had a major data breach back in 2011 and Harwood was at a conference listening to the outcomes of it being discussed. While Sony had used encryption to keep their customer data safe, they still asked them to change their passwords. If the data was truly encrypted, then this wouldn’t be necessary. This set Harwood thinking about whether this problem wasn’t best solved by encryption, but something else entirely.

Of course, the Sony hack, and many like it, isn’t problematic just due to the data that is lost. There’s also a reputational cost attached to notifying users and asking them to update their details. If companies can overcome all of this, then it would be revolutionary.

Harwood wondered whether it was possible to fully secure data using computing models based on generalised hardware and mainstream operating system. Even with encryption, he concluded, it wasn’t a guarantee.

Gross and Harwood discussed this, eventually going on to produce a new hardware platform called Password Protect. It’s a password authentication appliance that skips operating systems and microprocessors in order to try and build something which can’t be hacked.

This appliance can’t run programs, nor are credentials ever sent when a user logs in. It only asks a verification question, which is whether the user’s supplied credentials match what is stored in the appliance. This lack of interface and software overcomes the many flaws that are within standard appliances.

A user can place credentials into Password Protect, but they can never be extracted. While new passwords can be set, the old one always remains unreadable. Any changes are automatically mirrored to a second appliance, which also doesn’t allow a read state. There’s no need to encrypt, which means there are no keys to keep secure.

The appliance itself contains three processors: a hardware firewall, an encryption interface for third-party communication with web and applications servers, and a third to perform the backup.

The drawback here is that the approach is very specialised, which means it can’t be applied universally. Depending on the data type, customised appliances will need to be built.

While the duo acknowledge that encryption is a good idea, they don’t believe that it solves the problem of insider threats, like theft of encryption keys.

The Password Protect appliance is currently being tested by a UK service provider and a bank, the former of which are analysing how it might work within a data centre.

Comments

No comments yet. Sign in to add the first!