Facing the threat of hijacked media files and leaked films, studios, agencies, and especially investors are demanding a better way to protect critical content. Western Digital’s Senior Product Marketing Manager, Ruben Dennenwaldt examines the state of data security.

Data transfer 5

Data security: Maintaining security in transit has become even more crucial due to remote working practices

While much of the industry’s focus has been on cloud security, data often remains vulnerable on the portable storage devices holding critical commercial content. With many collaborations and working practices conducted remotely during the COVID-19 pandemic, security of content in transit, while maintaining speed of transfer has become even more crucial.

To ensure data is protected, device systems, hardware, and software applications all have to be analysed thoroughly in order to see where improvements can be made to existing infrastructures.

Additionally, physical security measures should be placed in the way of potential attackers and hackers, and physical sites should be strengthened against accidents, attacks or environmental disasters.

Infrastructures for storing data can be upgraded and, in this article, we will examine four areas where physical security concepts have recently seen significant improvement.

The advantages of hardware encryption
The internet of things (IoT) is widening the domain of physical security as many businesses now include smart devices located outside of traditional perimeters and connected via the internet. Motion sensors, tracking signals and tamper-proof locks can provide additional security for higher value or large devices that are stored in venues.

Encryption is important to both the confidentiality of data and the drive where that data resides. Strong hardware-based encryption can help to increase security without impacting speed.

These days people have become accustomed to using their mobile phones for authentication, as many of us now keep our phones with us at all times. We pair our phones with external devices such as headphones and log in with biometrics such as fingerprint or facial recognition. Using these same sorts of actions seemed like the ideal way to add security features in a way that feels very natural and intuitive.

Hardware-based encryption is different than encryption which takes place within software. In software-based encryption, the host computer has access to the encryption key for the disk, which means that malware on the host can steal that key. With many forms of hardware-based encryption, the key used to encrypt data on the drive stays isolated within the drive itself.

Hardware-based encryption, therefore, helps provide a secure method of establishing trust while also eliminating a traditional point of friction and weakness within the verification process.

Ruben-Nov2020 small2 (002)

Ruben Dennenwaldt

Implementing security platforms to protect files
Production companies and entertainment platforms create huge amounts of data and require files to be easily and securely transferable and manageable between physical drives. Slow transfer time and complicated security processes can affect the way data is managed, so performance is also crucial. According to Matthew Klapman, senior director for product security and professional business for Western Digital, “Improved security wouldn’t matter if the drive was difficult to work with. Many filmmakers have rejected encrypted drives because they get in the way of the creative process. They either move data too slowly or have too many steps to operate—after a 15-hour shooting day, they couldn’t wait hours and hours for the material to transfer.”

Security is also needed to protect data leaks of media-rich files such as new films, new music, as well as theatre production actor sheets, to name some examples. Implementing a Security Platform to help protect large files and data is the next step of evolution in secure storage. However, ease of use is equally as important. “We were told by people in the industry it’s one or the other—you can get improved security but it’s going to be more complicated to use,” adds Klapman. “We said, ‘No, that’s not the case.’ You can simultaneously improve ease of use while improving security.”

This is where apps come in.

The use of apps
One of the security measures that must be met by apps listed on official app stores is application sandboxing. Sandboxing supports built-in operating system checks to limit an app’s use of system resources to only those features that the app developer intends. This helps prevent inserted malicious or faulty code from being used to access additional system resources.

For instance, a sandboxed application cannot corrupt other applications’ files, or spoof operating system level security dialogues. By contrast, an app which contains a kernel-level driver has full control over your operating system as well as all applications and files on your computer. Any security bug in this driver might allow malware to take over the entire computer.

Sandboxed applications include an entitlement list that enumerates the set of system resources that the app requires. This list is checked by the operator of the app store to ensure that it matches the features of the application. If the application attempts to access a resource that it does not have permission to use, such as a microphone, then the operating system’s sandbox will prevent the application from continuing.

“We were told by people in the industry it’s one or the other—you can get improved security but it’s going to be more complicated to use, we said, ‘No, that’s not the case.’ You can simultaneously improve ease of use while improving security.” Matthew Klapman, senior director for product security and professional business, Western Digital

This keeps an app from being used to access resources and data on your device. When it comes to ease of use, the key is applying the best practices of mobile device security to external drives. If the drive is uniquely linked via an app on a user’s compatible smartphone through an encrypted wireless connection it helps bring enhanced security and a great user experience.

Data Protection through hardware-backed encryption
These days, hardware-backed encryption is based on a new approach to public-key management, one which allows data to be self-secured by the hardware-based key storage in your smartphone or computer.

Passwords can be a weak link in security, while also interfering with the usability of a device. Simply put, people may choose weak passwords, or they forget them. Once the password of a self-encrypting drive is lost, the data on the drive could be lost as well.

To address these issues, there is a new approach to securing data on a self-encrypting drive. A smartphone or laptop can be used as a “key” that can unlock your drive. Specifically, this is done through a hardware-backed key storage on your device.

This hardware protection enforces the use of a mobile device’s passcode or a biometric used to unlock the private key.

Moving forward
With people confined to their houses, the consumption of digital and audio content on devices has seen a surge both in terms of hours spent and newer audiences, and demands for new content continue to rise. As artists, media execs, and other entertainment industry players continue to progress projects, security is even more important. Instead of just user IDs and passwords, to significantly boost security, hardware devices that provide PINs to further authenticate users are readily available. Workers can also use their mobile devices as an authenticator. Making virtual collaboration possible with peace of mind.

There are clear advantages to using hardware for data security over solely relying on secure networks. A physical data storage platform helps provide secure means to reach and interact with corporate networks, data, communication channels, and applications. This is also the overhead of managing and supporting the whole process of collaboration, and when artists and production teams can rest assured that their files are encrypted. Hardware products can push the boundaries of state-of-the-art security techniques while maintaining ease-of-use that feels virtually seamless. These products are designed by choosing existing, proven security concepts, improving them whenever possible, and creating innovative solutions where they are needed.

Ultimately, by weaving concepts together, a next-generation architecture is created that helps provide security over many technology layers, while maintaining high performance. Award-winning ArmorLock technology utilizes the techniques listed here and goes much further with additional, principled pioneering security inventions.