The growth of edge computing, emerging technologies and evolving mission requirements are driving the rapid expansion of sensitive data at the edge.
A growing portfolio of edge devices are collecting, processing, and storing sensitive data. In addition to PCs, laptops, servers, and removable media, a multitude of other device types, including IOT, OT, manned, and unmanned vehicles now collect sensitive data.
These devices may be lost, stolen, confiscated, or accessed with malicious intent potentially resulting in unauthorized data access. Sensitive data on these vulnerable devices must be protected from stealing, cloning, manipulating, or wiping by malicious actors.
Edge computing devices are particularly vulnerable to data compromise due to three reasons:
Opportunity for Adversary Access. The proliferation of edge computing devices increases the likelihood adversaries will gain physical data access. They can use techniques to circumvent legacy protection and compromise data in seconds. Edge devices need advanced data protection and data recovery.
Simple Operations. Data security measures for edge devices cannot get in the way of or compromise critical mission execution. Operators are unlikely to have technical sophistication. For this reason, data security measures must balance data protection with end user friction and ensure a simple, straightforward user experience.
Administration and Oversight. Data protection requires properly deployed and provisioned data security. Accurate reporting ensures that edge device security is properly configured, and edge data is fully protected. It is imperative that endpoint security includes easy and efficient administration. Additionally, given the number of edge devices now in use and in development, edge computing edge data security management at scale is critical.
Advanced data recovery techniques include a diverse range of methods and technologies. Adversaries are growing in sophistication and are capable of overcoming traditional protection approaches. Advanced protection and recovery approaches for edge data include:
Cloning and Wiping
Passcode Kits
Alternative OS Boots
Other
Federal agencies have issues specific requirements for proper edge data protection. These include:
Commercial Solutions for Classified Data at Rest (CSfC for DAR): NSA established Commercial Solutions for Classified (CSFC) programs setting requirements to protect classified data stored on devices. The NSA mandates a layered approach requiring a combination of hardware encryption and pre-boot authentication (PBA). NSA publishes a component list of organizations meeting NSA CSfC for DAR requirements.
Federal Information Processing Standard Publication 140-2: FIPS 140-2 is a US government computer security standard that verifies the effectiveness of cryptographic hardware. FIPS is administered by NIST, US National Institute of Standards and Technology, a nonregulatory federal agency within the U.S. Department of Commerce. Its mission is to promote innovation and industrial competitiveness by improving measurement science, standards, and technology.
Common Criteria. This internationally recognized framework for evaluating and certifying the security of IT products is administered by NIAP (National Information Assurance Partnership) through the Cybersecurity Collaboration Center Oversees, a national program to evaluate commercial off-the-shelf information technology products for conformance to the international Common Criteria.
Executive Order 14028: The President’s Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity issued on May 12, 2021, charges multiple agencies with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain. The EO references FIPS mandates and provides direction on the use of encryption and multifactor authentication for data protection at the edge.
Cigent protects edge data with a patented portfolio of integrated solutions that combine hardware and software security. Using a layered-protection approach to ensure data integrity, Cigent includes encryption, multifactor authentication, and advanced threat protection capabilities.
Cigent edge data protection solutions have been thoroughly tested and validated by leading federal agencies including MITRE, NIST, NSA, NIAP, the Air Force, Cyber Resilience of Weapon Systems (CROWS), and NSSIF (UK).
AES 256-bit Hardware Encryption. Cigent proven and tested methodology for encryption that has undergone rigorous testing by NSA, DISA and other federal agencies.
Pre-boot Authentication (PBA). PBA is a critical security capability to prevent adversary from circumventing full drive encryption. PBA provides a separate, secure authentication prior to initiating boot. Cigent PBA has been validated by NSA for CSfC for DAR.
Multifactor Authentication (MFA). Optional configuration with PBA provides MFA capability requiring use of both U/N Password and smart card (CAC)
While DAR protection with full drive encryption is fundamental in edge computing, Cigent complements its security with a patented portfolio of data protection features to ensure sensitive data remains secure in all aspects of an operation. These features streamline administration and reporting, provide additional protection for physical and remote threats, and address critical edge data hygiene challenges.
Enterprise Management: Cigent provides an enterprise management console that can be deployed in the cloud or on premises and a Command Line Interface (CLI) tool that runs in Linux and Windows. Cigent management includes recovering and destroying data on returned systems, incident response, and policy reporting. For key management, compliance reporting, policy setting, and deployment automation,.
Hidden Partitions: Cigent Secure Storage provides the option to create hidden partition generating enclaves to store sensitive data, thus preventing an adversary from discovering data even exists. The hidden partitions are unreadable at the sector level, even after logging onto the edge device, until unlocked using step-up authentication.
Cloning and Wiping Prevention: Data at rest is protected with full drive hardware encryption that locks all ranges. Cigent is unique in also preventing cloning when the device is in use through its ability to create hidden partitions. The hidden partitions also lock all ranges preventing wiping and cloning.
Verified Data Erasure: Cigent Secure Storage enabled drives provide the ability to locally or remotely execute a cleanse that erases all edge data via crypto and block erasure. Additionally Cigent provides verified data erasure, a patented solution that performs block-by-block analysis to ensure that all data has been permanently erased. The solution provides confidence in emergency data destruction situations that may arise in edge computing devices, addresses risk from emerging quantum capabilities, and provides potential for drive reuse.
AI Secured Storage: Selected Cigent Secure Storage includes patented embedded AI protection. The AI monitors data access patterns instantly securing data when a threat is detected. AI monitoring can detect if an adversary is utilizing alternative OS boot.
As more missions require the capabilities that edge computing and edge devise provide, edge data protection grows more important. The damage done when such devices are lost, stolen, confiscated, or accessed with malicious intent is incalculable. Contact us for more information.