“It is not a matter of if an organization will experience a breach, it is when,” says Mark O'Hare, Director, President and CEO of Security First Corp. Most of the recently penetrated systems – from Anthem to Sony, and even Home Depot and Target, protected their data with traditional perimeter and access control solutions that stop at the network. Yet they still suffered breaches, which compromised enormous amounts of private and confidential data. The complete fallout has yet to be determined and likely will never be fully reported.
“In today’s world, we must change and stop focusing just on the security of the network. That’s like securing the vault, but not the cash inside. Instead, why not secure the data itself? It’s possible and the answer lies with bit splitting--something the government, military and a few commercial organizations have been working with for quite a while now,” says O’Hare.
To solve this problem, O’Hare and his team at Security First developed a different way–and better way–to secure private data by embedding security into the DNA of the data itself at the bit level. This process is based off the discovered science, “Multi- Factor Secret Sharing,” through which a technology was developed called SPx™. The new concept is well documented in over 230 global patents issued or pending. Simply put, instead of transmitting and storing data intact, the patented SPx technology encrypts and randomly splits (scrambles) the data into secure shares, authenticates those data shares, and then transmits and stores them in unreadable pieces across multiple locations in any storage or data-in-motion environment–whether local, remote, or cloud (public, private, or hybrid). “Our technology renders the data invulnerable to brute force attacks because nothing is ever there to begin an attack on and it is only recoverable by the authorized recipient upon request,” says O’Hare.
Security First is on the forefront of a big paradigm shift in the way people are thinking about data security and availability. “We have developed and licensed software-defined solutions built around SPx technology for today’s rapidly evolving landscape and beyond.
Since it is software based, installation is easy. In just a few easy steps, users quickly go from bare metal server platforms to secure, highly available and fault tolerant data that meets all the relevant requirements for regulatory compliance for HIPAA, HITECH, FERPA, FISMA, Sarbanes- Oxley, and PCI, and beyond.
“Because the solutions are layered in the operating system at the kernel level, there are no limitations to the scalability of storage environments or platforms it can run on. Additionally, our SPx technology takes advantage of AESNI, which results in minimal impact on processor utilization. With its caching capability the technology provides nearly zero impact on Write and Read cycles, making it as performant (and in some cases better) than non-encrypted solutions,” explains O’Hare.
We are providing a streamlined, safe, and cost-effective approach towards clients data transmission and security requirements
Security First has licensed their SPx technology to several groups, from Unisys to IBM, and has several products in the field. For example,one of IBM’s products, IBM’s Cloud Data Encryption Service (ICDES), became commercially available earlier this year. The company also built a security application pattern based on SPx technology that provides data-at-rest encryption on IBM’s PureApplication System. O’Hare states, “anyone who would put their data on a PureApplication System and not secure it, especially in today’s hacking environment, is just asking for problems and taking a big gamble as many CIO’s and CEO’s have found out in other systems.” Security First is developing additional solutions with its SPx technology that will be made available later this year through IBM and others.
“Data-Centric security is a game changing technology, and you will see a proliferation of its technology in all sorts of products and solutions: everything from switches, handheld devices, notebooks, desktops, POS devices, all the way to server engagements, gateways to secured data analytics for the cloud; all in the very near future,” concludes O’Hare.