PSA TEC 2019 Guest Blog: Data Security in the New Era of Regulation
TEC 2019 is the premier education and networking event for all professional systems integrators in the security and audio-visual markets. This year’s event pivots around a changing market and ways to stay relevant within the industry.
By Monty Forehand | Product Security Officer | Seagate Technology
Smart cities, high-end retail stores and financial institutions are increasingly relying on advanced video surveillance systems with artificial intelligence to amplify crime prevention efforts and business efficiency. By capturing data– including thumbprints, iris patterns and license plate numbers– security systems can conduct important functions such as identifying VIP customers or blacklisted personnel. However, the collection of this personally identifiable information has warranted a new cybersecurity standard for security technology providers and system integrators.
Placed into effect in May 2018, the General Data Protection Regulation (GDPR) is the most significant data privacy legislation in decades. It regulates the gathering, processing, distribution and storage of personal data, including video surveillance personal identifiers that are produced from AI computing. Most notably, GDPR holds service providers responsible and accountable for securing this data, even subjecting them to fines for data breaches. Recently, the National Data Protection Commission, a French authority, imposed a significant fine on a cloud service provider for what it called a “lack of transparency, inadequate information and lack of valid consent” regarding ad personalization for users, which it deemed to be noncompliant with GDPR standards.
For security professionals, the greatest cyber risk for surveillance data is that it will be accessed and stolen through the endpoints, edge or network itself. Many cybersecurity discussions have centered around securing “data in transit” and applying strategies like end-to-end encryption. However, it is essential that system integrators also deploy solutions that secure “data at rest.”
Safeguarding “data at rest” starts with implementing cyber hardening protocols for hard disk drives and solid state drives, and integrators have a critical responsibility to understand which technologies yield the highest performance and reliability. Software encryption, pseudonymization, hardware encryption and secure erase are the most effective mechanisms to secure data. Self-encrypting drives are an especially attractive option because if a breach occurs, a company does not have to publicly report the incident if the data is encrypted, according to GDPR. This can save customers thousands of dollars in crisis communications and reputation damage.
While GDPR currently affects the security channel who have customers in the European Union, other cities, states and countries are already starting to follow suit by introducing similar policies. The time for integrators and IT professionals to be trained in surveillance data security measures is now.
For a more in-depth look at the top cyber vulnerabilities for surveillance systems and data security best practices, join me at TEC. Attend my education session on Wednesday, March 13, at 3:30 pm as I discuss, “Securing Your Data for the New Wave of Industry Regulation.” You can also stop by Seagate Technology’s booth on Thursday, March 14, for specific application questions.
Attend Monty’s Session at TEC
Wednesday, March 13 3:30 PM – 4:30 PM
Recent innovations in video technologies have resulted in high definition optical sensors and artificial intelligence technologies becoming standard features in today’s advanced security cameras. These devices are now collecting an unprecedented amount of data for business intelligence, including personally identifiable information. Placed into effect on May 25, 2018, the General Data Protection Regulation (GDPR) has set a new standard of protection for the processing and movement of this personal data. GDPR not only impacts organizations based in the EU, but any organization in the world which offers products and services or monitors behavior in the EU. New regulations mirroring GDPR are now taking hold in the United States, such as the California Privacy Act of 2018 and are set to dramatically change how businesses handle data, as organizations who are found non-compliant can face penalties. As video surveillance moves into IT 4.0, the implications of GDPR and similar legislation must be considered for all edge and IoT video surveillance deployments. Systems integrators now have a critical responsibility to design privacy protection measures that align with these new mandates by building data protection into processes, systems and hardware that manage personally identifiable information. This session will look at best practices and cyber-hardening measures for surveillance solutions, from securing the camera to the storage hard drive to ensuring secure erasure of end-of-life data.
Monty Forehand is product security officer and managing technologist of the product security office at Seagate Technology, leading the security and cybersecurity of products, operations and life-cycle across all Seagate business lines. He has held a variety of leadership positions in embedded system architecture, security architecture, security portfolio delivery, research, technology and architecture over a 28-year career at Seagate. Forehand is a frequent industry speaker and pioneer in the secure storage industry leading the delivery of the world’s first fully integrated Self Encrypting Drive (SED) and many other firsts including security and cybersecurity in all Seagate Products, worldwide security standards, certified security products and life-cycle. He continues leading and evangelizing the proliferation of Seagate Secure and Trusted Storage throughout the industry worldwide, and into the Digital Transformation, IT 4.0 and the Edge. Forehand holds master’s and bachelor’s degrees from Oklahoma State University in electrical and computer engineering, with emphasis on artificial intelligence and expert systems. He holds 26 patents to date in the areas of machine vision, electronics systems, storage virtualization and embedded security and is a two-time recipient of the Seagate Technology Hall of Fame Award along with the top technology achievement award for Outstanding Patents.