Guaranteed data safety? Yes, it's possible!
Protecting data is not about protecting ones and zeroes: it's about protecting your business that's usually worth much more than the computer itself and the cost of keying data into the system.
The security of business data is constantly subjected to threats, which grow more and more sophisticated and real with each passing year, causing more financial losses than ever before. Data is stolen and used for lucrative purposes; corrupted data causes malfunctions or even catastrophic losses, hardware can be damaged or rendered useless, electronic documents - including those used in banking systems - can be forged, personal data is often used to commit fraud - these examples include only the most common computer-related crimes. The temptation to lock up the important data and hide it somewhere far away might be great, but it would mean stopping the business. A document is worth nothing if it's not available to the right people at the right time; tools are designed to be used, and data is one of the most important tools of today's business. The society we live in wouldn't be called "information society" if it didn't place so much emphasis on technologies that deal with data. That means that the risks listed above are imminent.
Risks can be separated into four categories depending on the subject of the possible attack. This gives us the list of entities subject to data security:
1. the workstation as a set of tools (hardware and software);
2. the data;
3. the data transfer channels;
4. the technology of data processing - the sequence of operations used when processing data.
What we need is to
· protect the computer from unauthorized access, in other words - turn it into a trusted platform: a workstation accessible only to someone intended to use it according to the company's usage policy. Any attempts to access the computer's hardware or software without proper authorization are recorded and reported to the information security administrator;
· define levels of access to data stored on workstations: data should be accessible only to users that possess relevant access rights; any attempts to circumvent or violate usage restrictions must be recorded and reported to the information security administrator;
· transmit only protected data - the method of protection should guarantee that if the data is corrupted during transmission, it immediately becomes apparent to the receiving party;
· ensure that the technology of data processing remains unchanged: every breach of technology must be reported to the information security administrator.
It is important to remember that full safety can only be guaranteed only if all four areas are protected: obviously, it makes no sense to raise the fence if there's a hole in it.
It doesn't mean, though, that the data security system (DSS) used in each case should be identical. Each set of protective measures is formed individually according to the company's requirements and depends on the company's profile, its structure and the usage of information technologies in its business.
The data security tool (DST) line that we propose encompasses the whole range of computer-related tasks existing today and implements the most up-to-date technical solutions.
1. Accord-TSHM, a Trusted Startup Hardware Module designed to prevent unauthorized boot up of the system (including the version based on Accord-5.5 controller - with built-in encryption and digital signature features).
2. HSC DSS PUA Accord-1.95 and Accord-NT/2000, hardware and software complexes (HSC) - DSS for protection against unathorized access (PUA) that combine the features of Accord-AMDZ with software-based access control.
3. PCDST SHIPKA, a personal cryptographic data security tool (PCDST) that provides encryption, digital signature generation and verification, passwords and PKI certificates storage and allows for secure transfer of data via the Internet, including mail and ICQ messages.
The AccordTM DSS PUA account for about 70% of Russia's data protection market. OKB SAPR is a licensed and certified company that holds all necessary certificates of conformance issued by the state.
In 1994, OKB SAPR has sold its first thousand of AccordTM devices. By 2003, the number of devices sold has reached 100 000. As of the end of the first quarter of 2006, the number of AccordTM integrated data protection systems used in state-owned and private enterprises across Russia has exceeded 200 000.
We're proud to be trusted by people who value their information and realize that the loss of it is much more expensive than the loss of computer aids.
We'll be glad to provide guaranteed information security to your business!
And we are ready to cooperate!
