According to the National Cyber Security Alliance, 556 million personal records are stolen every year, which means that 18 people experience the theft of their sensitive information every second. These statistics paint a bleak picture for businesses and consumers, but not all hope is lost. Armed with cutting-edge cybersecurity tools, everyone can protect themselves from data theft.
In part one of this two-part series, we discussed the most important aspects when it comes to choosing a cybersecurity solution: the certifications. These third-party accreditations help guide decision-making processes, informing businesses and consumers of which cryptographic engines are powerful and which solutions actually provide data protection.
To learn more about what differentiates FIPS-140 from Common Criteria, read "Security certifications (Part 1): What are the differences?" To learn about the importance of having both of those third-party accreditations, read on.
"There must be no gaps in data protection."
Total certification or too many gaps?
When it comes down to cybersecurity, there must be no gaps in data protection. Unfortunately, if solutions only have one aspect certified and not the whole tool, there will be security gaps. After all, what is the point of having a certified cryptographic engine if it wasn't evaluated by another organization?
Total certification solutions such as CloudMask use strong cryptographic engines and are determined to be complete data protection tools by third-party organizations. Some cybersecurity vendors are able to meet both standards, but the National Institute of Standards and Technology explained that while cryptographic engines might rate highly, data security depends on the environment in which these engines are deployed and the surrounding solution.
The CloudMask solution
CloudMask is certified in FIPS-140 - a performance test that guarantees the strength of the cryptographic engine - and passed the Common Criteria for Information Technology's evaluation process, which is a framework in which 26 Government specified their security functional and assurance requirements through the use of Protection Profiles, vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.
Common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure.
In essence, FIPS-140 certification means that CloudMask encrypts data, obscuring the most sensitive information, similar to other encryption tools. Common Criteria (CC) accreditation, on the other hand, sets CloudMask apart, it is a sign of total solution integrity to protect against threats identified in the solution's security profile. Not every cybersecurity tool can earn this globally recognized mark of strong security, as it takes investments of time, resources and talents and a dedication to data protection to become verified in this regard. With the assurance of CC, users know that CloudMask successfully enforces total product integrity and control, ensuring the that the service doesn't have any security gaps.
With both accreditations, businesses and consumers ensure that there is no gap in data protection, since each link in the cybersecurity tool is strong enough to protect data even when under breach. As National Cyber Security Month continues, the importance of total certification solutions will become clearer, as individuals realize how much risk they are really facing.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
