Guaranteed data safety? Yes, it's possible!
Protecting data is not about protecting ones and zeroes: it's about protecting your business that's usually worth much more than the computer itself and the cost of keying data into the system.
The security of business data is constantly subjected to threats, which grow more and more sophisticated and real with each passing year, causing more financial losses than ever before. Data is stolen and used for lucrative purposes; corrupted data causes malfunctions or even catastrophic losses, hardware can be damaged or rendered useless, electronic documents - including those used in banking systems - can be forged, personal data is often used to commit fraud - these examples include only the most common computer-related crimes. The temptation to lock up the important data and hide it somewhere far away might be great, but it would mean stopping the business. A document is worth nothing if it's not available to the right people at the right time; tools are designed to be used, and data is one of the most important tools of today's business. The society we live in wouldn't be called "information society" if it didn't place so much emphasis on technologies that deal with data. That means that the risks listed above are imminent.
Risks can be separated into four categories depending on the subject of the possible attack. This gives us the list of entities subject to data security:
- the workstation as a set of tools (hardware and software);
- the data;
- the data transfer channels;
- the technology of data processing - the sequence of operations used when processing data.
What we need is to:
- protect the computer from unauthorized access, in other words - turn it into a trusted platform: a workstation accessible only to someone intended to use it according to the company's usage policy. Any attempts to access the computer's hardware or software without proper authorization are recorded and reported to the information security administrator;
- define levels of access to data stored on workstations: data should be accessible only to users that possess relevant access rights; any attempts to circumvent or violate usage restrictions must be recorded and reported to the information security administrator;
- transmit only protected data - the method of protection should guarantee that if the data is corrupted during transmission, it immediately becomes apparent to the receiving party;
- ensure that the technology of data processing remains unchanged: every breach of technology must be reported to the information security administrator.
It is important to remember that full safety can only be guaranteed only if all four areas are protected: obviously, it makes no sense to raise the fence if there's a hole in it.
It doesn't mean, though, that the data security system (DSS) used in each case should be identical. Each set of protective measures is formed individually according to the company's requirements and depends on the company's profile, its structure and the usage of information technologies in its business.
The data security tool (DST) line that we propose encompasses the whole range of computer-related tasks existing today and implements the most up-to-date technical solutions.
- Accord-TSHM (Trusted Startup Hardware Module) ‑ a trusted startup hardware module designed for use on IBM-compatible personal computers and LAN workstations in order to protect computer equipment and information resources from unauthorized access;
- Hardware and software complex Accord-Win32 consisting of Accord-TSHM and special software implementing the rules of control of access to information, is designed to isolate users' access to workstations, terminals and terminal servers;
- Hardware and software complex Accord-Win64 consisting of Accord-TSHM and special software implementing the rules of control of access to information, is designed to isolate users' access to workstations, terminals and terminal servers running under 64-bit OS Windows;
- Hardware and software complex Accord-X consisting of Accord-TSHM and special software implementing the rules of control of access to information, is designed to isolate users' access to workstations running under Linux;
- Accord-V. is a hardware and software complex designed to protect VMware virtualization infrastructure;
- Accord-U is a hardware and software complex that combines the functions TSHM and those of cryptographic data protection.
- SHIPKA-1.6 KC3 ‑ PCDST SHIPKA, basic edition, certified by FSS for class KC3, a medium size case;
- SHIPKA-1.6 KC2 ‑ PCDST SHIPKA, basic edition, with higher speed of cryptographic computations, a small case;
- SHIPKA-2.0 ‑ a modification of PCDST SHIPKA with high performance and (on request) with a high-volume encrypted disc, a small case;
- SHIPKA-lite is one of the cheapest devices in the line, on the basis of which PCDST SHIPKA can be built. It is designed for use as an identifier in DST PUA and OS, and as a carrier of keys and certificates of CDSS software. It includes a removable hardware key container and a reader;
- SHIPKA-lite Slim is one of the cheapest devices in the line, on the basis of which PCDST SHIPKA can be built. It is designed for use as an identifier in DST PUA and OS, and as a carrier of keys and certificates of CDST software. A small case is available;
- SHIPKA-T (Terminal) is the software designed to provide opportunities to work with cryptographic resources of PCDST SHIPKA in the terminal access mode;
- Center-T ‑ a hardware and software complex DST PUA designed to provide secure startup of software images of terminal stations through the network. It is built entirely on SHIPKA-2.0, from which all of the components of the complex are loaded (three components). Cases are small.
Subsystems for automation of work with DST Accord and SHIPKA:
- Subsystem of distributed audit and management of Accord-RAU is software for automation of data security management in automated systems;
- Privacy ‑ a hardware and software complex for cryptographic protection of data stored on the hard disk and transmitted through the network using PCDST SHIPKA .
- SRCC (a system of remote centralized control) ‑ a centralized control system of DST PUA of Accord family. It consists of a server and a client part (centralized control server and centralized control client).
Tools for providing trusted communication sessions:
- "MARSH!" ‑ a hardware and software complex designed for ensuring secure work of remote users of untrusted computers with the servers of a trusted distributed information system (DIS) through information transmission networks within a trusted communication session (TCS).
- Personal secret ‑ a hardware and software complex for secure use of personal USB-carriers or service USB-carriers on autonomous workstations, which exists on the basis of simple cryptographic service carriers;
- Business Secret - a hardware and software complex for secure use of service USB-carriers in an organization, the computers of which are networked. It exists on the basis of simple cryptographic service carriers;
- Special Secret - a hardware and software complex for secure use of service USB-carriers on autonomous workstations or stations in the network having a hardware system for logging all attempts to connect the carrier. It is developed on the basis of cryptographic service carriers. Upon request it can be produced without a support of disk encryption.
We're proud to be trusted by people who value their information and realize that the loss of it is much more expensive than the loss of computer aids.
We'll be glad to provide guaranteed information security to your business!
And we are ready to cooperate!