Industry Solutions - Government
Government entities face the same challenges as the private sector with respect to protection of confidential information. Whether they are in the civil or national security sector, or contractors to a federal agency, they are subject to a myriad of complex rules and directives.
The Federal Information Security Management Act of 2002 (FISMA) mandates that agencies implement information security programs to protect agency information and systems.
Other laws, such as the Privacy Act of 1974, require that agencies adequately protect personal information, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires additional protections for sensitive health care information.
Encryption has become a central theme for various devices as articulated by the Office of Management and Budget (OMB) encouraging products approved by the National Institute for Standards and Technology (NIST) cryptographic validation program.
By the end of 2007 an General Accounting Office (GAO) audit revealed that only 30 percent of the devices in question were actually protected to the NIST standard.
Moreover, NIST itself in its 2006 report “Guidelines for Media Sanitization” (NIST Special Publication 800-88) proclaimed that encryption alone is inadequate in certain situations, particularly with respect to storage media:
“With the use of increasingly sophisticated encryption, an attacker wishing to gain access to an organization’s sensitive information is forced to look outside the system itself for that information. One avenue of attack is the recovery of supposedly deleted data from media. These residual data may allow unauthorized individuals to reconstruct data and thereby gain access to sensitive information. Sanitization can be used to thwart this attack by ensuring that deleted data cannot be easily recovered.”
How can an organization cope with the challenges of maintaining data privacy and adherence to ever-changing regulations? Start by talking to an expert.
PeakData specializes in the secure and complete eradication of data from virtually any media. Our Data Management Group develops and delivers consulting and professional services that incorporate industry-leading people, products, tools, and methodologies to help government entities mitigate risk by showing them how to store, protect, and manage their mission-critical information more efficiently and cost-effectively.