Henry Newman, Chief Technology Officer at Seagate Government Solutions
Henry has over 34 years of advanced-systems architecture and performance analysis expertise in solving the most complex challenges for customers in government, scientific research, and industry around the world.
Have a different question? Submit inquiries through our Contact page.
Hard disk drives are constantly retired (returned for warranty, repair and expired lease agreements, or repurposed for other storage duties or sold), lost or stolen. When unprotected data leaves the owner’s control and is compromised, a company faces losing revenue, market share and customer confidence. They may even be subject to civil penalties due to violation of data privacy regulations. This can be catastrophic for any organization, and especially for SMBs.
According to industry experts such as the Ponemon Institute, the average cost per data breach increases every year, and on average was US$6.6 million in 2008, or US$202 per compromised record.1 The Ponemon Institute further estimates that 81 percent of laptops contain sensitive data, and as many as 10 percent of all laptops are lost or stolen during their lifetime. Additionally, it is estimated that every week 12,000 laptops are lost or stolen in U.S. airports alone. The average cost to a business when a laptop containing sensitive yet unencrypted data disappears is nearly US$50,000. In extreme cases, the costs can be nearly US$1 million.2
FIPS 140-2 defines four levels of security. FIPS 140-2 validation will specify the security level to which the product adheres.
In the U.S., the National Institute of Standards and Technology requires all federal agencies to use FIPS 140-2 Level 2 Validated™ products to secure data designated as Sensitive but Unclassifed within computer and telecommunications systems (including voice systems).
In Canada, the Communications Security Establishment (CSE) requires federal agencies to use FIPS 140-2 Level 2 Validated cryptographic modules to secure data designated as Protected Information (A or B) within computer and telecommunications systems (including voice systems). FIPS 140 validation is also a necessary precursor for a cryptographic product to be listed in the Canadian government’s ITS Pre-qualified Products List. In the U.K., the Communications-Electronics Security Group recommends the use of FIPS 140 Validated cryptographic modules.
Civilian companies worldwide who contract to U.S., Canadian or U.K. federal government organizations that require FIPS 140-2 encryption compliance are also required to be compliant. Additionally, commercial companies-especially in finance, healthcare, education, and infrastructure (national security) verticals-are increasingly requiring FIPS 140-2 compliance throughout the world.
These companies want to follow the highest standard in protecting data. They recognize the rigor that goes into a FIPS-140 certification, finding it to be the preferred standard for security and choosing to depend on this standard for their own encryption needs.