How Federal Agencies Can Stop Data Exfiltration and Mitigate Risk

Kristina Avrionova Fortanix
Kristina Avrionova
Published:Apr 25, 2024
Reading Time:5 mins
mitigate data exfiltration risk

It is very hard to find silver linings when a cyber-attack happens. From freezing operations to stealing valuable and sensitive data, the damage is severe, even more so when it affects a nation’s security. Arguably, the only bright spot in such dark moments is the opportunity to learn from the incident and take corrective measures going forward.

The latest Cybersecurity & Infrastructure Security Agency (CISA) Emergency Directive 24-02 was issued to Federal Civilian Executive Branch (FCEB) agencies due to breaches to their Microsoft email accounts by a Russian state-sponsored actor. The fact that cyber criminals were still able to get through and extort valuable authorization credentials is further proof that data was not properly secured, and that traditional, perimeter-defense security practices do not provide adequate protection.

Federal agencies, and frankly any organization across any industry or branch, need to adopt a data-centric approach to cyber security to protect data across its full lifecycle. Data encryption is the final line of defense; however, proper encryption of data relies heavily on how the associated encryption keys are managed and stored. Leave keys vulnerable or mismanaged - data is up for grabs again, and this time around there are no more silver linings.

At Fortanix, we prioritize data security. The Fortanix Data Security Manager (DSM) platform offers comprehensive data security solutions that help organizations protect sensitive data, while maintaining its availability and integrity. The Fortanix platform allows security teams to:

  • Encrypt data at-rest, in-transit, and in-use - encryption is done with NIST-recommended algorithms, and cryptographic policies are enforced across all environments at once to ensure that no accidental deviations from policy can occur. Moreover, the Fortanix platform is built on confidential computing; all cryptographic operations happen in a trusted execution environment built on Intel SGX, so data is protected even during processing and in-use.
  • Efficiently manage keys - all encryption keys for data, regardless of where the data resides (on-prem, cloud or hybrid), are managed centrally, from a single pane of glass. With Fortanix, teams now can create, rotate, and manage keys with few clicks and have oversight and control over their keys. The consolidated administration gives teams efficient security operations and prevents key sprawl from using siloed key stores.

Download Now: Buyers Guide to Enterprise Key Management

  • Securely store keys and credentials - the natively integrated FIPS 140-2 Level 3 (soon to be FIPS 140-3 Level 3) Hardware Security Module (HSM) stores encryption keys as well as secrets, login credentials, certificates, API keys, and tokens.

  • Apply Zero Trust Principles - Multi Factor Authentication (MFA), Role Based Access Control (RBAC) and Quorum Approval policies ensure strong user authentication, tight privilege access, and policy approvals to prevent tampering with keys and administrative credentials.

Download the Whitepaper: Applying Zero Trust Principles to Data Security

  • Elevate security for SaaS solutions - Fortanix External Key Manager services enable agencies utilizing SaaS applications, like Google Workspace, ServiceNow and Snowflake for example, to Bring Your Own Keys and have keys under their control, further reducing the risk of unauthorized data access.

Related Read: Take your Google Workspace Data Security, Privacy and Compliance to The Next Level

  • Have crypto agility – rapidly migrate to post-quantum algorithms rapidly, without disrupting operations due to complex hardware or software upgrade procedures.

  • Work safely with data - The Fortanix data tokenization solution uses Format preserving Encryption that replaces sensitive data, but it does not change the format of the dataset. Therefore, data is secured, yet it is portable and usable. When needed, only authorized personnel or services can decrypt the data.

Security, data, and application teams in the public sector can build cyber resilience, bolster security operations, and dramatically mitigate impact of data breaches and ensure security and privacy of sensitive citizen or mission-critical data with Fortanix.

To learn more about the Fortanix platform, contact our federal team.

Share this post: