Security First: Disruptive Innovation Re-Defining Data Security

Mark O’Hare, Founder, President & CEO Mark O’Hare first realized the need to completely overhaul how organizations handled sensitive data during his successful career in the US Navy, where he served as the Program Executive Officer of the US Navy Aircraft Carrier program. When he entered the private sector, O’Hare immediately began to explore the idea of securely accessing data anytime and anywhere. He founded Security First Corp. (SFC) in 2002, and as President/CEO started the development of a ground-breaking security technology that centered on the data itself. “It was like working in a skunk works environment,” says O’Hare, “we took the science and built the technology around it, focusing on data-centric security.”

SFC tackles data security and survivability in today’s complex and vulnerable data storage environments, like the cloud, where traditional network defenses are beginning to struggle. Combining the concepts of multi-factor secret sharing, keyed information dispersal and internal key control, O’Hare and his team created SecureParser® extended (SPx). This technology, which has more than 250 patents, is the core of Security First Corp. and powers every product and solution in their portfolio. SFC also develops and licences their technology for use in third party software, like IBM’s ICDES, to provide a variety of software-defined data protection solutions that make data completely secure, highly available and resilient.

“Significant effort and expense goes into protecting the network through perimeter defense strategy. But the reason for the attacks in the first place is to get to the data. Cyber attackers don’t stop at your network, and we believe your protection shouldn’t either. It’s a statistical certainty that you will be attacked. Data has to be proactively protected and rendered useless to the attacker, and that is exactly what our technology does,” affirms O’Hare.

A major problem with traditional data protection and encryption is that the data cannot be used while it is in an encrypted state. “If your data is secured but can’t be used, then what good is it!” exclaims O’Hare. “There must be a balance between usability and security.” He envisions going beyond standard encryption to include random splitting and resiliency at the very core of data, the binary 1’s and 0’s. “We’ve reduced the cost of securing data by minimizing the operational cycle time and making it highly available,” he remarks, “and found that with this new technology, data will not only be more secure, but more cost efficient to store.”

Today, cyber attack reports reveal over 100 companies are hacked every week, with 2.3 million records stolen every day. Last year alone, five major organizations (Sony, The Home Depot, Anthem, Target and JP Morgan Chase) were victims of significant cyber breaches. In June it was revealed that the U.S. Government’s Office of Personnel Management had 4 million records hacked affecting over 21 million people. In July, it was reported that United Airlines was hacked and intruders made off with important data including manifests containing detailed passenger information. All of these organizations were subject to immense security breaches costing millions of dollars and affecting hundreds of millions of people, despite their sophisticated network protection.

The Core Process: SPx

The patented SPx technology is the core of Security First Corp.’s products. This breakthrough technology first encodes the data using AES-256 encryption, then cryptographically splits the encrypted data, randomizes it, and disperses it into a user-defined number of unique physically or geographically separated locations.
Key management is almost entirely internal, and protected keys are securely kept by the creator of the data itself. No third party or key escrow systems are needed. "We have built a complete internal key management system where nearly all of the keys are securely managed within the system itself. This significantly reduces the risk and cost of external key storage,” says O’Hare. The majority of the keys are built into the data in a distinctive way, eliminating exposure. Instead of millions of keys controlling millions of files, only a minimum set of keys need to be managed.

With the keys secure, the data is randomly split into its “DNA”: the 1’s and 0’s that make up the file itself. O’Hare explains, “By working at the bit level and introducing fault tolerance capability, we can randomly split the data down to the bit level and package it into shares for dispersal.” In each share, extra bits are added so that if any one share is breached or exposed, the stolen data is completely unreadable. Any lost, damaged or missing data can be recreated from the remaining shares without having to decrypt the data. Additionally, all data is authenticated with a message authentication code (GMAC, HMAC or other) at the 256 or 512 bit level.

In newer encryption systems, a data migration strategy must be planned and implemented to bring large data sets to a single place before encryption. “We just bring the data in, read it behind the scenes and encrypt and protect it simultaneously. We repeat the process for the newer set of data received, be it a command line or GUI interface. Our intelligent configuration tools configure and manage the software and data to be dealt with for optimal administration and security,” says O’Hare.

SFC’s ParsedCloud is a free and secure file transfer application designed for transferring any size and any type of digital file between users, and is already being used by thousands of customers. Unlike other file transfer products, ParsedCloud does all the encryption itself. Once encrypted, the data is split into shares and pushed to four cloud locations across the country. The shares are never together at the same site, eliminating the risk of exposure.

The cryptographic splitting of data occurs locally on the machine where the ParsedCloud software resides. When authenticated users submit a request for download, the encrypted data gets downloaded to their machines and is recombined. Hackers trying to execute attacks in the middle gain nothing. “The data is seen only by the creator and the intended recipients. At our end, we only see how fast the data is moving, not what the data contains,” says O’Hare.

Both SPx and the key management protocol are certified by the Federal Information and Processing Standards 140-2 (FIPS 140-2). This means that any product or solution based on SPx already meets the standards for many government regulations. The solutions uniquely tackle the omni-present problem of cyber breaches in compliance with HIPAA, HITECH, FISMA, Sarbanes-Oxley, FERPA and PCI DSS.

We are the only solution providers in the world who can rebuild encrypted data

Intelligent Game Changers

SFC has formulated innovative solutions and products by adding intelligent features to the SPx technology, which enable the cryptographic splitting capability for applications and business processes. By journaling to a cache, any time an individual location becomes unavailable the journal is used to store transactions locally until the share is online again. If the data downtime extends beyond the time protected by journaling, SPx can initiate a complete rebuild of the data in the background.
This rebuild does not interfere with any of the other ongoing processes, and it can be done without the need to decrypt any of the protected data. “We are the only solution providers in the world who can rebuild encrypted data,” says O’Hare. SFC’s upcoming product, SPx Gateway, will also feature adjustable dynamic cache and dynamic storage volumes. The cache can be set dynamically for the amount of data needed. The Gateway can be used to take high cost on-premise storage, to scalable low cost off-premise storage, in another data site or in the cloud. Storage can start small and grow with the user in object storage containers to exabytes per volume. The use of local caching of frequently used data eliminates the latency inherent in remote storage. The ability to dynamically provision storage and cache is a significant advantage. Updates to the cloud data are done asynchronously in the background and are transparent to the user. This type of solution will allow users to take advantage of lower cost object storage, manage it, and never have to worry about data loss or compromise. Additionally, this solution can last with the user for a lifetime because there is virtually no limit to how much data can be stored and managed by the Gateway. “The cost performance curve on this is really quite remarkable,” O’Hare says.

In late 2015, SFC will intoduce solutions that will tackle new spaces like Big Data and the Cloud. Partnering with IBM Softlayer, SFC will bring enterprise gateway capabilities to the cloud. Enterprise cloud data will be securely pushed to different locations around the globe, like Asia, North America or Europe. Only two of those protected cloud shares are required to keep your data accessible. SFC has also built a security application pattern that provides data-at-rest encryption on IBM’s PureApplication System.

"The data is seen only by the creator and the intended recipients"

It is also possible to spread the data across cloud vendors and across geographies, so no single vendor can control a user’s data. This empowers the user to retain control. “Our focus is to build scalable solutions that support our client’s growth,” O’Hare states.

SFC offers their own solution for servers as well, called SPxSHARC. It protects databases, files, folders or directories on any server to offer secure, highly available and resilient data management. SPxSHARC has three tiers of service. The entry level product, SPxSHARCSecure, offers keyed encryption and randomization of data. With SPxSHARC’s Advanced Secure, the user acquires “M of N” fault tolerance, delivering high availability for local sites. SPxSHARC Advanced Multi-Site provides complete data survivability, splitting protected data across multiple remote locations for disaster recovery and business continuity. The storage configuration (whether it is local, remote, cloud or hybrid) is highly scalable and transparently layers into the file system of the operating system.

The Quest for Change

With over seven zetabytes of data currently stored globally, O’Hare knows that the future will continue to bring challenges to data storage. “25,000 petabytes of data are generated every day,” O’Hare says, “and it grows at 40 percent a year.” The reality is that all this new data has to be secured in a cost-effective way.

SFC is developing a new product for secure file sync and share, which can synchronize data across all user’s devices and share files across the globe. The firm’s SPxConnect is a complete data-in-motion security product for data protection in the communication network. Once enabled, users can browse the web securely with no discernible data ever crossing the connection, eliminating any risk of data loss.

SFC’s game changing technology is set to revolutionize and secure POS devices, handheld devices, servers, gateways, ATMs, switches, and operating systems. “I want to make customers’ data secure in a cost-effective way,” reaffirms O’Hare.

Security First

Rancho Santa Margarita, CA

Mark O’Hare, Founder, President & CEO

Provider of information assurance including data security, privacy, integrity, and high availability