Learn how to hide or encrypt specific files in Windows in order to better protect them.

Image: Getty Images/iStockphoto

You can--and should--protect your Windows computer with a strong and secure login password or other means of authentication. Perhaps there are specific folders and files on your PC for which you want an extra layer of security. Windows gives you a couple of options:

SEE:Windows 10 security: A guide for business leaders(TechRepublic Premium)

First, open File Explorer on your Windows computer. Select a folder or file (or files) that you want to hide. Right-click on your selection and select Properties from the menu. From the Properties dialog box, click the checkbox for Hidden. Then click OK (Figure A).

Figure A

If you're still able to see the folder or files, that likely means the option to view hidden files is turned on. Click on the View tab and uncheck the box for Hidden Files. The files should then vanish (Figure B).

Figure B

Hiding folders and files is a simple process but one with a couple of obvious drawbacks. First, if you want to work with those files, you have to either unhide them or re-enable the option to view Hidden Files, which defeats the whole purpose of hiding them. Second, if someone does gain access to your computer, that person could easily turn on the option for Hidden Files, which acts like a red flag for any potentially secret or sensitive files.

A more secure option is to encrypt any folder or files you wish to safeguard. Windows offers a built-in encryption tool called Encrypted File Service (EFS). EFS is available in Windows 10 Pro, Windows 10 Enterprise, Windows 8/8.1 Pro, Windows 8/8.1 Enterprise, Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise. If you encrypt a file with EFS, only you can access the file through your Windows account. Other accounts, even those with administrative privileges on the machine, will be unable to access it.

To set up the encryption, insert a USB stick into your computer, which you'll use to back up the encryption key. Select and right-click the specific folder or files. Select Properties from the menu. At the Properties box, click on the Advanced button and then check the box to Encrypt Contents To Secure Data. Click OK (Figure C). Back at the Properties window, click OK or Apply.

Figure C

If you're trying to encrypt a file or files, a message appears asking if you want to encrypt the file and its parent folder or only the file. If the file is encrypted but not its folder, and you modify that file, an unencrypted version of the file could be stored temporarily as you edit it. Plus, any new files you create in the folder would not be encrypted. Choose your preferred option and then click OK (Figure D).

Figure D

If you're trying to encrypt a folder, a message asks if you want to apply changes to this folder only or to this folder, subfolder, and files. In this case, you'll likely want to choose the latter option, which is selected by default. Click OK (Figure E).

Figure E

A message should then appear prompting you to back up your encryption key. Make sure a USB stick or other removable media is inserted into your computer. Choose the first option to Back Up Now. The Certificate Export Wizard pops up with a welcome screen. Click Next. At the next screen for file format, keep the default selections. Click Next. At the Security screen, enter and then re-enter a password to protect the encryption key. At the File To Export screen, type the name of the file you wish to store on the USB drive. Click Next. At the final screen, click Finish. A message will pop up telling you that the export was successful. Click OK (Figure F).

Figure F

As long as you're signed into Windows with your own account, you'll be able to access and work with the folders or files you encrypted. If another person signs in or tries to access the files without your account or the encryption key, that person will receive a message indicating that the document may be read-only or encrypted.

To decrypt the folder or files, simply reverse the process. Sign in with your account, right-click on the folder or files, select Properties. At the Properties box, click the Advanced button. Uncheck the box to Encrypt Contents To Secure Data. Click OK. At the Properties box, click OK or Apply. Choose the option to apply changes to the folder or the folder, subfolders, and files, or the file and its parent folder. Click OK. The folder or file is then decrypted (Figure G).

Figure G

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

See the original post:
How to protect specific folders and files in Windows - TechRepublic

vSAN Cluster Types: 2 Node Clusters vs. Stretched Clusters

A regular vSAN cluster will reside at one site and requires at least two nodes (although three or more is common). Meanwhile, a vSAN stretched cluster divides nodes among multiple sites, which may reside just down the hallway from one another, or may be located in separate buildings on a campus or across a city. Schulz likens a stretched cluster to taking a 12-egg carton and cutting it in half.

Its all about availability, Schulz says. If theres a power outage or a hardware problem, if something happens to those eggs in one refrigerator, you can keep running.

Schulz notes that organizations may also opt to connect multiple clusters across more distant locations for instance, connecting clusters in Chicago and New York. While these sites are too distant to accommodate a single stretched cluster, infrastructure at far-flung sites can be set up to replicate to each other, providing a greater level of redundancy.

When organizations enable encryption, vSAN encrypts everything in the vSAN data store. Because all files are encrypted, all virtual machines (as well as their corresponding data) are protected, and only an administrator with encryption privileges can perform encryption and decryption tasks. Because theyre part of the VMware environment, the nodes themselves have that protection, where its difficult to get in there and tinker with the node and the encryption mechanism, Schulz says. Its multiple layers of protection.

MORE FROM BIZTECH:Learn about using VMware as a service on Microsoft Azure.

Data center operators can take advantage of vSANs features in an all-flash environment or a hybrid configuration. In an all-flash vSAN, flash storage is used throughout the entire solution. A hybrid vSAN, by contrast, uses flash only at the caching layer, with spinning disk storage used throughout the rest of the environment. An all-flash vSAN will, of course, offer an overall higher level of performance, and data center operators should understand that the cost of flash storage has dropped steeply in recent years, making all-flash a realistic option for many use cases. Still, hybrid solutions remain even more affordable, and the decision will ultimately come down to each individual organizations performance requirements and budget.

Theres plenty of demand for all-flash, and plenty of people also use hybrid, says Sheppard. You absolutely have to have both [as options]. What were seeing is that hyperconverged infrastructure has matured to a point where it cant be a single type of product. It has to be a little broader in terms of how it can be configured by the user.

Get as much flash as you can afford, Schulz advises. The price of flash is always coming down, but so is the price of spinning disk. If you cant afford all the flash you need for your capacity, hybrid is a home run. Its all about budget.

Read this article:
What is VMware vSAN: Cluster Types, Encryption and More - BizTech Magazine

If your company uses WhatsApp to communicate among its team or with customers, you might want to evaluate your other options as the popular end-to-end encrypted messaging service has endured some security issues this year.

Most recently is a vulnerability that could allow a hacker to deliver a malicious message to a group chat that would crash the app for all members of the group. Users would be forced to uninstall and reinstall the app and delete the group message that was targeted, according to cybersecurity provider Check Point, which discovered the latest vulnerability.

That could have serious consequences for a business using it to communicate with employees or its customers. This also has implications for U.S. national security, as some White House staffers have reportedly used the app to communicate.

Check Point disclosed its findings to WhatsApp in August, and the Facebook-owned company has since patched the issue, but users still need to update to the latest version of the app.

According to Forbes, this is hardly the apps only security issue.

In May, WhatsApp revealed that a major cybersecurity breach enabled targeted spyware to be installed on phones through voice calls thanks to a malicious code from Israeli technology firm NSO Group Technologies.

Other security flaws found this fall included the ability to use a GIF to access a users content and a stack-based buffer overflow that could be trigged by sending an MP4 file to a WhatsApp user that could compromise the system and allow malware to be implanted on the device to eavesdrop or control it remotely.

Now, government officials are working with Facebook to come up with a solution that would give law enforcement a backdoor into WhatsApp communications to help fight terrorism and other crimes.

Read Next: U.S. Wants Encryption Backdoor in Personal Devices

WhatsApp became popular because of its encryption, security and privacy, especially in the 21st century as when normal business functions like email and payment solutions are increasingly the target of cyberattacks.

The company does offer an enterprise-focused version of the app that it released in 2018 and made available on iOS this fall, WhatsApp Business, but Facebook confirmed that some versions of the business app were affected by the Israeli hack and GIF hack.

Its important to note that the company has since fixed the issues, but they seem to keep popping up.

View original post here:
Popular Encrypted Messaging App WhatsApp Has A History of Security Flaws - TechDecisions

On December 26 the State Department will publish a long-awaited rule amending the International Traffic in Arms Regulations (ITAR) by providing a definition of activities that are not exports, reexports, retransfers, or temporary imports at 22 CFR section 120.54. Notably, this definition provides much-needed guidance on whether and under what circumstances end-to-end encrypted technical data is controlled under the ITAR. Published as an interim final rule, the State Department will accept comments through January 25, 2020, which could result in additional changes. However, the effective date of the interim final rule is set to be March 25, 2020, ninety days after publication in the Federal Register.

In 2015, the State Department published a proposed rule with a number of possible revisions to key definitions of the ITAR. One of the main goals of these revisions was to harmonize the ITAR and the Department of Commerces Export Administration Regulations (EAR) as part of the Export Control Reform Initiative announced by President Obama in 2009. Several of these proposed definitions were eventually adopted in final rules, but many were not.

In 2016, the Commerce Department adopted a definition for activities that are not exports, reexports, or retransfers, at 15 CFR section 734.18, which it amended in December 2017. The present rule issued by the State Department adopts a similar definition for the ITAR. Additionally, the rule amends the definition of release (22 CFR section 120.50), adds a definition of access information (22 CFR section 120.55) and makes minor amendments elsewhere to reference these new sections.

As with the definition in the EAR, the ITAR lists five activities that are not considered exports or other controlled events that would otherwise require a license or approval. These five activities are:

In response to a number of comments, the State Departments interim final rule provides additional guidance and context relevant to the interpretation of these new and amended definitions in the ITAR.

Read this article:
State Department publishes long-awaited ITAR rule on encryption and other excluded activities - Lexology

Data protection solutions are finally evolving to the current state of data: distributed, cloud-centric and always-on. Data used to only exist within the corporate network on devices that never left the physical protection of the company.

Data loss prevention (DLP) has been the default solution for protecting data. It's literally in the name. What countless organizations have determined is that DLP doesn't stop breaches, but it does generate extremely high operational overhead. The same is true for other legacy solutions such as pretty good privacy (PGP) and information rights management (IRM).

DLP is only as good as the classification rigidity enforced by the organization. Classification is always too rigid and can't keep up with fluid data movement. For DLP to prevent data from egress, data must be classified correctly. Classification is complicated and fragile. What is sensitive today is not sensitive tomorrow and vice versa. Classification turns into an endless battle of users trying to manage the classification of data. Ultimately, classification and DLP deteriorate over time. DLP adds an extremely high operational overhead, as it requires users to be classification superstars, and even then, mistakes will happen. Desjardins Group, a Canadian bank, recently made news for a malicious insider who obtained information on 2.7 million customers and over 170,000 businesses. The exact details of the breach haven't been made public yet, but DLP solutions are standard in all financial institutions.

PGP's encryption is a privacy tool. Users can encrypt their data so others can't access it, but PGP fails once users try to share data with other users. Once a user distributes the encryption key, the user has completely lost control of the data. Anyone with the key can decrypt the data and transfer the unprotected data as they wish. PGP was never intended to secure an organization's data set. Wired Magazine went as far as claiming PGP is dead.

IRM is limited to a small set of applications. Typically focused on Office documents, IRM can protect data with significant depth of protection such as blocking copy and paste, blocking save as, blocking print, etc. Blocking copy and paste adds overhead to users, however. For organizations that only work with Word and Excel files, IRM may be an acceptable solution. Organizations that need to protect any non-Office will need to find another solution. IRM only works with a limited list of applications and versions. Even Microsoft Azure Information Protection has significant restrictions on file types and sizes.

A New Approach to Data Protection

A new wave of solutions has appeared in the market to significantly shift the focus of data protection. Here are four criteria to measure data protection in the solutions you're currently considering:

Data Protection Vs. File Protection

Protecting files is no longer the focus. Data should be protected and continue to be protected as it moves from file to file and format to format. A file is simply the container to store data. Ensure solutions are capable of automatically protecting derivative work, including copy and paste and save-as.

Identity Authentication Vs. Device Or Location Authentication

Access control should be associated with a user identity and not devices, locations, or networks. Having a unified and centralized identity and access management solution will allow for all security permissions to be applied across multiple data protection solutions.

Data DNA Vs. Classification

Protection criteria should not be based on file classification, but rather the actual data DNA. As sensitive data is moved, protection needs to follow data. Classification is too manual and adds too much operational overhead to users.

Transparency Vs. Usability

Legacy solutions added operational overhead to end-users. The best data security solutions are the ones that are not visible to end-users. Don't ask users to change their behavior in the name of data protection. Only unauthorized users should notice security is in place. Data protection solutions also have to protect a broad range of applications, file types, sizes, etc. The more limitations the solution has, the less practical it will be.

With the rise of new data protection solutions, organizations need to review new solutions and replace legacy solutions that aren't capable of protecting data in today's data workflow and increased scrutiny on data security and privacy.

Read the original:
The Evolution Of Data Protection - Forbes

The benefits of operational efficiency and flexibility delivered by public cloud resources have encouraged todays organizations to migrate applications and data to external computing platforms located outside the perceived security of on-premises infrastructures. Many businesses are now adopting a cloud-first design approach that emphasizes elastic scalability and cost reduction above ownership and management, and, in some cases, security.

Analyzing global trends in public cloud services, Gartner has predicted that spending on these resources will increase from $182.4B in 2018 to $331.2B in 2022, with 30 percent of all new software investments being cloud native by the end of 2019.

Trusting Someone Else to Guard Your Secrets

The benefits of third-party infrastructure and applications, however, come with risks. Deploying sensitive applications and data on computing platforms that are outside of an organizations owned and managed infrastructure requires trust in the service providers hardware and software used to process, and ultimately protect, that data.

Trusting a cloud provider can be disastrous for an organization financially and reputation-wise if they are the subject of a successful cyber-attack. In its Ninth Annual Cost of Cybercrime Study, Accenture reported that in 2018 the average cost of cyber-attacks involving either a malicious insider or the execution of malicious code was $3M per year, according to participants.

Confidential Computing

One response to the problem of the trustworthiness of the cloud when it comes to data protection has been the emergence of the Trusted Execution Environment (TEE), which has led to the concept of confidential computing. Industry leaders joined together to form the Confidential Computing Consortium (CCC) in October.

The Confidential Computing Consortium looks to address the security issues around data in use, enabling encrypted data to be processed in memory without exposing it to the rest of the system. This is the first industry-wide initiative by industry leaders to address data in use, since todays encryption security approaches mostly focus on data at rest or data in transit. The work of the Confidential Computing Consortium is especially important as companies move more workloads to multiple environments, including on premises, public cloud, hybrid, and edge environments.

Secure Enclaves

One of the most important technologies for addressing the problem of protecting data in use can be found in the form of secure enclaves, such as the protected memory regions established by Intel Software Guard Extensions (SGX). Secure enclaves allow applications to execute securely and be enforced at the hardware level by the CPU itself. All data is encrypted in memory and decrypted only while being used inside the CPU: the data remains completely protected, even if the operating system, hypervisor or root user is compromised. With secure enclaves, data can be fully protected across its entire lifecycle at rest, in motion and in use for the first time.

Secure enclaves can offer further security benefits using a process called attestation to verify that the CPU is genuine, and that the deployed application is the correct one and hasnt been altered.

Operating in secure enclaves with attestation gives users complete confidence that code is running as intended and that data is completely protected during processing. This approach is gaining traction, for example it enables sensitive applications, including data analytics, Machine Learning, and Artificial Intelligence, to run safely in the cloud with regulatory compliance.

Runtime Encryption

Encryption is a proven approach for effective data security, particularly when protecting data at rest and data in motion. However, as discussed above, a key requirement for confidential computing, and the focus of the Confidential Computing Consortium, is protecting data in use. When an application starts to run, its data is vulnerable to a variety of attacks, including malicious insiders, root users, credential compromise, OS zero-day, and network intruders.

Runtime encryption provides deterministic security with hardware-aided memory encryption for applications to protect data in use. Through optimization of the Trusted Computing Base (TCB), it enables encrypted data to be processed in memory without exposing it to the rest of the system.

This reduces the risks to sensitive data and provides greater control and transparency for users. Runtime encryption provides complete cryptographic protection for applications by running them securely inside a TEE and defending them even from root users and physical access to the server.

Expanding the Circle of Trust

The number one concern cited by enterprises in their move to the cloud continues to be security. Confidential computing and protecting data in use gives sensitive applications a safe place that protects them from todays infrastructure attacks.

Confidential computing is critical for protecting cloud data, and it is fundamentally helping establish and expand the circle of trust in cloud computing. It creates isolated runtime environments that allow execution of sensitive applications in a protected state, keeping cloud apps and data completely secure when in use.

With secure enclaves and runtime encryption supporting confidential computing, customers know that, no matter what happens, their data remains cryptographically protected. No amount of zero-day attacks, infrastructure compromises, and even government subpoenas can compromise the data. Confidential computing expands the deterministic security needed for the most sensitive cloud applications, at the performance level demanded by modern Internet-scale applications.

A Secure Cloud Future

As Gartner has reported, businesses are migrating their sensitive data and applications to public cloud services, a practice that saves them from ownership and maintenance of infrastructure that will inevitably be obsolete in the future.

Leading technology providers have recognized that confidential computing provides a security model ready to address the problems of untrusted hardware and software that have hampered this transition to the cloud.

With a growing number of use cases, and interest and deployments surging, confidential computing environments will be relied on to protect data in growing areas such as industry 4.0, digital health, the Internet of Things (IoT), and federated machine learning systems.

As the Confidential Computing Consortium continues its work, individuals and businesses may at some point expect a confidential computing architecture as a prerequisite for the exchange and processing of our private data.

Link:
Extending the Circle of Trust with Confidential Computing - Infosecurity Magazine

The report is an all-inclusive research study of the global Encryption Software Market taking into account the growth factors, recent trends, developments, opportunities, and competitive landscape. The market analysts and researchers have done extensive analysis of the global Encryption Software Market with the help of research methodologies such as PESTLE and Porters Five Forces analysis. They have provided accurate and reliable market data and useful recommendations with an aim to help the players gain an insight into the overall present and future market scenario. The report comprises in-depth study of the potential segments including product type, application, and end user and their contribution to the overall market size.

In addition, market revenues based on region and country are provided in the report. The authors of the report have also shed light on the common business tactics adopted by players. The leading players of the global Encryption Software Market and their complete profiles are included in the report. Besides that, investment opportunities, recommendations, and trends that are trending at present in the global Encryption Software Market are mapped by the report. With the help of this report, the key players of the global Encryption Software Market will be able to make sound decisions and plan their strategies accordingly to stay ahead of the curve.

Global Encryption Software Market was valued at USD 3.32 billion in 2016 and is projected to reach USD 30.54 billion by 2025, growing at a CAGR of 27.96% from 2017 to 2025.

Report Enquiry For Download Sample

Topmost Leading Key Players in this report :

Dell, Thales E-Security, Eset, Symantec, IBM Corporation, Sophos, Ciphercloud, Pkware, Mcafee, Gemalto, Trend Micro, Microsoft Corporation

As part of primary research, our analysts interviewed a number of primary sources from the demand and supply sides of the global Encryption Software Market . This helped them to obtain both quantitative and qualitative data and information. On the demand side of the global Encryption Software Market are end users, whereas on the supply side are distributors, vendors, and manufacturers.

During our secondary research, we collected information from different sources such as databases, regulatory bodies, gold and silver-standard websites, articles by recognized authors, certified publications, white papers, investor presentations and press releases of companies, and annual reports.

The research report includes segmentation of the global Encryption Software Market on the basis of application, technology, end users, and region. Each segment gives a microscopic view of the market. It delves deeper into the changing political scenario and the environmental concerns that are likely to shape the future of the market. Furthermore, the segment includes graphs to give the readers a birds eye view.

Last but not the least, the research report on global Encryption Software Market profiles some of the leading companies. It mentions their strategic initiatives and provides a brief about their structure. Analysts have also mentioned the research and development statuses of these companies and their provided complete information about their existing products and the ones in the pipeline.

Based on regions, the market is classified into North America, Europe, Asia Pacific, Middle East & Africa and Latin America. The study will provide detailed qualitative and quantitative information on the above mentioned segments for every region and country covered under the scope of the study.

Finally, Encryption Software Market report gives you details about the market research finding and conclusion which helps you to develop profitable market strategies to gain competitive advantage. Supported by comprehensive primary as well as secondary research, the Encryption Software Market report is then verified using expert advice, quality check and final review. The market data was analyzed and forecasted using market dynamics and consistent models.

Verified Market Research has been providing Research Reports, with up to date information, and in-depth analysis, for several years now, to individuals and companies alike that are looking for accurate Research Data. Our aim is to save your Time and Resources, providing you with the required Research Data, so you can only concentrate on Progress and Growth. Our Data includes research from various industries, along with all necessary statistics like Market Trends, or Forecasts from reliable sources.

Mr. Edwyne Fernandes

Call: +1 (650) 781 4080

Email:[emailprotected]

Continue reading here:
Encryption Software Market Size 2019, Trends, Share, Outlook and forecast to 2026 - CupMint