In mid-April of 2023, a global entertainment studio contracted an independent audit of Pro Data’s security features. Here’s a brief overview of the auditor’s methodology, iodyne’s security features, and the final report findings.
Founded in 2006, Seattle, Washington-based Leviathan Security Group (LSG) is focused on supporting the world’s innovators and ensuring they use safe practices to improve security confidence. Leviathan performs high-end security assessments that combine the skills of sophisticated testers and business process experts to find risks that go beyond the OWASP Top 10 and the CWE Top 25.
LSG’s penetration testing service involves simulating real-world attacks to identify vulnerabilities that could be exploited by malicious actors. Their experts use a combination of manual and automated techniques to identify weaknesses and security gaps. They analyze network architectures, assess application vulnerabilities, examine access controls, and scrutinize configurations to uncover potential entry points for would-be attackers.
Once potential vulnerabilities are investigated, LSG provides detailed reports outlining the findings, including the specific vulnerabilities discovered, their potential impact, and recommendations for remediation. These reports enable their clients to understand their security weaknesses and prioritize their efforts to address them effectively.
Enterprise Security Meets Consumer Usability
The iodyne team’s background in enterprise storage demanded a robust security architecture when designing Pro Data, but not at the expense of performance or user experience.
Incorporating a hardware-accelerated XTS-AES 256-bit encryption engine into the datapath ensures that all data is encrypted at rest without taxing computer resources. Encryption keys are protected by a TPM 2.0-compliant Secure Enclave that validates user authentication to grant access exclusively to directly-attached computers, further mitigating network security concerns.
Whether lost, stolen, or left unattended, Pro Data’s Secure Enclave repels brute-force attacks aimed at guessing passwords. Without access to encryption keys, your data cannot be decrypted – even if SSDs were to be removed from its chassis.
Best of all, security is enforced automatically with zero configuration. Encryption is always on: even if a container does not have its own password assigned, Pro Data’s mandatory device password secures all data from unauthorized access. Not to mention that with hardware-acceleration, Pro Data offloads encryption tasks from your computer to maximize efficiency and throughput.
“We have no recommendations as no negative trends or findings were observed.” – Leviathan on Pro Data
Conclusion
LSG performed a security assessment of the Pro Data hardware platform and macOS version of the associated application. No findings of vulnerability resulted from the evaluation, which focused on, “identifying vectors by which an unauthenticated user could compromise a Pro Data device for which they do not know any passwords.“
LSG determined that Pro Data is robust in all areas tested, stating, “Data is encrypted at rest and inaccessible by direct reading of SSDs. Passwords are enforced and password complexity requirements are in place.”
“Data is encrypted at rest and inaccessible by direct reading of SSDs. Passwords are enforced and password complexity requirements are in place. We have no recommendations as no negative trends or findings were observed.”
We couldn’t be more pleased with the results of this penetration test. Our dedication to securing Pro Data has given this major studio the confidence to trust it with their most sensitive and valuable production data.