Common Criteria Certified EAL5+ Hardware Roots of Trust Provide Protection for Personal Data that Cannot be Disputed

San Jose, CA – January 23, 2018 – SPYRUS, Inc. today announced the immediate availability of SPYRUS® security solutions meeting the European Union’s Data Protection Requirements (GDPR) that must be in place by May 2018. The GDPR mandate includes substantial penalties (the greater of €10 million or 2% of global annual turnover), if an organization fails to provide a “reasonable” level of protection for personal data, regardless of intent. Global companies, with headquarters outside the EU, remain subject to GDPR penalties for their EU based subsidiaries.

Organizations cannot leave the term “reasonable” up to an evaluator’s post event discretion. Legal fees to prove reasonable effort can be as costly as the GDPR penalties themselves. High assurance transparent encryption solutions offered by SPYRUS provide a sound underpinning to meet GDPR, particularly Article 25 covering “data protection by design and by default”. The SPYRUS hardware roots of trust, its Rosetta Hardware Security Module (HSM) enabled security products, are the only solutions where reasonability cannot be challenged:

  • Fully certified at FIPS 140-2 Level 3, with tamper-evident physical security mechanisms, the Rosetta HSM prevents an intruder from gaining access to the keys that protect personal data. Physical security mechanisms include high probability of detecting and responding to attempts at physical tampering, use or modification of the cryptographic module that include strong enclosures and tamper-detection/ response circuitry that cause the keys to be useless if attacked.
  • The Rosetta HSM is built on a core chip with a Common Criteria Evaluation of EAL5+ that ensures maximum security engineering “data protection by design and by default” based upon certified, rigorous engineering and manufacturing techniques.
  • The Rosetta HSM offers the strongest protection of an individual’s identity credentials used to access personal data that ensures, at the highest level of assurance and confidence, that the credential has not been altered or replicated.
  • The SPYRUS devices, protected by the Rosetta HSMs, are fully encrypted with keys and military grade algorithms, both hardware protected, that have been used for up to classified data protection as a standard commercial product.

“At a cost significantly less than arguing reasonability and paying GDPR fines, the SPYRUS hardware roots of trust security solutions offer data protection assurance that similarly priced software solutions are UNABLE to achieve”, said Daniel E. Turissini, SPYRUS CTO. “The only way to protect against the ambiguity of “reasonable” is to protect your customer’s and your brand beyond reasonable. With over 25 years of experience in the Information Assurance/ Cyber Security space I have found no other cost-effective solution that meet the rigor or offer the confidence that the SPYRUS hardware roots of trust solutions do.”

Each component in the solution can be managed with enterprise driven policy that enforce data protection controls, removing the ability for users and administrators to ‘work-around’ data protection security controls, maliciously or in error:

  • The SPYRUS family of bootable live drives, hardware encrypted devices, and Trusted Flash® ensure, at the highest levels, protection of data at rest;
  • The SPYRUS embedded Rosetta HSM with smartcard and PKI support ensures, at the highest levels of protection, that only authorized users and/ or devices obtain data access and protect data in motion;
  • The SPYRUS NcryptNshare secure sharing and storage applications leverage the SPYRUS hardware root of trust to ensure, at the highest levels of protection, that data sharing is only allowed between authorized personnel on authorized devices; and,
  • The SPYRUS Enterprise Management System™ (SEMS) provides on premise or SEMSaaS hosted enterprise management, auditability, accountability and control of the entire family of SPYRUS security solutions, electronically enforcing enterprise controls.

The SPYRUS Cyber Security Systems Engineering team’s rich experience in data protection initiatives similar to GDPR is ready to assist your enterprise with architecting and implementing “data protection by design and by default” that will eliminate your enterprise’s exposure to data breaches and the consequences.

“All of the SPYRUS security solutions are readily available through our global distribution partners (”, said Tom Dickens, SPYRUS COO. “SPYRUS products are quickly integrated into Microsoft Windows and Linux environments, eliminating the need to struggle with complex software-based solutions that are susceptible to user work-arounds or disablement. The SPYRUS certified Hardware Roots of Trust save costly recurring compliance cycles and provide auditable, cost-effective enterprise control of BYOD deployments.”

Related Links
Booting on a SPYRUS WorkSafe Pro
DualBoot Options Pro
SPYRUS Enterprise Management featuring SEMS Hardware Policy
NIST SP 800-171

About SPYRUS, Inc.
SPYRUS delivers innovative security solutions that offer the strongest protection for data in motion, data at rest and data at work. For over 20 years, SPYRUS has delivered leading hardware-based encryption, authentication, and digital content security products to government, financial, and health care enterprises. To prevent the insertion of untrusted components, patented Secured by SPYRUS security technology is proudly designed, engineered, and manufactured in the USA to meet FIPS 140-2 Level 3 standards. SPYRUS has collaborated closely with Microsoft to deliver the first certified hardware encrypted portable platform for Windows 7, Windows 8, Window 8.1 and now Windows 10. SPYRUS is headquartered in San Jose, California. See for more information.
© 2018 SPYRUS, Inc., All rights reserved.
SPYRUS, the SPYRUS logo, Linux2Go, Rosetta, Rosetta Micro, SPYCOS, KeyWitness, Suite B On Board are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization, and product names are trademarks of their respective owners. All other trademarks are the property of their respective owners.
SPYRUS Media Contact:
Dan Chmielewski
Madison Alexander PR, Inc.
(714) 832-8716
(949) 231-2965 (cell phone)