Data breaches are seemingly everywhere these days, whether it’s a via a cyberattack or an accidental leak.
But information is a valuable resource, and any data loss can have devastating effects on your business.
Since being introduced, GDPR violations have cost companies billions, so data protection and compliance is more important than ever.
A 3-2-1 backup strategy
At the recent InfoSecurity Europe 2025 event, we spoke to Jon Fielding, Managing Director for EMEA at Apricorn to get a better understanding of how hardware security solutions can protect organizations.
“So we now are in an era of consistent attack really, right?” Fielding warns. “You need to prepare yourself for the worst. What happens if everything is locked down with ransomware? Where do you go from there? And if you haven’t got your data backed up, you haven’t got a clean set of data, then actually you’re out of business.”
The 3-2-1 backup strategy refers to keeping three copies of your data (the original, plus two copies), stored on two different types of media, at least one of which should be stored offsite – and ideally encrypted.
“So if you’re backing up your data, it’s probably got some sensitive information there,” Fielding explains. “So that gives you a belt and brace. So, if you’re in the Amazon cloud and the Eastern board goes offline like it’s done before, well, what’s your fallback? You need to have it somewhere else, ideally something like this.”
This is where Fielding shows me some of Apricorn’s latest storage devices – pictured above is the Apricorn Fortress L3 FIPS, a portable storage solution with up to 5TB capacity and both HDD and SSD.
Apricorn products are software free, hardware encrypted, and come with an on-device PIN encryption for an extra layer of security.
“You’ll also see that all of our products have this PIN pad on them,” Fielding explains. “So we have a feature set that runs through the whole family and is uniform across every product. Now the concept of having the PIN pad on the device itself means that all of the sensitive security operations take place on the device nowhere else. So to access the data on a device you have to put the right PIN in.”
“The authentication happens here, the encryption and the decryption happens here.”
This is significant, especially in high risk industries. With classically encrypted hardware, you plug in your device, and enter a password into a little window that pops up – but this comes with an element of risk. Software-free devices remove that layer of exposure.
“So if you’re, let’s not say paranoid, but you’ve got complete control over this,” Fielding adds. “When you’re putting your data in the cloud, you are by default giving up some element of control and you are placing your trust in things like their hiring policy, their security, and all these kinds of things. So this is complete self-governance, let’s put it that way.”
Complete self-governance
In an era where everyone will apparently experience a hack, secure data is paramount, and so is having full control over your information.
Apricorn says its devices come with a whole host of configurable security policies, including minimum PIN length, timeout values, retry values, and more – all of which can be set as standard by your organization to match your security policy.
“That’s what this is all about,” says Fielding, “it’s the ability to know that you have it as safe somewhere, that the data that is critical to your business operations should the worst happen. Think of it as an insurance policy.”
But what happens when a device is under attack? Well, if your PIN is entered incorrectly too many times, the security protocol kicks in.
“It makes the data inaccessible,” Fielding explains, “so it removes the encryption key and it removes all of the data store points in here so although it physically resides there there’s no way of getting to it.”
Although pretty much all sectors are facing more frequent attacks nowadays, this kind of hardware lends itself to heavily regulated industries like banking, finance, government, healthcare, insurance, and military.
Apricorn is one of the only stalls I visited at InfoSec that wasn’t showcasing a new AI model, AI feature, or AI tool – and its set to stay that way.
“Although they’re very complex in terms of the firmware that’s on there and the encryption, they’re dumb storage devices. They have no artificial intelligence,” Fielding assures.
And that’s not a space that Apricorn is looking to move into, Fielding says. Hardware, software-free, simple solutions are the focus for now and for the future.
“Now, it’s all well and good to put your data in the cloud and there’s good reason for it. It used to be cheap, not so cheap now, but it’s easily accessible. But we’re not trying to compete with the cloud.”
