How Implementing Data-Centric Security Can Protect Users — From Themselves

By now, the names of hacking victims over recent years sounds like a Who’s Who of corporations and organisations: Target, Anthem, Premera Blue Cross, the U.S. Office of Personnel Management (OPM), Home Depot, JPMorgan Chase, eBay, Sony…

We can expect more of the same, especially as company leaders place the capability to share (and lose) information in the hands of the lowest common denominator: employees, who increasingly depend upon a blitz of data-centric file/media-sharing devices and apps that cause serious vulnerabilities. Security is viewed as an afterthought and/or a necessary evil, and one that workers readily circumvent to eliminate productivity obstacles, even if the policies and measures are established to save them from themselves. Given this inclination and the inherently risk-inviting structure of the Internet, the way businesses conduct security is broken. The Internet, after all, was never designed to be “safe.” It was designed to share the massive volume of new information that emerges every second: There were 5 exabytes of content created since the beginning of the world and 2003. Just two years ago, 5 exabytes of content were created each day.

Even more troubling, a flawed Internet represents only one-half of the equation here.

Security strategies that focus nearly exclusively upon a “lock down” of the perimeter account for the other half. IT department members order from a “Chinese menu” of firewalls, endpoint protection products, anti-malware solutions, etc., and plug everything in and hope for the best. They try to “defense-in-depth” their way to safeguarding their networks. But detection-based technologies and other traditional responses too often prove unreliable. The situation is analogous to a grandmother who knits a sweater for a loved one. On the surface, the sweater feels warm and comforting. But it’s actually full of holes and imperfections because grandmom – bless her heart – can only do so much to bind the sweater’s strings.

Besides, perimeter-based solutions require manual action which are tedious and labor intensive, making for burdensome monitoring and, ultimately, missed alerts. As a result, IT spends too much time cleaning up after the latest breach-caused “mess” rather than investing in tech that will stop incidents.

As for the answer? It’s contained within the very enterprise “booty” which hackers are after: the data.

Rather than vainly attempt to fortify a perimeter wall, businesses must take a data-centric approach. They have to lock down their networks at the source of attacks, and secure data where it exists. Fortunately, they can do this through “transparent encryption,” an emerging technology which users do not find to be an onerous productivity barrier to avoid. In fact, they perceive it as “easy,” a relative non-factor to “deal with” as they progress through their busy days.

Simply stated, transparent encryption follows the flow of your data (instead of the flow of your network). Through encryption, data is rendered worthless to hackers, as policies and protocols stop them from “sitting” within systems for months, seeking to collect data en masse. Encryption ensures that whoever touches your company’s data and wherever it resides – in the cloud, on a network or as it is shared – stays not only protected, but leaves a clear, identifiable audit trail.

In designing solutions, we at Covata have developed a data-centric approach in the interest of advancing transparent encryption. Unlike your grandmother’s sweater, we “bake together” (as opposed to “knit”) a formula of Key Management + Identity + Policy to augment the holistic quality of your security program, while removing any holes that could expose your data:

  • Key Management designates a unique key for each file with on-device encryption
  • Identity determines who gets the key, verifying that this person has earned permission to access the data
  • Policy imposes authoritative control over the data you’re protecting

Don’t get us wrong: We firmly believe traditional tools still play a key role in cyber security. But through transparent encryption, you set up a virtual safety net, so that when traditional lines of defense fail, your most valuable possession – data – remains untouched.

Let’s be honest. You’re never going to “fix the Internet” when it comes to all the mayhem that comes with it. And attackers are only growing more and more resourceful about exploiting these flaws to sneak inside your gates. But when you combine traditional tools along with the essentials of encryption – Key Management + Identity + Policy – you minimize risks, and your users won’t circumvent what has been implemented to protect them and your data.

October 1, 2015