“Yeah, our data’s secure, we’ve got in encrypted.”
Great, no worries about your data security then?
Well actually no. Encryption is generally applied at a broad level, an entire system, database, or physical drive is encrypted. This is not unusual, and is not bad practice, but it’s like storing everything valuable in one safe or vault and relying on a single secure lock. It’s only as secure as that one lock, so if the key gets lost or stolen, then suddenly all your cash and valuables are gone.
Encryption keys are very strong, but their weakness is often human – breaches all too often involve insiders, or bad guys on the outside getting hold of the IDs and passwords of privileged users and key holders. These are obtained via trickery, manipulation, or exploiting carelessness; the causes are many and varied. The reality is that bad guys will keep attacking, keep trying, and searching out these weaknesses and vulnerabilities.
Most organisations know they are under constant cyberattack, so they’ve been improving locks and adding security layers like cameras and stronger outer doors that need ID cards and fingerprint recognition – and the digital world has done the same, with extra security like two-factor authentication.
All these layers are good until someone gets through; they’ll still get the money, or in business they’ll get your data. And if you lose your data, it can have a financial and reputational impact that makes consumers wary of doing business with your brand.
Organisations have lots of data. Big data and analytics programmes mean that organisations increasingly value, collect, store and process growing volumes of data. And the bad guys want data of value too; in some cases this is commercial IP, but in most cases it’s private data about individuals, whether customers, employees or contacts at suppliers or partners.
Bad guys want stuff that can easily be sold for cash. If you’ve ever been unfortunate enough to experience a burglary it’s the high value, easily saleable stuff they want – cash, jewellery, small electronics goods – and specialist may take your passport, or credit cards or car keys. But they are unlikely to steal your sofa or your fridge; big and not that valuable at re-sale. Exactly the same applies to data, even in a big-data world. Most data is like your sofa, you’d be lost without it, but it’s unlikely to be of enough value for someone to steal it.
Instead thieves want data like email addresses, names and ID details like National Insurance and Social Security numbers. This high value, detailed data is what needs most careful protection so Protegrity enables organisations to deliver fine-grained protection for each item to ensure a name, an address, or a bank account number is individually protected – lots of locks to protect the data.
We can use locks like encryption, so the output is meaningless code, or we can tokenise, to swap real information for a similar but fake value. The thief thinks it’s a credit card number, because it’s a 16-digit number, with a month/year expiry and a secure code – but this is all fake, cleverly substituted in your database. This means that whatever the nature of a security compromise, the risk to sensitive data is minimised, and Protegrity’s solution is highly performant so when real, authorised users need real data, the tokenised or encrypted values are individually converted, and seamlessly returned for analytics or decision making. Your business can make full use of its data, confident that your customers and your brand are protected.
Find out more about taking a data-centric approach to protecting valuable, private information, in this guide to help data security leaders achieve success in a complex data landscape.