Whenever there’s a major data breach one of the first things everyone asks is, “Was the data encrypted?” This is a very natural question to ask because since the 1970s encryption has evolved in line with computing power and technology to offer relatively strong protection against brute force attacks. If given a choice between having your data protected with encryption or leaving it unprotected entirely, almost everyone would choose encryption. But is it really that simple?
In this four-part blog series, we dispel several cloud security myths and provide facts that will help you implement the right strategy and technology to keep your organization’s data secure in the cloud. In this second installment, we address whether encryption is the all-around best method for protecting sensitive data in the cloud:
Myth #2: Strong encryption is the best security for data.
Fact: Encryption is only effective if well controlled. The best encryption is fine-grained with fragmenting abilities to decrypt individual sensitive data fields based on user roles.
Encryption is generally applied at a broad level when an entire system, database, or physical drive is encrypted. This is not unusual, and is not bad practice, but it’s like storing everything valuable in one safe or vault and relying on a single secure lock. It’s only as secure as that one lock, so if the key gets lost or stolen, then suddenly all your cash and valuables are gone. Even when encryption keys are very strong, their weakness is often human – breaches all too often involve insiders, or bad guys on the outside getting hold of the IDs and passwords of privileged users and key holders. These are obtained via trickery, manipulation, or exploiting carelessness; the causes are many and varied. The reality is that bad guys will keep attacking, keep trying, and searching out these weaknesses and vulnerabilities.
Encryption can also lack versatility, as it changes the appearance and increases the size of the original data. Applications and databases must be able to read specific data type and length in order to accept it so, if data types and lengths are incompatible with systems, they will effectively break.
Using encryption to provide only coarse-grained protection does not provide the risk mitigation to respond to today’s internal and external threats. For these situations, two principals make sense for your business to adopt: (1) Segregation of duties argues that those that can see data should not be able to create access rules, and (2) least privileged access which holds that business users should only see sensitive data needed to perform their job.
Thieves want data like email addresses, names, credit card, bank account, and Social Security numbers. This high value, detailed data is what needs most careful protection so it’s better for organizations to implement fine-grained protection for each item to ensure a name, an address, or an account number is individually protected — lots of locks to protect the data.
You can use locks like encryption, so the output is meaningless code, or you can tokenize, to swap real information for a similar but fake value. The thief thinks it’s a credit card number, because it’s a 16-digit number, with a month/year expiry and a secure code – but this is all fake, cleverly substituted in your database. This means that whatever the nature of a security compromise, the risk to sensitive data is minimized. And when real, authorized users need real data, the tokenized or encrypted values are individually converted, and seamlessly returned for analytics or decision making. Your business can make full use of its data, confident that your customers and your brand are protected.
While some operating systems such as Windows or Linux now provide simpler privilege management for access controls, they are not an ideal overall solution for large, complicated organization structures that span both on-premise and cloud systems. The “all-or-nothing” security of access controls can create numerous problems in day to day operations, including roadblocks to benign data that happens to be stored next to highly sensitive data or granting unnecessary privileges beyond what the user actually needs to do their job.
One solution to this problem is utilizing fine-grained data security via encryption, tokenization, or masking. Applying security to the data itself and controlling access allows for a wider range of authority options. Users without privileges to access sensitive data can still access non-sensitive data to perform job functions, even in files or tables that contain a mixture of both. More flexible options, such as some forms of masking or tokenization, can also provide different levels of security that expose certain parts of sensitive data without revealing it completely, preserving valuable processing and analytic integrity.
These fine-grained data security options require proper privilege management and step one in this process is usually assigning a security-specific role or team in the organization – isolating security policy administration to a security team provides a separation of duties between users and system administrators from security privilege assignments. The security team must develop a comprehensive data security policy, to be centrally managed and administrated across the enterprise and in the cloud, in line with the needs and expectations of the operations of the business, and the roles contained therein.
While access controls remain an integral function in data security and privilege management, organizations need to hone down to the data itself to avoid either inhibiting business processes or opening the door to a data breach. When companies de-identify their data via fine-grained data security, they can:
Stay tuned for future blogs in which we will present additional cloud security myths and provide facts that will help you keep your most sensitive data secure as you move more of it to the cloud. In the meantime, you can learn more about Protegrity Cloud Solutions here.