Ë
By Mariann Utrosa • September 18, 2018

Storing Data In Multiple States

storing data in multiple statesData is in more places than ever before and cyber criminals tend to lurk in dark places, not often making their interests obvious or their presence visible.

Whether from insider threats or outsider attacks, a layered data security solution is critical since many traditional perimeter-based data protection mechanisms have been proven to fail when employed alone.

Data in Transit and Data at Rest are both described within security best practices which suggest encrypting such files, but what about their mutual and often overlooked counterpart: Data in Use?

Data in Use is essentially any data in computer memory or any similar form of active data while it works through an IT infrastructure.  It is any data in the process of being generated, in the midst of an updating or amending process, being viewed through various endpoints or even being deleted or erased.  It is not explicitly static nor travelling, but measurable and real. Because of its tangible yet transient nature, Data in Use has recently been recognized as an increasing security concern for businesses and their information assets.

In today’s business landscape, more and more employees are telecommuting or working from home.  The initial or most basic data security steps include: identifying which data is sensitive and requires privacy, setting up user access rights for whomever will access secure data, considering where such data will be accessed, and setting out corporate policies and procedures for controlling secure access.

Security ought to be applied throughout all three data states, but securing Data In Use presents unique technical and logical challenges while begging the question: “Can data ever be secure while end users have access to it?”

Data in Use encounters different vulnerabilities depending on where it is exposed in a given IT Infrastructure or environment and most commonly, end-points are among the biggest exposure threats.  Since the prevalence of recent “Bring your own device” trends where an employee will use a personal device to access protected data, companies need to be cognisant of how end users are viewing or working with secure or sensitive data from public or otherwise insecure locations.

As far as successful techniques go, data encryption has been proven as a reliable and effective tool for protecting sensitive data.  Just like with perimeter-based protection, however, using strong encryption alone is no silver bullet and cannot be expected to stop cyber-criminals or safeguard your information assets.  The strongest and most secure encryption tools and standards are publicly scrutinized … but they are therefore also publicly available to any hackers who would want to search for and / or find a hole they can exploit.

Encryption in and of itself is really just a means of synergising and enhancing other security practices, and the debate about just how reliably Data in Use can be secured is ongoing.  Developing, maintaining and enforcing policies and procedures for end users while using strong encryption techniques throughout the full data lifecycle and using a layered security approach is the only way to truly elevate data security and protect your information.

Enter DataStealth

 

The DataStealth Solution

 

DataStealth is a platform that combines your organization's privacy, regulatory, compliance and other standards and requirements, with our suite of tokenization, de-identification and encryption options. We create an easily configurable and flexible data protection policy that is applied to data and documents passing through DataStealth.

DataStealth inspects network traffic, identifies data that should be protected by the data protection policy, extracts the identified data in real-time, and replaces the original data with a ‘smart’ placeholder value. The real information can be injected back into the data stream later, but only for authorized users and for authorized use cases.

Instead of trying to block unauthorized access, or deploying alert/monitor solutions that tell you after an intrusion has already occurred, DataStealth takes a more proactive approach. DataStealth removes sensitive data BEFORE it lands in an environment so that if that environment were to ever be breached, there would be no sensitive data to steal. As we like to say, intruders cannot steal what is not there.

 Tell Me More