In the modern information landscape, between cloud, mobile and traditional (static) repositories, data has become far more accessible than ever before. This convenience comes at a cost, though, because any technology or mechanism that makes your own data more available might also make it easier for a criminal or hacker to target and steal.
Encryption is a powerful and effective tool for protecting data even if it has been stolen because it can help to mitigate the risks that come with enhanced access. Since data is arguably the most valuable asset of all, and because the systems we use to store and distribute our data are assailable … it’s important to remember that unintentional data or information disclosure typically results in lost integrity, a damaged reputation and reduced customer loyalty. Despite common misconceptions about many security strategies, simply using encryption is not a stand-alone security solution. As a technique, it is only reliable when it overlaps with other, complementary security tools and practices.
After data has been encrypted, a ‘key’ is generated and becomes the only means for decrypting and / or extracting the protected data. Keys will grant access to valuable information assets so the encryption keys themselves are often just as sensitive and valuable as the data they protect. Some organizations use extra-encrypted ‘key-encryption-keys’ which are held to higher standards and complexity to add yet another layer to their security solution.
Regardless of how many encryption tiers are employed, however, keys must be managed effectively to fully realize their benefit. Surprisingly common mistakes like storing encryption keys on the same server as the data they protect or sharing keys with a cloud provider is no different than locking your front door and all your windows, but leaving the keys in the door. Hackers don’t need our help. Today, they are among the most sophisticated, skilled and disciplined computer programmers in the world. To become proficient in their ‘trade’ many hackers have studied and honed their talents so thoroughly that they are just as capable as the most savvy security gurus in the industry.
It’s important to remember that security authorities only ‘discover’ vulnerabilities exist after the fact and patch them. Most often, the hackers already knew about the vulnerabilities and had been exploiting them … undetected … for years. A blog post written by Gizmo freeware tells of a few inconvenient facts about why encryption is not enough, including:
- Encryption programs can have a secret back door which are often easily discovered by hackers.
- Operating Systems are messy and can leave data trails behind, describing what you accessed or processed.
- Some encryption programs encrypt and decrypt to a clear-text file and while most will delete the file on close, it may not securely purge the file or make it unrecoverable.
- With ZIP compression files, unless a user can create, open and save files directly within the encrypted archive, a clear-text version of the files can be left behind on the host computer. Users must purge (not just delete) those working files to make them unrecoverable.
Recently there was a public debate between NSA Whistleblower Edward Snowden and CNN’s Fareed Zakaria, where Snowden says: “Encryption is not an unbreakable wall [...] Or if it is, it is one we can get around, if we are patient, if we are careful, if we think and plan how to go about our investigations.”
No single tool or process, including encryption, can provide security. It is shortsighted to assume or even hope that your data will not be stolen. Encrypting your data and adding additional, peripheral and tiered tools and processes will help keep your data safer, longer even if it is stolen … but you need a solution like DataStealth to raise the bar as high as possible..
Find out how to add an additional layer, uplift and enhance your data security or how you can use DataStealth to obfuscate your data without using encryption, or having to deal with encryption keys.
Watch the video, learn more. DataStealth in 60 seconds.