Stop Data Theft with Encryption

By Wasim Ahmed
in

If only we could wave a wand, cast a spell and ensure that our data is safe no matter where it goes. Unfortunately, it’s just not that simple.

For the record, the technology to protect the data certainly exists. In fact, it’s entirely possible that your local financial institution cares about data protection, has security tools and measures in place, and is in compliance with regulatory requirements.

On the flip side, most consumers say they’re not sure their bank or credit card provider or retailer actually safeguards their data. And they have reason to worry. People make mistakes, safety measures break down and evermore ingenious hackers inevitably find ways to compromise the business networks that support these organizations. The spate of data breach disclosures that worried us before has turned into a deluge that threatens to overwhelm the very basis of commerce: consumer trust.

Still, not trusting these companies is not really an option. The databases, applications, reports and emails that harness your private data have been in place for many years and no amount of protest or concern is going to change that. So let’s ask a basic question: Despite companies spending huge amounts of money on security, compliance, process, education and audits, why isn’t our data safe?

One primary culprit is that while technology like encryption is often used to protect data, it’s is rarely used all the time, wherever the data goes. There are major gaps in the process, creating vulnerabilities, or rather opportunities for opportunistic criminals.

Another problem is that compliance regulations and audits often focus on process, rather than data security itself. The industry calls this “end-to-end” encryption, and it’s been an elusive, expensive goal. It’s unquestionably difficult to accomplish; it needs to be applied at every point in the lifecycle of the data, internally and externally. And in the real world, the challenges to getting the keys to unlock this data to the right person at the right time are formidable, and require exceptional scalability.

One more challenge to add to the pile: while encryption is supposed to make it difficult for people to see the data, the people that are actually allowed to see the data are not necessarily security experts. Encryption systems are notorious for being hard on the end-users who are supposed to be able to unlock the data. Too many certificates, too many clicks, too many changes on a day-to-day basis, too many steps painstakingly outlined in a mandatory-viewing 30-minute Web video—it’s a nightmare for even IT professionals. Now imagine scaling that to hundreds of thousands of users who don’t speak geek, and don’t want to learn.

Encryption can help—end-to-end encryption, that is. You have to choose a system that is right for you, perhaps one that other companies similar in size use, or perhaps one that scales to hundreds of thousands of users (or even one that scales to just 20). Consider an encryption system that is also available as a service (part of SaaS, or software-as-a-service).

This solution is typically a lot cheaper to implement and manage. At the same time, consider how using a SaaS solution together with your own on-premise solution can help streamline the transmission of encrypted data to your business partners and customers—you get all the benefits without having to run the infrastructure. Hybrid SaaS/on-premise systems are the way in which most challenges to protecting data can and will be overcome by companies of all sizes. So pick an encryption solution that offers both.

About Wasim Ahmad

Wasim Ahmad, Vice President, Voltage Security, has extensive experience in enterprise software, application development, business intelligence, security and compliance. As VP at Voltage, he’s focused on information protection innovation and market strategy. Earlier, as VP of strategy and marketing at CA, he was responsible for defining and executing business portfolio strategies, mergers and acquisitions, and associated initiatives. He previously held senior management roles at Sterling Software and Synon. Ahmad has a B.Sc. in Physics from the University of Sussex, England, and currently resides in San Francisco.

Published March 31, 2009