Time for a new era of "secure breaches"?
It's easy to see why some people think that contemporary network security defenses are obsolete, but what's the alternative?
SafeNet Chief Strategy Officer has an idea of a strategy based on a concept he calls secure breaches. The idea here is that the hoary notion that breaches can be prevented must give way to a more realistic approach, one that acknowledges that data breaches will occur but that aims to minimize the damages.
As buzzwords go, "secure breaches" seems catchy enough. We'll see how long it lasts. As you might guess, the critical technology behind the idea is encryption. Encrypting data renders it useless to the thieves, unless they can somehow break the code.
"But encryption on a massive scale is not simple -- particularly in the area of key management. And it can go very, very wrong if not done correctly. In fact, bad encryption can be more dangerous than the theft of unencrypted data, because it can prevent enterprises from being able to access their data when they need it. The key is to encrypt, but verify that you have control of the keys, and can maintain control as key management requirements scale. Many enterprises today are doing this by adopting best-in-class key management technologies and processes, and in doing so they are able to efficiently use encryption on a massive scale."
I'm still stumped as to why more companies don't encrypt sensitive data. Retail POS data is a great example. Another example that shows how encryption could lead to data security even in the face of a breach comes from the South Carolina Department of Revenue, where hackers recently made off with 3.8 million social security numbers and information on 699,900 businesses, 3.3 million bank accounts and 5,000 credit cards. Unlike similar entities in nearby states, none of the data was encrypted.
- here's the article
South Carolina points finger at lack of encryption