Security for Security: Why its important to use Encryption-In-Use for security data
According to IDC, by the year 2025, we will have over 175 Zettabytes of data. Given that we were at only 29 ZB in 2018, this represents a massive growth rate of 66% each year. As organizations have been dealing with this data explosion, a large number of issues have come to the surface. Several of these issues pertain to the proper storage and handling of certain types of data. By formalizing the definition of Personally Identifying Information (PII), the National Institute of Standards and Technology (NIST), has made it easy for organizations to have a common understanding of the categories of data that ought to be prioritized as well as frameworks and controls that should be utilized to protect them. Until recently, adopting these standards has been a reasonably effective security strategy.
In the last year, however, the industry has witnessed an alarming increase in both the frequency as well as the ferocity of cyberattacks. One of the critical factors that has contributed to attackers’ success has been a deliberate shift from targeting PII data directly, to targeting data about the systems that protect that valuable PII data. So, while CISOs and DPOs are busy implementing NIST controls on everything thats classified as PII, data about enterprise networks, asset configurations, unpatched vulnerabilities, active investigations, and other security analytics do not receive the same level of protection.
When large data stores holding user identities or credentials get compromised, it sets off a string of future breaches, since every compromised credential can potentially be used to target other systems. This results in a growing snowball of related data breaches that have far more damaging consequences than a single data breach that does not involve user identities or credentials. We have learned this the hard way, and as an industry, we work very hard to safeguard identity and credential data.
Compromised security data has a similar, if not larger impact. Attackers with prior knowledge of unpatched vulnerabilities in a given enterprise can and will go to great lengths to exploit them. A compromised data store housing this type of data for thousands of organizations can be the source of crippling attacks across the industry. In recent weeks we have seen the impact of compromises in the software supply chain. It has been rough. Compromised security data, however, can create problems equally large in scale and scope, since it provides a map for bad actors to replicate such attacks across the industry. We must turn our attention to securing security data.
Now comes the hard part. In order for security data to be useful, it needs to be actively utilized. How can we make security data available for use while still protecting it at the same time? Attackers with valid credentials are a tough adversary since they are virtually impossible to distinguish from legitimate users. This means that in addition to protecting security data at rest and in transit, it is now critically important to secure this data while it is in use. This is where Titaniam’s High-Performance Encryption-in-use platform can help.
Titaniam’s platform includes the ability to index, search, analyze, and aggregate encrypted data without decryption. This means that sensitive data remains encrypted at all times, including when it is in memory, in a reverse index, or in query results. When data is released from the encrypted process it can be sent out in one of nine privacy preserving formats including traditional and format preserving encrypted, tokenzied, masked, redacted etc. With Titaniam in place, valuable data such as unpatched vulnerability information, never needs to be in clear text, regardless of whether it is accessed with valid credentials. Clear text data is certainly not available with direct access to the host but also not yielded with logical access to the data store or application. Clear text data can be computed when absolutely necessary, but it is never persisted. With transparent functioning of queries as well as analytics, the Titaniam platform can significantly reduce the surface of data compromise. This level of data protection can help several industries such as financial services, healthcare, government, and critical infrastructure both from a security as well as privacy compliance standpoint. For the purposes of this discussion though, when applied to security data, this can be a meaningful step towards reducing future compromises.
Security data is the new treasure that attackers are after. We need to prioritize its protection. Titaniam can help. http://titaniam.io Email to: info@titaniam.io
