Thales Blog

Losing Count Of Data Breaches…

June 4, 2014

In case you missed it, last week CNNMoney and the Ponemon Institute announced the release of a study that revealed a startling 432 million US accounts have been hacked in the past year. In what is an eye-watering read, customers of Target, Adobe, eBay, Snapchat, Michaels and Neiman Marcus make up the numbers.

Here in the UK, data breaches were reported this month at footwear chain, Office and music streaming giant, Spotify, serving as further proof that retailers and internet firms remain fixed in the eye of hackers. With 153 sites globally, I found it particularly interesting to see Office’s CEO Brian McCluskey out in front of the media once the breach was reported – it’s clear the protracted fallout around the Target breach and subsequent reputational damage has had ripples at the top of the boardroom. From a data security standpoint, though, what’s important to note is that with the majority of these attacks there is a link right back to the unprotected sensitive information at the database level.

At Vormetric we’ve always maintained that encryption is the most steadfast way you can protect what matters to you most – your data. However, judging by my conversations with customers there remains some confusion around how encryption works and how it can be implemented. There seems to be a lingering sense that encryption is like a fixed, immovable safe; where you can simply lock up your important assets and walk away. While this sounds good and sensible for tangible, perishable assets like fine art works or jewellery, it’s a different story when it comes to securing data – that is amorphous by nature. At the end of the day, for a business to operate normally people must still be able to access data. Here we reach the crux of the matter: businesses need a data security solution that ensures only their vetted and authorised personnel are allowed to access allocated data reserves as and when they need to, and not without the security monitors knowing about it. It is often the case that organisations find that their data is accessible too broadly. Only then can a company processing or caring for valuable client data avoid falling into a hacker’s line of fire, and subsequently in the midst of a media circus.

This is where our award-winning data protection solution steps in; our transparent encryption architecture not only offers the capability to encrypt data in the most classical sense but it is also designed to facilitate easy, dynamic access to secured data for those who need it. It does this through granular policy capabilities; here, policy is crafted based on a philosophy of granting access to trusted users on their “need to know” basis. Not only does this approach ease the security process, it ultimately adds value because it safeguards productivity, enabling people to get on with their jobs without compromising the information they touch.

To wrap up, at Vormetric we advise our customers to encrypt all database-level data, including unstructured data that flows into and out of the database. While financial records have traditionally and understandably been put behind tougher security defences in the past, the nature of the personal information being increasingly hijacked points to the inevitable creation of APT-style attacks. Indeed, it is information like emails, addresses and dates of birth that offer essential fodder for hackers to launch more insidious attacks. Time to break the cycle? Get in touch.