As more and more sensitive data becomes compromised, cyber-crime presents not just an ever-growing threat to the economy, but also to citizens' fundamental rights – this is according to the European Commission.
Added just last week to this debate about citizen's rights is also a new report from the U.N.'s David Kay that includes a focus on the fact that backdoors to encryption can’t be effectively limited to government’s use, but will inevitably be compromised by those with the right skills or connections. It’s great to see this positive statement from the U.N. that upholds privacy and free speech for individuals as well as security for business. I applaud the report, but it fails to mention one essential point – serious bad actors will be able to stay safe even if backdoors are added to every commercial solution. The fact is that encryption algorithms and open source libraries are freely available today throughout the web. It only takes moderate development talent to use these tools to create one-off secure data storage and communications capabilities.
We should just admit that encryption backdoors are a bad idea, that the encryption genie is out of the bottle, and it isn’t going back in.
Another data point - last weeks breach at the U.S. Internal Revenue Service (IRS). Previously stolen private Social Security numbers and personal information were used to steal millions by way of fraudulent returns. This is a good example of the way that all of that compromised data from previous breaches will continue to haunt citizen's world wide for years after the actual compromise.
All of this leads to difficult decisions for many business leaders. Cloud, IoT and Big Data are highly exciting, potentially game changing tools for organizations - but come with additional risks to this same sensitive data. These leaders must now feel that are faced with the difficult decision to forgo new business models, opportunities, and increased efficiencies, or run the risk of exposing sensitive data to hackers or malicious and reckless insiders through their use.
This need not be the case.
At #Infosec15, my goal is to encourage businesses to start thinking more strategically and creatively about data security. Bear with me: on Wednesday 3rd of June in the Strategy Talks theatre, at 10.40am, I will be hosting a session entitled "Are you seeing a return on your security investments? Security as a Business Enabler" Though the pressure is on to address cyber-security concerns, when it comes to justifying data-security investment, many of today’s executives still struggle to trust and defend that investment. I believe it’s because they still cannot see it as more than a means of simply blocking threats.
Indeed, certain security measures can actually start to transcend the literal defense of data, to become a key supporting pillar for a company’s growth and progression. How? Think about it practically: the cost, efficiency and scale benefits of embracing cloud are undisputed, but the security concerns remain. These concerns are stalling deployment and slowing business development. Ovum research shows that, though 80 percent of enterprises are already using cloud environments, only 54 percent reported storing sensitive information in the cloud.
Business leaders need to stop swimming against the tide. With contact centre operators, development teams, data scientists and other third parties like cloud administrators and supply chain partners increasingly requiring access to sensitive data in order to just get their jobs done, a new approach to security is needed. It begins with managing access.
Does this situation sound familiar? If so, why not drop by booth C140 at this year’s Infosec15 where the EMEA #DefenderOfData team and I will be on hand to discuss all your data security concerns. Recent events have shown, perimeter and desktop defence is simply not working – and it’s not enough to encrypt data in transit or just certain databases – we say that it’s time for an Enterprise Encryption Strategy that enables data to defend itself.
We’d love to hear your thoughts about what you’ll be looking to discuss at Infosec this year, and be sure to come and have a chat at the Vormetric stand from 2nd of June.