Thales Blog

Enterprise Encryption: Enabling Velocity And Profitability

September 1, 2015

Enabling velocity and profitabilityIf you’re running a business, there’s a good chance you’re focused on reaching certain end goals. Two of those goals likely include both velocity and profitability.

The Oxford Dictionary defines velocity as “the speed of something in a given direction” and profitability as “the degree to which a business or activity yields profit or financial gain.” Generally, the former – in some capacity, regardless of the industry – is necessary to achieve the latter.

I bring this up not to give you a vocabulary lesson, but because these are two adjectives that tend to pop into my head when I think about enterprise encryption – especially effective enterprise encryption. If you can’t say the same I understand; after all, encryption is typically most closely associated with concepts like data security, compliance, data breach prevention and insider threats.

ClickToTweet: Enterprise Encryption - Enabling Velocity and Profitability @kessalan

In fact, our recent encryption survey conducted in tandem with IANS revealed the top reasons for encrypting data included are as follows: preventing data breaches (66%), fulfilling compliance or audit mandates (54%) and protection of financial and other assets (53%).

Understandably (one need only look to OPM and Ashley Madison), security professionals are increasingly concerned with protecting sensitive data. Overwhelmingly, our survey respondents said they’re contending with moving into the cloud and outsourced service models, while simultaneously combating resourceful attackers looking to compromise data from core systems.

Over half (54%) said their top challenge when implementing encryption is legacy technology and support for encryption. Other roadblocks include the cost of encryption technology (52%) and worries about performance impacts (44%). But interestingly, and in spite of these pain points, a whopping 84% of respondents have considered a security strategy of “encrypt everything,” i.e. encrypting all sensitive data. There are a few reasons as to why this is the case, and we don’t believe they all have to do with simply protecting data.

Security as a Business Enabler

Beyond addressing specific and advanced security threats, encryption also does the following:

  • It helps reduce compliance scope for many businesses, which turns into an immediate business advantage (especially when using a cryptographic technology called "tokenization)
  • Modern encryption solutions – such as those with access controls and access monitoring – enable organizations to not only safeguard traditional applications, but also to take advantage of cloud, SaaS services, IoT and big data without incurring new risks to data. By leveraging these business models, organizations benefit from the flexibility and cost savings inherent in these environments without risk to the bottom line

Let me expand just a bit. When it comes to compliance rules and regulations, many organizations storing sensitive personal data fall under the scope of compliance laws. Traditionally, these organizations have used point solutions to patch holes in data security compliance requirements – but this strategy is becoming increasingly expensive and difficult to support.

Solutions like Vormetric’s Data Security Platform are a “one stop shop” platform that offer data-at-rest using encryption, enterprise key management, access control and security intelligence – thus negating the need for coordinating multiple and disparate products. Concurrently, the tokenization capabilities available with the Platform make it easy to use replace sensitive information within databases fields with unique "tokens" that represent the original data, but keep the sensitive information outside production environments. One example, by leveraging Vormetric Tokenization, organizations can reduce the size of the cardholder data environment (CDE) by exchanging cardholder data, like the primary account number (PAN), with a format-preserving token. The result is that databases, networks, and other systems that once held cardholder data can be removed from PCI DSS scope. By reducing the number of systems that need to be audited through self-assessment or a QSA, organizations can significantly reduce compliance costs and efforts.

In the case of new services models (cloud, SaaS, IoT, big data, etc.), encryption allows businesses to reap the benefits of modern technology. At this point, we all know the selling points of each so there’s no need to reiterate them here. What we’re much less sure of is when, where and why these infrastructures will introduce security vulnerabilities. But by creating data that is essentially useless unless you have the encryption key, and limiting access to the encryption key to your organization, encryption makes it exponentially more challenging for the “bad guys” to cause financial, reputational and legal harm.  With properly implemented encryption solutions, the risks of using these new technologies are minimized, and organizations that would otherwise be unable to make use of them can do so.

A Road Paved with Pain or Promise? Jury’s Out

We like to think the vast majority of businesses have gotten on on-board with the notion of encryption as a business enabler, and the IANS survey certainly indicates a positive movement is afoot. But, education is still necessary (sometimes in the form of breaches; being composed of humans, businesses generally need to make mistakes in order to learn lessons).

In certain corners, security is still seen as a business burden. Although recent hacks and data breaches are changing this perception, today’s CSO and CIO still struggles to trust and defend that investment. Few C-suite executives see it as more than a means of simply protecting their organization from threats. Equally, many still battle with understanding what solutions are most effective and suitable to their needs. The one certainty, however, is that data has never needed more protection. Need some convincing? Well for starters, the Identity Theft Resource Center has tracked 519 breaches so far in 2015 (as of August 25th).

Our Stance

Here at Vormetric, we believe encryption is a critical driver of lower operational costs (profitability) as well as the rapid development of new services and offerings for competitive advantage and market expansion (velocity and profitability). For further proof points, I suggest you look to our customer success page. In the meantime, a sampling of the feedback we’ve received:

  • The system is a core part of our business – we bill per ticket – so any impact on our ability to perform is a big deal. Vormetric encryption more than lives up to expectations and enables me to focus on the more demanding aspects of my role (Fujitsu)
  • For us, the protection we now have is definitely worth the investment. By comparison, a single fine for failing to be HIPAA compliant would be much greater per occurrence than our total investment to date. With Vormetric Encryption, it’s so nice to be able to set-it-and-forget-it and be assured of our compliance (Delta Dental)

Encryption is much more than a security technology; in many instances, it is a business lifesaver. So ask yourself: what are your end goals?