The Age of Encryption Has Arrived
In the life of every important technology, there’s a tipping point—a moment when the technology ceases to be a niche product or an emerging concept and becomes a part of everyday life. For mobile phones, to choose an obvious example, that moment came almost twenty years ago. For cloud computing, it was perhaps five years ago. For encryption, it’s happening now.
Encryption, as a concept, is far older than mobile phones, or cloud computing, or any of a dozen other innovations that have reshaped our world in recent years. Primitive forms of encryption were in use centuries ago, and relatively advanced methods had been developed by World War II. Even AES encryption, the strongest and most widely-accepted form of data encryption today, is closing in on its 20th birthday as the US government’s official standard.
Despite its long history, encryption has always existed outside the mainstream of public and private-sector computing. It’s been used to address specific functional needs or to meet certain regulatory requirements, but has rarely been viewed as a must-have security element like firewalls or antivirus protection.
With large-scale data breaches happening on a regular basis, and more and more sensitive information being generated each day, data security has become an immediate concern for consumers, government regulators, and corporate boards. Encryption—when done right—is the only technology that holds the promise of keeping sensitive data safe from hackers, spies, and other threats in the long term.
The shift toward encryption can been seen in the law, in the media, and in reports from cybersecurity analysts and consultants. Several new regulations, including Europe's GDPR and New York's cybersecurity law for financial services companies, specifically call for the use of encryption to protect sensitive information. The most recent Ponemon Institute report on global encryption trends showed that nearly half the surveyed companies had enterprise-wide encryption strategies, up from only fifteen percent a decade ago.
These trends are sure to continue as the cost of not encrypting—in dollars and in bad PR— continues to increase.
Persistent protection is the answer...
Most large organizations are already using some form of encryption today. Some use full disk encryption as a safeguard against the physical theft of drives or devices. Others use transparent data encryption to limit access to databases, or use network layer encryption to secure data as it travels within the organization's infrastructure. These approaches are good as far as they go, but they don't go very far. Like most other types of encryption, they address only certain locations or use cases and leave gaps on either end. Those gaps, of course, are where breaches happen.
Effective encryption is persistent encryption that travels with the data itself, rather than protecting data only for a short segment of its lifecycle. When information is secured with persistent encryption, it can be shared and copied anywhere inside or outside a company's network while remaining inaccessible to unauthorized users.
The problem with persistent encryption, at least in the past, was that it was very difficult to implement and manage. Encryption keys were hard to share and change, and the encryption process itself was disruptive and resource-intensive. So most organizations—even those who wanted to encrypt—had to settle for incomplete solutions.
...and now its time has come
When a data breach happens, customers are only interested in the fact that their personal information was left unprotected. They don't want to hear that the breached company had other IT priorities, or that encryption wasn't easy to implement, or even that the data was encrypted somewhere else in the organization. The only thing that matters is that their financial information, personal details, or other sensitive data was left in the clear where it could be lost or stolen.
Government regulators and politicians are taking the same view. In last year's Senate hearings on the Equifax breach, many questions revolved around Equifax's failure to encrypt the highly sensitive information they collected and sold, the responses to which made the company look even worse. Organizations that want to avoid the same treatment need to understand that widescale encryption is no longer optional. It has become a prerequisite for earning consumer trust and doing business in the digital age.
Fortunately, as the need for encryption reaches its critical point, new innovations are making it easier to implement and manage persistent encryption on an enterprise-wide scale.
PKWARE's Smartcrypt is leading the way by solving the challenges that kept many organizations from adopting encryption in the past. Smartkey technology eliminates the complexity of encryption key management, while Smartcrypt's ability to incorporate data discovery and data classification functionality makes the process intuitive and nearly automatic for end users. Financial institutions, government contractors, and many other organizations have chosen Smartcrypt as their solution for the cybersecurity challenges of today and tomorrow.
In the Age of Encryption, data is either protected, or it's destined to fall into the wrong hands. Cyber threats have become too widespread and too powerful to leave any room for hope that unencrypted data will somehow remain safe. If your organization isn't encrypting all of its sensitive data, wherever it's saved or shared, the day to take action is today.