What If They Were Paper Files? A Data Protection Journey to the Past
Cybersecurity isn’t the easiest thing in the world to visualize. Since we don’t actually see information as it travels across networks or is written to disks, it can be difficult to picture exactly what needs to happen in order to keep data safe.
So just for fun, we’re going to do a bit of time travel to see what today’s data protection concepts would look like if they were applied to paper files instead of digital ones. We don’t need to go back too far—40 years will do the trick—to arrive at a time when the vast majority of information was still being created and stored on paper.
Imagine, if you will, that it’s 1978. Most large companies are already using computers to perform certain tasks, and early adopters are beginning to buy personal computers like the TRS-80 and Apple II. The majority of workers, however, still do their work on paper, and that’s what you’ll be doing today after your $1.75 taxi ride to the company headquarters.
Perimeter and device protection
As you step through the revolving door and into the lobby, you’re greeted by a security guard who asks to see your company ID. Think of him as the 1978 version of a firewall. He’s good at what he does, but he’s not the most sophisticated guy in the world, and sometimes he gets fooled by fake credentials. He also can’t be everywhere at once, so there’s no guarantee that people aren’t sneaking into the building through other doors while he’s on the job. Luckily, he’s not your company’s only line of defense, as we’ll see later on.
Having passed by the security guard, you take the elevator up a few floors to your department. You stop in the break room to pour a cup of coffee and then make your way to your desk. This desk, of course, is where you store the files you’re working on and the work you’ve already completed, along with some personal documents, photos, and assorted knick-knacks. Forty years later, when everything is different, the functional equivalent of your desk top will be called your "desktop," or perhaps your "laptop" or "tablet."
Your desk, by the way, is bolted to the floor. This is an extra security measure your company has taken, in case someone ever tries to steal your desk, along with the important documents sitting inside it. It’s not a very likely scenario, but it doesn’t hurt to take the precaution, just as it doesn’t hurt to install full-disk encryption on your computer in 2018, in case someone tries to access your files by removing your hard drive.
File system security
This morning (in 1978, that is) you need a file from your department’s file room, so you walk down the hall after finishing your coffee and glancing through the morning’s memos. The file room, as you may already have guessed, is our stand-in for a 21st-century file server, and the lock on the file room door is the equivalent of the transparent data encryption many organizations use to protect their servers.
With a lock on the door, only people who have a key can get into the file room (today we call that "user based access controls"), but once you find your file and take it out of the room, that lock on the door makes no difference at all. You can take the file home in your briefcase, make a copy on the Xerox machine, drop it in an interoffice mail envelope, or even send it to someone with the facsimile machine on the fourth floor, and the information will be available to anyone who happens to pick the file up.
Transparent data encryption has exactly the same limitations. It protects data only at rest, and only in the location where TDE is installed. When files are shared or copied in other locations, it’s like they were never protected at all.
What if that’s not acceptable? What if you need to be sure that no one but authorized employees can ever read a file, no matter if you make copies, send it to another office, or even leave it behind on the subway when you go home?
Persistent data protection
Here’s where our analogy needs to take a turn, because there’s no paper-file equivalent to the solution—persistent data encryption—that’s available to companies in the digital age. The best we can do is imagine that each file in your 1970’s file room, each file on your desk top, any file anywhere in the building that happens to contain sensitive information, is secured inside its own locked file box, and stays in that box no matter where it goes. That’s how PKWARE’s Smartcrypt protects sensitive data for the banks, government agencies, and other organizations that use it today.
What does that look like in 1978? When you take a file out of the file room, the file stays inside its box, and you can only open it if you have the right key. When you send a file to another department, no one can take it off the mail cart and read the contents, unless they have a key to the box. When you put the file in the Xerox machine and ask for ten copies, ten locked file boxes pop out at the other end.
And what happens when someone sneaks past the security guard in the lobby and steals a file somewhere in the building? There’s no need to worry. No matter what tools the thieves have, no matter how long they try, they’ll never be able to break into the box and read its contents. The locks will stand up to billions of years of attacks, thanks to the paper-file equivalent of AES-256 encryption.
It’s not magic, it just looks that way
Persistent protection sounds great, you may be thinking, but you’re concerned that you and your co-workers would spend all your time opening boxes and exchanging keys with each other, or that all those file boxes would be too big and heavy to deal with every day.
We’ll need to resort to science fiction in order for our fictional 1978 office to keep up with real-life 2018 technology. So imagine that your company’s file boxes are actually lighter and thinner than the files contained inside—that you can fit more file boxes in your briefcase than you could fit unlocked files. It’s hard to picture, but that’s exactly what Smartcrypt does, by compressing files before encrypting them.
As for opening file boxes and exchanging keys? That’s all handled for you. The right key automatically selects itself from your key ring and opens each box for you, provided of course that you’re authorized to read the files inside. And your company’s security managers can make keys appear and disappear at will, so that only the right employees have access to a given file. In 1978, that level of control would only be possible through the Force, but today, the Smartcrypt Enterprise Manager makes it all possible.
And we’re back
These polyester suits are starting to get uncomfortable, so it’s time to leave 1978 in the past where it belongs. We hope you’ve gained something from this little journey, even if only a renewed appreciation for smoke-free workplaces. If you’d like to learn more about PKWARE’s Smartcrypt platform and the benefits of persistent data protection, contact us today—no rotary phone required!