Join today’s leading executives online at the Data Summit on March 9th. Register here.
This article was contributed by Shaun McBrearty, cofounder of Vaultree.
Cybercrime is rampant, and each year it seems to be getting worse. 2020 was considered a banner year for cybercrime, and then 2021 set a new high. Despite heightened security efforts, data breaches continue to occur and they are becoming more expensive to mitigate. The average cost of a data breach rose 10% to $4.24 million in 2021, according to the 2021 IBM Cost of a Data Breach report, — marking a record since the annual report began.
However, if a data breach occurs, but the leaked data is encrypted, it can’t be used by bad actors. Essentially, cryptography is an internal barrier; if the external barrier is broken, you still have the internal barrier to protect your organization. However, when it comes to security solutions, most efforts still tend to focus more on reactive products than on proactive ones.
Cryptography and encryption offer many advantages, but adoption still isn’t widespread — in large part due to several lingering misconceptions. Let’s examine those misguided ideas, how cryptography fits into the modern enterprise, and how to implement it.
In the context of data security, encryption is the process of converting information into unintelligible text so that it can be stored or transmitted securely. One example is the text messages people send through mobile apps like WhatsApp. In the application itself, users can usually read a statement saying the app offers end-to-end encryption.
This means that when you send a message, it is scrambled, or converted into incomprehensible information. The message leaves the app encrypted (on one end) and, when it reaches the recipient, it is unscrambled. Only at the recipient’s end does the information become readable again. This process prevents a third party not involved in these ends from having access to what was sent.
This is a system that works well. Though modern cryptography employs algorithms and the very latest in math and computer science — making it seem complex — the basic idea remains the same: transform information into something that only those who have the correct “key” will be able to decipher.
Encryption is one of the most fundamental tools to ensure your company’s security. It guarantees that, even if there is an attack on your servers and computers, or even if by human error some information leaks, this information will not be readable by third parties.
What’s hindering the adoption of encryption
Now comes the central question: if encryption and cryptography work so well, why aren’t they being employed more often? For one thing, there needs to be a lot more education about cryptography. Cryptographers typically come from a mathematical background. For software developers to use cryptography, it requires quite a bit of knowledge. The cryptographer solutions are pretty complex for developers, but cryptography solves so many problems in software development that it’s worth the effort to provide developers with more education.
Additionally, scalability is perceived as a barrier to adoption. There’s an idea that when you work with large amounts of data, you’re limited in terms of performance as the volume of data increases. Third, people think cryptography is slow — and that is true for many of these algorithms. So, again, there’s concern about performance. And fourth, people mistakenly believe that you can’t work with fully encrypted data, that data needs to be decrypted before you can use it.
Understanding the next generation of cryptography
In terms of the perceived complexity of cryptography holding back its adoption, it doesn’t have to be so complicated. Cryptography can be broken down into an easily understood process that doesn’t add additional friction for software developers. Some of today’s emerging solutions are being designed in a way that’s far more plug-and-play for developers.
When deploying encryption, you don’t need to sacrifice speed for performance — or vice versa.
Cryptography is a versatile tool that can be used in many different ways. It can be used at different levels of the database. You can have full desk encryption, table-level encryption, column-level encryption and row-level encryption.
There are many different options available. Some are one-touch configurations to set up a certain configuration while others require much more manual effort, and there are different levels of security which are offered as part of that.
It’s true that for many legacy solutions, you sometimes did have to sacrifice some performance to obtain the level of security you needed — but that’s quickly changing with the introduction of new and more advanced methods of encryption.
The idea that you can’t work with fully encrypted data persists, but this is very much a developing area. Technology is now at a point where you can securely process data, too. At the same time, there’s the misconception that fully homomorphic encryption — which allows computations to be performed on data while it is encrypted — is slow, but that’s not always true. Great advances are being made on this front.
A new day in data protection
Attacks on your data aren’t going away any time soon, and the cost to address those attacks is rising. The beauty of cryptography is that it renders data breaches almost inconsequential because criminals can’t make any sense of the data; it’s useless to them. Cryptography might sound complex, but it doesn’t have to be. Next-generation cryptography addresses most of the misconceptions people have and delivers superior data protection. Some solutions are ready to plug into your system and come with many options for deployment. Use this information as an aid to your own encryption journey.
Shaun McBrearty is the cofounder of Vaultree.