In 2008, Heartland Payment Systems experienced one of the biggest data breaches in the world at that time. The intruder went undetected until months after he first accessed Heartland Payment Systems’ data. Even though Heartland was compliant with the security standards set by the PCI Security Standards Council, a firewall wasn’t enough. Bob Carr, Heartland’s CEO at the time, stated that the lesson he learned was that every system worth breaching would eventually be breached.
The answer was not to just make infrastructure more difficult to breach, but to incorporate foolproof data encryption so that the “successful” intruder would end up with undecipherable gibberish instead of valuable data. Carr also pointed out that it was equally important to encrypt not just data-at-rest, but also data-in-motion (for instance, credit card data at point of purchase). Given the sensitivity of (and growing volume of) information stored in big data repositories, the consequences of any intrusion would no doubt be much worse, and mitigation much more difficult, had this breach happened today.
Encryption solutions vary from supplier to supplier. Some require the use of proprietary hardware. This means you will be locked into that vendor’s solution, limiting your deployment options and negotiating power with the vendor. Others require that you replicate your data on a separate server in order to do the encryption and then redeploy in the production environment. This is extremely disruptive and time-intensive. It also requires significant IT resources. This introduces greater possibilities for human error. Choose a solution that encrypts the data where it exists so you do not have to duplicate your data.
There’s also the issue of scalability. As the volume of your data expands, will your encryption solution easily expand with it? Or will you have to go through a painful process every time your customer base or data volume grows? And what if you expand through acquisition? How easy will it be to maintain any investment protection in a disparate systems environment?
Your data encryption solution needs to address all of these concerns.
The Organization for the Advancement of Structured Information Standards (OASIS) was established in 1993. Its purpose was to advance the interoperability of solutions and systems from different vendors. Since then, the organization has expanded into the data security arena. However, its mission is still the same: to advance interoperability. For this reason, to ensure that your data encryption solutions maintain the highest levels of security and interoperability, they should conform to the OASIS KMIP (Key Management Interoperability Protocol) and Public-Key Cryptography Standards (PKCS) #11. Ignoring these standards risks making your enterprise’s encryption method a round peg trying to fit into a square hole.
Wrong! Even if you do all the above, you may still harbor vulnerabilities if you don’t do your part. The infamous Target breach was triggered by an employee of one of Target’s suppliers, who fell for a phishing scheme and gave the intruders access to Target’s supplier portal. The Heartland breach was simply not detected by the company’s systems and security team until months after it had occurred. Security begins with your systems — but ends with your employees. Therefore, there are steps you can and must take to ensure that your data environment safe:
Zettaset’s BDEncrypt solution meets the OASIS interoperability standards discussed in this post. Easy to deploy, scalable, and as economical as it is effective, BDEncrypt is compatible with virtually every database and file system. And Zettaset makes it easy to test drive BDEncrypt. You don’t have to think like a hacker to defeat a hacker. Zettaset has done it for you.