We keep hearing from our customers about how critical their data is and how serious they are about protecting it. But they have been wrongly advised (even by some vendors in the industry) that encryption of data at rest provides enough protection for data and many of them are wrongly convinced that for data-in-motion, SSL (for example, HTTPS) is 100% secure and it’s absolutely fine if data goes unencrypted over it! But recent events have shaken this faith that IT has in SSL and even data-at-rest encryption. Last week's bug in AirWatch exposed stored data (aka data-at-rest) without even a bit of it moving! And then there were the recent and frequent vulnerabilities in SSL - ‘Heartbleed’ and ‘POODLE’ - making SSL look like an open book.
It is important that such problems and vulnerabilities are handled not simply by replacing the old SSL software with a new one, but by going to the root of the problem - relying on a technology that can protect data right from its source to its destination and from its cradle to its grave. Such a technology must do encryption of data at source (apart from SSL), decryption only when required and it should not exchange keys during the process of data exchange, not even in a window of hours or days.
Additionally, the technology must offer protection against attacks on the encryption keys or the system itself. When attackers get access to the data, the first thing they try to deduce from it is the kind of information it is. If they discover it as encrypted content, their next goal is to locate the databases or other locations where they could find the encryption keys. The key structures typically also reveal the type of encryption used and a little brute force starts revealing their actual contents. This is where storing the complete data file as-it-is turns out to be a big risk. It is easy to store the whole file but then it is also easy to get all its contents in one go. What if we split up every data into chunks, encrypted each chunk separately, transmitted each encrypted chunk separately and stored those separately? That would make it very hard for any attacker to get even a single file completely and make compromising of a few keys useless.
Vaultize satisfies both the criteria above by combining its patent-pending encryption at source technology with chunking - allowing us to do both encryption and de-duplication at source - resulting in industry-leading security and, as a bonus, huge bandwidth and storage savings. Vaultize achieves end-to-end (source to destination and cradle to grave) data security and protection with it's innovative technology.
This post is written by Sanjay Chopra, Vaultize's Director of Services. He is based in our Pune India office.