Sealing the Borders Isn’t Working; It’s Time to Try Something New

encryptionSecuring data isn’t easy. If it were, then attacks like this one wouldn’t be occurring so regularly. The fact of the matter is that so much time, effort, and money are spent trying to secure the borders, but often to little avail. It is becoming increasingly clear that securing the borders is like trying to keep water out with a sieve: no matter how fine you make the mesh, there are always entry points, even if you can’t readily see them.

What is needed is a different approach, one that acknowledges that you’ll never have a border that is 100% secure. Instead of spending so much effort trying to seal the borders, how about taking steps to render what the successufl hackers do find completely useless to them? What I’m talking about is ensuring that all your sensitive data remain encrypted while at rest. If strong data encryption is applied to all sensitive data, and plaintext versions of it are never leaked to the outside, then, in the inevitability that a hacker manages to sneak through your enterprise’s ultimately porous borders, what they’ll find there is something they can’t read. And if they can’t read it, it is of no value to them and of no risk to you and me.

The challenge is simple to describe. Plainly, encryption is difficult. Ensuring that sensitive data are encrypted and never leave home without their encryption clothes on is by no means a trivial task. Modern encryption is rock-solid strong. AES, the Advanced Encryption Standard, is provably unbreakable in real time, at least with current computing power and attack strategies. If the data inside the porous walls is encrypted with AES and never exposed to people who shouldn’t see it, then the walls could be made of Swiss cheese, and no harm would be done. The product that provides ubiquitous encryption guarantees in a convenient and portable package is, in my estimation, the Holy Grail for computer security, because it will help reduce the unreasonable demands we currently place on our firewall people to keep the bad guys out. There are products that might deliver that promise; IONU (https://www.ionu.com/) i one leading contender. When such products gain widespread acceptance, I believe our global security posture is going to improve significantly, and attacks like this one will become just scary stories of the past.

 

About Ray Klump

Professor and chair of Mathematics and Computer Science Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *