Mainframes

Is your enterprise encryption strategy a compromise?

Share this post:

Protecting your business, part 1

There are many different statistics available on the risks and impact of data breaches.  The most alarming one in my opinion is this: out of the nearly 6 billion data records breached since 2013, Breach Level Index reports that only 4 percent were encrypted.  This is staggering given that most organizations recognize the risks and understand the importance of data security and encryption.  It begs the question — Why do we see such a significant disconnect between known risks and the level of data protection?

Security today

Strong walls and perimeter defenses are no longer adequate to prevent cyber-attacks in today’s enterprises.  There are countless points of entry into an organization’s IT environment, all of which lead to what should be private data.  Not only could a team be completely consumed by trying to secure all of the potential entry points, but they could do all that and still not achieve their objective.  Threats from insiders, whether they be from rogue insiders or attackers posing as insiders, complicate the situation further.

Though many organizations recognize that encryption is vital, they struggle in their data encryption journey.  The main reason is that implementing encryption is extremely complex.  Many wrestle with questions such as: What data needs to be encrypted?  Where should encryption occur? Who is responsible for encryption?  Leaders in organizations which have already started down the path are beginning to grasp the complexity and challenges involved in reaching their destination.

Roadblocks to deploying an enterprise encryption strategy can include insufficient skills, resource constraints, overhead costs, technology limitations, and an all-too-common problem — not knowing where the sensitive data is located.  Since none of these are easily overcome, companies often veer off the original path out of necessity and end up with best-effort encryption versus the best-in-class encryption originally planned.

Industry and government regulations mandate that certain sensitive data be encrypted.  Thus, many organizations have adopted the practice of selective encryption.  They look for credit card data, social security numbers and other sensitive data and encrypt a subset of data. Adopting selective encryption makes sense in theory but falls short of protecting all of the digital assets of value to an organization.

In summary, traditional approaches alone aren’t sufficient.  If they were, we wouldn’t be hearing another report about how our personal data was breached. Organizations must operate on the premise that potential attackers are already inside and must view regulations regarding data security as a minimum threshold, not a best practice.  It is time for a paradigm shift in protecting the data at the core of the enterprise.

A new approach

Data needs to be treated as the new perimeter.  To achieve any chief information security officer’s (CISO) ideal of enterprise data protection, organizations should adopt a strategy of encrypting all data wherever it resides.

It is easy to envision how pervasive encryption can minimize the risk and impact of a data breach.  However, it can also help with encryption deployment and compliance.  By encrypting data at a broad scale, organizations can move forward on encryption quickly since the process of identifying and classifying data is decoupled from the act of implementing encryption.  Additionally, it simplifies compliance reporting by being able to show all data is encrypted.   And lastly, pervasive encryption helps protect all of an organization’s digital assets – not just those mandated by compliance.

Protect your business

Do not compromise on your enterprise encryption strategy.  in the future in this blog series, we’ll explore how new technologies that support pervasive encryption can help you with that.  Until then, watch this webcast to learn how to begin encrypting everything without changing anything.

IBM z Systems encryption

Distinguished Engineer - z Systems Security

More Mainframes stories

Three ways to thrive in the digital age [New Solitaire report]

The pace of business has rapidly accelerated in recent years. Your enterprise must constantly innovate products and services while keeping costs down and data secure. Solitaire Interglobal Limited (SIL), a research firm with over 40 years of experience, has tapped its vast market database to analyze how IT infrastructure can help organizations meet these challenges. […]

Continue reading

Open source project Zowe: Fast, simple, familiar z/OS development

The IT landscape is evolving at a fast pace. Organizations continue to digitally transform to better serve the demands of their customers and differentiate themselves from their competitors. Many of these businesses have a mainframe as an essential asset at the heart of their digital transformation, and to drive the business. IBM Z mainframe strengths […]

Continue reading

IBM Storage delivers new solutions for your multicloud enterprise

Today, IBM Storage is announcing many new innovations across the portfolio focused on enabling and supporting simple and automated management, data movement and the placement of data across clouds and on premises. This demonstrates IBM’s continuing focus on what we’ve found matters most to our customers and Business Partners: eliminating silos, breaking down barriers, and […]

Continue reading