Mainframes

Is your enterprise encryption strategy a compromise?

Share this post:

Protecting your business, part 1

There are many different statistics available on the risks and impact of data breaches.  The most alarming one in my opinion is this: out of the nearly 6 billion data records breached since 2013, Breach Level Index reports that only 4 percent were encrypted.  This is staggering given that most organizations recognize the risks and understand the importance of data security and encryption.  It begs the question — Why do we see such a significant disconnect between known risks and the level of data protection?

Security today

Strong walls and perimeter defenses are no longer adequate to prevent cyber-attacks in today’s enterprises.  There are countless points of entry into an organization’s IT environment, all of which lead to what should be private data.  Not only could a team be completely consumed by trying to secure all of the potential entry points, but they could do all that and still not achieve their objective.  Threats from insiders, whether they be from rogue insiders or attackers posing as insiders, complicate the situation further.

Though many organizations recognize that encryption is vital, they struggle in their data encryption journey.  The main reason is that implementing encryption is extremely complex.  Many wrestle with questions such as: What data needs to be encrypted?  Where should encryption occur? Who is responsible for encryption?  Leaders in organizations which have already started down the path are beginning to grasp the complexity and challenges involved in reaching their destination.

Roadblocks to deploying an enterprise encryption strategy can include insufficient skills, resource constraints, overhead costs, technology limitations, and an all-too-common problem — not knowing where the sensitive data is located.  Since none of these are easily overcome, companies often veer off the original path out of necessity and end up with best-effort encryption versus the best-in-class encryption originally planned.

Industry and government regulations mandate that certain sensitive data be encrypted.  Thus, many organizations have adopted the practice of selective encryption.  They look for credit card data, social security numbers and other sensitive data and encrypt a subset of data. Adopting selective encryption makes sense in theory but falls short of protecting all of the digital assets of value to an organization.

In summary, traditional approaches alone aren’t sufficient.  If they were, we wouldn’t be hearing another report about how our personal data was breached. Organizations must operate on the premise that potential attackers are already inside and must view regulations regarding data security as a minimum threshold, not a best practice.  It is time for a paradigm shift in protecting the data at the core of the enterprise.

A new approach

Data needs to be treated as the new perimeter.  To achieve any chief information security officer’s (CISO) ideal of enterprise data protection, organizations should adopt a strategy of encrypting all data wherever it resides.

It is easy to envision how pervasive encryption can minimize the risk and impact of a data breach.  However, it can also help with encryption deployment and compliance.  By encrypting data at a broad scale, organizations can move forward on encryption quickly since the process of identifying and classifying data is decoupled from the act of implementing encryption.  Additionally, it simplifies compliance reporting by being able to show all data is encrypted.   And lastly, pervasive encryption helps protect all of an organization’s digital assets – not just those mandated by compliance.

Protect your business

Do not compromise on your enterprise encryption strategy.  in the future in this blog series, we’ll explore how new technologies that support pervasive encryption can help you with that.  Until then, watch this webcast to learn how to begin encrypting everything without changing anything.

IBM z Systems encryption, Encryption Strategy

Distinguished Engineer - z Systems Security

More Mainframes stories

The evolution of the IBM Blockchain Platform: Choice and control on IBM Z and LinuxONE

We’re living in a multicloud world. Today, 85 percent of businesses rely on multiple clouds to meet their IT needs, with 71 percent using more than three[1]. What this means in practice for enterprise clients is that they have multiple architectures in place. This may be fine for “tried and true” workloads–like credit card processing […]

Continue reading

New Container pricing enhancements bring pay-as-you-go model to z/OS

Today’s IT is fast-paced and in constant evolution. For many clients, IBM Z® is at the center of their digital transformation. Utilizing this secure, flexible infrastructure with the agility of public cloud and the security and resiliency of a private cloud, clients can accelerate the deployment of new services to help meet market demands. We continue to deliver security, development and […]

Continue reading

The new normal: A secure and agile business

If you’re like most of the IT leaders in this industry, you know that high stakes boardroom conversations are changing as fast as the pace of technology innovation. Today’s executives in a digitally empowered world, want IT to innovate and deliver outstanding user experiences, all built on a strong foundation of equity and trust in […]

Continue reading