Mainframes

Is your enterprise encryption strategy a compromise?

Share this post:

Protecting your business, part 1

There are many different statistics available on the risks and impact of data breaches.  The most alarming one in my opinion is this: out of the nearly 6 billion data records breached since 2013, Breach Level Index reports that only 4 percent were encrypted.  This is staggering given that most organizations recognize the risks and understand the importance of data security and encryption.  It begs the question — Why do we see such a significant disconnect between known risks and the level of data protection?

Security today

Strong walls and perimeter defenses are no longer adequate to prevent cyber-attacks in today’s enterprises.  There are countless points of entry into an organization’s IT environment, all of which lead to what should be private data.  Not only could a team be completely consumed by trying to secure all of the potential entry points, but they could do all that and still not achieve their objective.  Threats from insiders, whether they be from rogue insiders or attackers posing as insiders, complicate the situation further.

Though many organizations recognize that encryption is vital, they struggle in their data encryption journey.  The main reason is that implementing encryption is extremely complex.  Many wrestle with questions such as: What data needs to be encrypted?  Where should encryption occur? Who is responsible for encryption?  Leaders in organizations which have already started down the path are beginning to grasp the complexity and challenges involved in reaching their destination.

Roadblocks to deploying an enterprise encryption strategy can include insufficient skills, resource constraints, overhead costs, technology limitations, and an all-too-common problem — not knowing where the sensitive data is located.  Since none of these are easily overcome, companies often veer off the original path out of necessity and end up with best-effort encryption versus the best-in-class encryption originally planned.

Industry and government regulations mandate that certain sensitive data be encrypted.  Thus, many organizations have adopted the practice of selective encryption.  They look for credit card data, social security numbers and other sensitive data and encrypt a subset of data. Adopting selective encryption makes sense in theory but falls short of protecting all of the digital assets of value to an organization.

In summary, traditional approaches alone aren’t sufficient.  If they were, we wouldn’t be hearing another report about how our personal data was breached. Organizations must operate on the premise that potential attackers are already inside and must view regulations regarding data security as a minimum threshold, not a best practice.  It is time for a paradigm shift in protecting the data at the core of the enterprise.

A new approach

Data needs to be treated as the new perimeter.  To achieve any chief information security officer’s (CISO) ideal of enterprise data protection, organizations should adopt a strategy of encrypting all data wherever it resides.

It is easy to envision how pervasive encryption can minimize the risk and impact of a data breach.  However, it can also help with encryption deployment and compliance.  By encrypting data at a broad scale, organizations can move forward on encryption quickly since the process of identifying and classifying data is decoupled from the act of implementing encryption.  Additionally, it simplifies compliance reporting by being able to show all data is encrypted.   And lastly, pervasive encryption helps protect all of an organization’s digital assets – not just those mandated by compliance.

Protect your business

Do not compromise on your enterprise encryption strategy.  in the future in this blog series, we’ll explore how new technologies that support pervasive encryption can help you with that.  Until then, watch this webcast to learn how to begin encrypting everything without changing anything.

IBM z Systems encryption

Distinguished Engineer - z Systems Security

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Mainframes stories

Building the workforce for the cognitive era

Mainframes are the core infrastructure system for many of the world’s leading businesses, including 92 of the top 100 global banks, the 10 top insurers and 18 of the top 25 retailers. Given the importance of these systems to their businesses, clients often ask what IBM is doing to help ensure a strong pipeline of […]

Continue reading

IBM Z: The banking platform for the future

I’ve talked with many banking executives about how their business is changing and what they need to do to compete in this dynamic and turbulent marketplace. Maintaining trust with clients is core. The financial services sector had 65 percent more cybercrime attacks than average, based on an analysis of security incidents from 2016. In this […]

Continue reading

Why use IBM DevOps tools to deploy applications to the mainframe?

One of the areas in software delivery that drives the most value for your dollar is automating release deployments.  This is especially true in mainframe environments, where lengthy homegrown processes for checking in and deploying code have been used for years in order to safeguard business-critical applications. Why would you seek out IBM for software […]

Continue reading