Every business has data that needs protecting. You don't have to be a MasterCard, with tens of millions of financial records at risk, to worry about data security. Whether it's your customer lists or your corporate credit card accounts, you have some information that shouldn't get into the hands of the bad guys.
Encryption is one way to plug those leaks, but the problem with most data encryption software is that it doesn't get used. Conventional wisdom says that anything that adds extra hassle to the workday is bound to be neglected by end users.
A company called Applied Security claims to have eliminated that problem with its latest product. Called fideAS, it works behind the scenes to encrypt user data transparently, according to policies defined by IT security managers. Your sales force need never lift a finger to have encryption employed automatically for all their significant documents, Applied Security claims.
This sounds like a great idea, but I'm actually of two minds about it. On the one hand, encryption is a fine first line of defense in cases of laptop theft or network intrusion. There seems little doubt that proper use of encryption could have prevented several headline-making cases of data theft. On the other hand, I worry that automated encryption could give many businesses a false sense of security that might actually leave them more vulnerable.
As long as a file sits on a hard disk, encrypted, its contents are safe. But the truth is that the most important data seldom stays idle for long. You need to work with it. You need to open those files, access them, read them, and modify them. That means they must necessarily spend much of their lives unencrypyed -- in RAM, on your screen, and most importantly, in your mind.
That last part is the really tricky one. Because with cyber espionage on the rise, targeted phishing and social engineering are increasingly the tools of choice. In other words, modern data thieves won't come charging through your firewall to gain access to your sensitive data. They'll just ask you for it. Without proper training and awareness, any employee can become a security leak that no amount of file encryption can plug.
Are you nervous yet? I am. When financial institutions can fall victim to massive data leaks, when they arguably deploy more data security than any other type of companies (including encryption), I wonder how many small and midsized business have suffered similar leaks that "weren't big enough" to make the news?
No comments:
Post a Comment