Incident Response, TDR, Vulnerability Management

2014: Encryption here, encryption there, encryption everywhere

Share

Between the U.S. government shutdown, Steve Ballmer's last days at Microsoft, and the evolution of “twerking,” it's safe to say that 2013 was anything but quiet. For certain, we can attest to the fact that the biggest story of all this year involved Edward Snowden. The former CIA employee and NSA contractor publicly disclosed over 200,000 classified documents to the press, primarily around the NSA mass surveillance programs. 

If enterprise security and privacy hadn't caught the attention of the masses before June of 2013, it certainly was a topic of discussion after the fact. So much so, that Strategic News Service publisher and overall technology guru Mark Anderson paid homage to the Snowden debacle in his widely respected annual top 10 predictions for Technology.

Rounding out the list at 10, Anderson claims, Encryption Everywhere: The direct commercial result of Edward Snowden's leaks will be a massive move by large technology companies, both in enterprise and consumer markets, to evolve new encryption technologies and products that use them. While NSA-proofing will be the motivator, the real benefit may be improved protection of commercial IP from theft by China and other nations.” 

Many are left to ponder what does this all means for the state of the enterprise in 2014. A better thought to analyze would be, “Which industries will experience the most data encryption challenges in 2014?”

Health care

As regulations like HIPAA add teeth to the punishment they dish out (i.e. fines and public shaming), health care organizations in particular will take a closer look at the ways in which they are protecting their data. Of even greater concern, are the health care organizations that fail to properly protect themselves. Most data breaches within this market occur due to the loss of a computer or storage device with patient data that isn't secured or encrypted.

Furthermore, under the Affordable Care Act, millions of Americans are now covered by insurance and have unlimited access to our health care system. This drastic increase in private patient information comes with the increased risk of a potential data breach on a grander scale. The use of data encryption in health care is the only way to ensure the security of personal health information (PHI) and avoid having to report a data breach, if one occurs. But remember, encryption only works if you use it properly (i.e. actually have it activated.)

Government

To date, the industry remains one of the most frequently hacked verticals in the enterprise market. Unfortunately, these hacks not only impact government officials, but the nation's school systems and the U.S. military are at risk too. Government must look to the encryption of data-at-rest as a part of the larger information security architecture in place. Operating under intense scrutiny over its handling of sensitive data, the government must find ways to maintain the level of innovation in its approach to technology, methods and standards when dealing with data security. Encryption is no longer just essential for confidential, policy information but for national security.

Financial services

Financial services continue to be a top target for data breaches. Between hackers, missing devices, card scams and insider data theft, banking institutions are constantly at risk of having their customer's private financial information fall into the wrong hands. Even worse, many employees – even those who consider themselves to be “tech savvy” – do not recognize when there is an event waving a potential red flag for an impending data breach. Encryption is the only way for these institutions to keep their customer data out of harm's way.

Education

For a vertical that screams “bull's-eye” to an oncoming data breach, it's vital for colleges and universities to prepare themselves for data security issues on an ongoing basis. Sensitive data such as student and parent information, finance records, student loans, employment records and academic research all act as moving targets for a hacker. Unfortunately, because this confidential data can reside almost anywhere, the risks of lost or stolen data becomes a startling reality.

This vertical must look toward encryption solutions that will protect all the information stored on devices ranging from hard drives all the way to removable media. However, it's important to remember that for an industry as collaborative in nature as education, its security precautions must maintain a level of agility, without constraining the ability to work together as needed.

Unfortunately, we can never expect to enter a new year with thoughts of being “unhackable.” Like many before us have said, it's not a matter of “if” but a matter of “when” a data breach occurs. The only way to really protect ourselves is by investing in the right solutions and maintaining security best practices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.