Written by:
Purandar Das The BarCode Cybersecurity Podcast recently featured Sotero CEO, Purandar Das, in an eye opening chat about taking a data-first approach to effectively protect sensitive data.
Here’s a link to the podcast. For a quick recap, read on.
In this podcast, Das discusses the importance of embracing a data-centric mindset to when it comes to protecting sensitive data, and how new data encryption technology that enables data in use encryption and data in motion encryption is opening up a world of new possibilities for businesses.
According to the Das, since data is always the primary target of a cyberattack, organizations must take a “data first” approach to preventing a strike that could cripple them with one shot.
So, what is a data-first approach, and how do you employ such an approach? Here are two of the underlying principles, which are discussed in detail in the podcast.
Usability of data. To achieve true usability of data, we must have data encryption solutions that combine data security with the ability to use that data while it is secure. This would require a different approach to data encryption technology – one that that enables as the ability to use the data while it is completely secure. >
The obstacle, according to Das, is that disk encryption protects data only protects data at rest on the disk, and encrypted communication links, such as those powered by SSL and TSL encryption, encrypt data only when it is in transit from one system to another.
“The key to true usability of data,” says Das, “is to employ data encryption technology that provides data in use encryption and data in motion encryption. And now, we have technologies that enable organizations to do just that. We no longer must decrypt data in order to use it, which is enabling organizations to faster time-to-value from their data.”
Cloud Data Protection has been viewed by many CISOs as an oxymoron of sorts. As organizations shift more of their sensitive data to the cloud, they introduce more potential cracks in their security program. There are a range of concerns, one of the biggest being that if data in the cloud is encrypted by the cloud provider, the cloud provider still holds the encryption keys and can access the data.
“What organizations need,” says Das, “is the ability to take ownership of the encryption keys from the cloud provider.” This, along with the ability to keep data encrypted as the data is transmitted to the cloud, is now a reality, giving companies the confidence they need to move sensitive data to the cloud.”
The podcast takes a deep dive into these two topics, and also addresses a range of other new data encryption technologies that enable organizations to take a data-first approach to more effectively protect sensitive data.
Click here to listen in or to read the transcript.