Encryption as Part of the Defense Strategy
I always take slight issue with data security articles that say in the title that encryption won’t protect against breaches. To me it’s a little misleading. It carries the implication that encryption is almost unnecessary, when that’s not what the article actually goes on to say. Quite the opposite. Rather, what they invariably mean is that encryption alone won’t be enough to protect your networks.
Wait, you might say. Don’t these guys sell encryption? Why is he saying it’s not sufficient on its own? Well, because it’s the truth, and our goal here is to ensure your data is protected. To that end, it is important to us to highlight any and all measures one might take to secure it. For instance, understanding things like what the data you’re collecting is, if it’s necessary, who has access to it, how and why it’s being used, even how cyber criminals might glean sensitive information from the data as a whole. These are all crucial questions to consider. Especially so if the data leaves the confines of your own network to be shared with third party partners.
Another truth is that too many organizations view cybersecurity as a barrier to their operations, as opposed to a framework to help optimize the service or product they deliver to their customers. This comes at a time when, according to the latest EY Global Information Survey, they’re also spending more than ever on cybersecurity. And yet, “More than three-quarters (87%) of organizations do not yet have a sufficient budget to provide the levels of cybersecurity and resilience they want.” Protections are also described as patchy and isolated, even as the subject continues “to rise up the board agenda.”
In any case, the sense I get is that analysts who write about encryption not protecting you do so because they take strong security controls as a “given.” Unfortunately, we have seen that this isn’t always the case.
While encryption alone won’t save a company’s data, I don’t believe we’re even close to the point where it can be taken for granted. Which is why we’ll continue to highlight the issue.