Ask for the proofs. Ensure independent validation of the approach is available. If it isnít, donít trust it. These have to also be relevant and from trusted sources. Incomplete tests, or claims which donít really have full transparency donít cut it. For instance, solutions which claim to enable protection using new encryption techniques without security proofs and relevant independent validation by experts are worthless in the event of a breach. Even worse, they may not offer any security in the first place. Independent verification is critical.
Thatís why new data security standards such as NIST Format Preserving Encryption and FFX mode AES are so important. They have the founation of security proof and standards body.
Data risk and compliance barriers can be solved by leveraging a ďdata-centricĒ approach in the enterprise cloud stack to enable data protection, de-identification and data masking in tandem with Identity, Authentication and Authorization service layers. This enables the CISO and CIO to enable business adoption of new competitive applications by aggregating business services and data sources rapidly without exposing live data to new threats or insider attack.
The spotlight is now on CISOís to determine the architecture and strategy to make it happen, not to say no to the business. Otherwise the business will adopt it anyway Ė the trainís already rolling.