Ask for the proofs. Ensure independent validation of the approach is available. If it isn’t, don’t trust it. These have to also be relevant and from trusted sources. Incomplete tests, or claims which don’t really have full transparency don’t cut it. For instance, solutions which claim to enable protection using new encryption techniques without security proofs and relevant independent validation by experts are worthless in the event of a breach. Even worse, they may not offer any security in the first place. Independent verification is critical.
That’s why new data security standards such as NIST Format Preserving Encryption and FFX mode AES are so important. They have the founation of security proof and standards body.
Data risk and compliance barriers can be solved by leveraging a “data-centric” approach in the enterprise cloud stack to enable data protection, de-identification and data masking in tandem with Identity, Authentication and Authorization service layers. This enables the CISO and CIO to enable business adoption of new competitive applications by aggregating business services and data sources rapidly without exposing live data to new threats or insider attack.
The spotlight is now on CISO’s to determine the architecture and strategy to make it happen, not to say no to the business. Otherwise the business will adopt it anyway – the train’s already rolling.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.