When IT implements defences that cannot evolve fast enough, it generates cybersecurity threats that expose both personal and corporate information. Moves by government organisations, such as the U.S. Federal Bureau of Investigation’s request to Apple to create a backdoor to the device of the San Bernardino shooter’s iPhone, highlight how complicated and challenging our privacy can become.
Entities that are designed to protect us could potentially sacrifice the protection of privacy for the masses, in order to serve individual cases. And, important to highlight on the global scale, significant disagreements between multiple governments – like those tied to the ongoing Safe Harbor/Privacy Shield discussions – demonstrate that cultural and geopolitical considerations will keep the conversation murky for some time to come.
An individual’s right to privacy is in question on multiple fronts: governments who want unfettered access to our personal data on one end of the spectrum and individuals or organisations with malicious intent on the other. This all leads to the question: is data privacy on the brink of extinction?
For businesses, the mathematics of balancing security and privacy has added complications. Companies and the technology vendors that serve them store enormous amounts of personal and corporate information. As companies continue the trend of moving data to the cloud, they open themselves up to more potential security lapses as well as government intrusion. In addition, elements like the rapid evolution of threats, the huge volume of alerts generated by security technologies and increasingly fractured architectures have spread IT organisations too thin, leading to more struggle within enterprises to maintain data privacy.
Should we be treating data privacy with greater urgency?
Data encryption is at the center of the data privacy discussion. While encryption technologies were more challenging to use in the past, improvements to user interfaces and the modification of the technologies to work in today’s hybrid infrastructures make these protections more accessible. That said, many enterprises still have a long way to go in being able to create their own balance of security and privacy through the use of these solutions.
Earlier this year, Sophos published 'The State of Encryption Today', which provided some context on how far behind enterprises are regarding the use of encryption to protect their data. Sophos found that companies are failing to consistently protect their data and creating critical gaps. From a Sophos blog post on the survey, 'nearly one-third (thirty per cent) of organisations surveyed fail to always encrypt their own corporate financial information, and forty one per cent inconsistently encrypts files containing valuable intellectual property, despite the increasing risks of economic espionage.' Furthermore, despite eighty four per cent of respondents expressing concern about data stored in the cloud, only thirty nine per cent of respondents encrypt all files stored in the cloud.
Key tips for deploying encryption for privacy
There’s some data that will never be stored in the cloud and other data that is born in the cloud and will never see an on-premises data centre. The reality is that most businesses have a wide range of data in both owned data centres and in multiple third party cloud environments. To ensure the ongoing efficiency of their data management plans, businesses should prioritise partnerships with vendors that offer and specialise in hybrid approaches.
End-to-end encryption is critical
Not all data is created equally. Not every organisation or industry has the same requirements on how steadfastly privacy must be protected. That said, it is important to understand that measures should be taken to ensure your data is protected at all touchpoints. Data should be encrypted at creation, in transit, and at rest. By taking full control over the encryption of your data, it will allow IT departments to rest assured that their organisation is safe.
Manage keys across multiple cloud platforms
A key aspect of maintaining full control over data privacy is the development and management of encryption keys. Selecting vendors that offer more options on key management control will allow enterprises to better implement the specific amount of privacy required by their specific business needs. Considering that many enterprises have multiple cloud deployments– from Amazon AWS to Microsoft Azure and more – the ability to manage the same encryption keys across cloud platforms can create additional control, protection, and efficiency.
Data privacy has been thrust into the spotlight of late, putting immense pressure on businesses to ensure the protection of their own data, as well as their customers’ data. As both the volume and velocity of data created by businesses and individuals continues to increase, so does the need for both security and privacy. The future of data is more encryption not less and as solutions such as key management become more widely used, we can all look toward a more secure future for our data.
Kris Lahiri, Cofounder & Chief Security Officer at Egnyte