The average organization today has 20% of data stored in the highly guarded databases, and 80% of the data stored everywhere from highly secured servers to cloud to personal computer as well as mobile devices. The data stored in the database
are structured data and access to it are being protected in anyways possible not only becasue the value of the data, but also for the fact that protection for those are
well established. However, the heightened protection didn’t seems to stop the security breach and data loss. When the breach happens, organizations suffers losses in both reputation and monetary value, as well as regulatory fines.
Most time when breach happens, the hacker obtained access credential to the database and steal the data through seemly legit means. It is becomes extremely difficult to identify and prevent such intrusion become the system just can’t differential the true legit access from fraudulent ones when the same credential is presented.
Hackers often obtain credential through 2 means: internal source (30%) and hacking including phishing (70%), both of which can be reduced or eliminated by protecting the unstructured data, the 80% of the data that are mostly not protected.
Among the unstructured data, some files used by automation may include access credential to the database so they can run unattended, and people may has files that contains access credential in their working computer to speed up the access. Some hardened access including Cloud services requires to use key files, and those files are often stay unprotected. Once the computer is compromised, those files can easily allow hackers to hop onto those servers and steal the data without leaving a trace.
Security can only be as strong as its weakest link. If the unstructured data is exposed, every other security measure is compromised. Every single data security expert would recommend to secure all the data in the environment instead of structured data only. Unstructured Data Shield is designed to protect the 80% of the unstructured data so the 20% of the structured data can stay protected.
A Protection hat never quits, even after the worst scenario, is not a dream anymore. Unstructured Data Shield make it reality with revolutionary Encryption at Rest (EAR)
2.0, individual file encryption that is on anytime and anywhere. What it means to the protected data is that teh information stored in the data is protected beyond you IT boundary and defense line.
In a simple term, with EAR 2.0, every file is being encrypted with algorithm of choice and individual random key. The key is stored away from the file. When the file is being accessed, a request for the key is sent to the UDS by authenticated
user through UDS client. If the user is allowed by the access policies to access the content of the data, the key is sent to the UDS client in encrypted channel, UDS client then decrypt the file on the fly and open it in the application
of user’s choice. This design get ride a few issues previously stopped encryption at rest being adapted.
Modern symmetric encryption algorithm like AES is well designed against attacks, which pretty much leaves one option to crack the data: brutal force, try each possible
key until hit the right one. This is not realistic when the key is 256 random bits. In theory, it requires about 3×1051 years to exhaust the 256-bit key space.
But if your encryption is protected by a password, it become a different story. Most of the encryption used by applications like Excel are using password to either protect or derives the key. This means the hacker only need to crack the password you remembered, not the actual key itself, to break the encryption. That won’t take too much effort and money with Cloud services and better equipment like GPU or FPGA. 10 character long password with patterns probably won’t last a day.
Unstructured Data Shield is different. It separate the key and content entirely, and the keys are not derived from any password, it is 256 random bits. This design leave no chance for brutal force attack, or any documented attach.
Last year, Verizon counted 30% of data breach involves internal sources. Out of the 70% of outside attach, half of them are hacking. Among all the data breaches, 50% are sophisticated attach by organized criminal group. Protection for unstructured data by UDS could significantly reduce the loss by denial the access to information at point of entry and reduce internal risk with well deigned access control policies
that limit the exposure of access credentials. No data can be safe if unstructured data are exposed without protection that are sophisticated enough to match that of attackers.