Here’s a sobering statistic: according to the 2009 Verizon Data Breach report, 285 million records were compromised in the 90 cases that Verizon investigated in 2008. That is close to one exposed record for each of the roughly 305 million citizens in the USA.
Data security in today’s business world is a classic Catch-22. We need to protect both data and the business processes that rely on that data. To do so we need to move from a reactive fear (or compliance) driven mode to a proactive risk-adjusted data security plan, centered on an analysis of an organization’s unique data risk factors and the use of a risk-adjusted methodology to determine the appropriate data-protection processes, policies and solutions for that organization.
There are different definitions of end-to-end encryption. To some people it means encrypting data throughout its entire lifecycle, from capture to disposal. This sort of end-to-end encryption (or tokenization) does provide the strongest protection of individual data fields.
Another way to think about end-to-end, and a very practical approach to data protection, is to provide end-to-end encryption between specific parts of a solution that are in high risk areas. This approach can be applied within an enterprise or between organizations. In the latter case a supporting infrastructure that includes functions to establish trust and key management can take a long time to implement. Encryption can only provide confidentiality and integrity and must always be combined with other aspects of security, including authentication, authorization and monitoring to provide a secure overall solution. While I am a strong proponent of end-to-end encryption, not every bit of data needs to be encrypted throughout its lifecycle. The sensible approach to adopt is a risk-adjusted methodology that protects data according to its value with the appropriate layers of security.
The risk level of the data collected, used and stored in the enterprise
Enterprise data protection
Businesses can look at enterprise-class end-to-end encryption solutions along with newer approaches — such as tokenization, Format Controlling Encryption, and Database Activity Monitoring.