End-to-End Encryption a Recipe for Serenity
January 5, 2017
Data breaches litter the news cycle. There is a new, even worse breach garnering front page coverage on what seems like a daily basis. With such a threat-rich environment, it is mission critical to ensure your business does not become yet another notch on a hacker’s belt and fodder for a cautionary tale. The traditional view in securing data was shoring up perimeter defenses – but growing in prevalence is an inside-out defensive approach, which puts encryption center stage in the protection strategy.
Baffle co-Founder and CEO Ameesh Divatia explained at Editors Day Silicon Valley that only four percent of breaches occur when data is encrypted, which is why Baffle’s approach offers end-to-end encryption of the data. While some in the enterprise allow a number of hurdles to hinder implementing encryption, Baffle addresses these in its approach.
The three primary obstacles for encryption adoption start with keys. Whenever you work with encryption, multiple keys require management. In addition, the complexity involved in integrating encryption into and not-obstructing workflows, can prove daunting and impassable for some. The third issue is in regard to performance. Plain and simple, when encryption is involved performance is impacted.
Divatia, an application and performance optimization industry veteran, said Baffle is able to minimize performance impact, ensure encryption throughout the entire data lifecycle and automate the storage, rotation, retirement and use of keys. Too many firms view security as “a necessary evil…just a box to check,” and in taking this nonchalant approach are providing opportunity for increased vulnerability.
Baffle’s cloud-based service easily integrates with infrastructure, and offers protection from the inside. The service includes extensive monitoring and analytics encryption, and promises minimal effects on performance.
One area Divatia views as a massive opportunity is the Internet of Things (IoT). Currently, Baffle’s offering is focused on non-SQL databases, which sets up to calm the nerves of those in the industry trumpeting the horn of unprotected data, and the need for much improved security. The reason the Baffle approach is in a position to instantly offer serenity to those leveraging IoT is the end-to-end encryption. As soon as a device sends data it is encrypted; service providers can run analytics on the encrypted data with the time result being the only decrypted data.
In the not too distant future, the firm will be unveiling a service for SQL databases, and have offered early access of the product for clients to get a feel for how it performs and take it through the paces of implementation.
Keeping a keen eye on the future, Divatia illustrated two key areas to follow in 2017. He explained the awareness of insider threats will improve and compliance is evolving as well. From California to Europe and Russia, regulations are going into place will dramatically change the way data is managed – companies must disclose data, but if you were to lose encrypted data a firm wouldn’t. “The biggest threat is a loss of reputation,” so as the new guidelines take hold there is a major opportunity.
Security should be front of mind for firms of all sizes. The mishandling of data can have disastrous consequences. While I’m not one to say encryption is a silver bullet, I would suggest, however, that it serves as a massive step in the right direction – especially with a shift in data protection philosophy. So when you put your head on the pillow at night, it is just sheep you’re counting – not the security of your data, and the many ways it can be violated.
Divatia explained Baffles carries an aim of making the encryption process as quick and painless as possible, so you can get back to worrying about the bottom-line. The company believes serenity starts with security, I can’t argue with that – and neither could Frank Costanza.