Security

Prevent 2015 from becoming another Year of the Data Breach

If 2014 taught us anything, it has taught us that even the most secure systems are subject to breaches. Here's how to avoid it next year.

If 2014 taught us anything, it has taught us that even the most secure systems are subject to breaches. The breaches experienced in 2014 were all but devastating, damaging the reputation of major retails, while lining the pockets of cybercriminals. Take for example the theft of 40 million credit card accounts from Target, as well as the more than 2 million credit card accounts stolen from Michaels craft stores, and as recently as September, Home Depot announced that 56 million of its customers' credit card numbers were stolen. While the full extent of the damage may never be known, it does all certainly add up to 2014 being the Year of the Data Breach.

Obviously, preventing 2015 from becoming another"Year of the Data Breach will take employing some different security approaches, after all the technologies (or those using them) of 2014 were not up to the job of protecting critical data. Nevertheless further investigation into those breaches did reveal a common thread, one that spells out the dangers of "visibility" - simply put, the data that was stolen, was visible to the thieves. At least, that is what security startup Stealthgrid has come to claim. The company, which is in the game of hiding data from theft, uses the motto of "They Can't Steal What They Can't See!"

The ideology behind this company is to obscure any critical data by encrypting it and splitting it up among different resources using a service named Stealth Cloud, which also further protects the data (when in motion) by delivering the split data elements using In-Motion Encryption and Compression.

While there may be no simple way to explain the technology to a neophyte, technologists should be able quickly appreciate that Stealth Cloud works by securely splitting up data before it leaves a device, and then the different pieces of data is sent to several selected cloud locations and providers. That amounts to each provider only having a fraction of the encrypted split original file, making a breach on any individual provider worthless to an attacker. What's more, if the data was intercepted or compromised while in motion, what was stolen would amount to little more than an incomplete set of meaningless data. Only the original user has the ability to control how the pieces are put back together, creating a truly secure methodology for protecting data files.

Stealthgrid, which was founded by security expert Larry Castro, aims to change how users think about data and the protection of data, using what may be a very interesting approach, which bodes well for those looking to protect sensitive data items from theft.

However, many questions remain - the technology looks like a good way to protect individual files from theft or compromise, something that the victims of the recent "Fappening" (leaked Hollywood celebrity photos) should come to appreciate, yet how does one apply the technology to enterprises in general?

And that remains one of the biggest questions - of course, enterprises need to protect data files and the breaches mentioned above were the results of the contents of data files being stolen, yet there is more to enterprise data protection than the obfuscation of data files - individual transactions need to be protected as well.

Simply put, protecting enterprise from compromise will take a multi-tiered approach, one that leverages obfuscation to protect stored data (making individual breaches useless) combined with advanced technologies to encrypt data in motion (preventing data interception), that will have to be paired with known user identity systems and linked to IDS/IPS systems backed by application specific firewall technology.

Perhaps then and only then, can 2015 become a year free of major breaches.

About Frank Ohlhorst

Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MC...

Editor's Picks

Free Newsletters, In your Inbox