Data: a valuable asset to protect using encryption
Tech culture
Data, business’ hidden treasure trove
Although it doesn’t feature on balance sheets (yet), collected and stored data is a very important asset which must be protected. To understand that, you just have to look at what lengths some people will go to steal it. This means that access to the data and the right to decrypt it must be managed as tightly as possible.
A data: what is it?
To understand the value of data, we need to agree on what data is. There’s an easy answer: everything.
All information (personal or corporate) that passes through a communication system is a link in the data chain: business contacts, technology, strategic watch, … Data is part of a company’s assets.
This « data» asset must be managed and protected from attempted theft, resale to competitors, or public disclosure.
All data security breaches mean financial loss and damage to the organization’s brand image.
Where is data?
Data is everywhere, scattered around and in very large quantities: every action generates data.
Every email, every file contains data that is sometimes sensitive.
Over the past few years, there has been an inordinate inflation of data volumes. A company’s servers and workstations are universe unto themselves.
This in turn means that monitoring location and access to such a treasure trove of data is becoming increasingly complex.
What’s the value of a data item?
« Being the first to know has always been a decisive advantage, whether in politics or in war. Obviously, the more relevant the data is to the context, the greater the benefits for the person who has it. Nowadays, this is especially true since the time data is valuable and valid has considerably shortened, what was relevant yesterday won’t necessarily be relevant tomorrow. » (Wikipedia)
So how much is an item of data worth? ? It all depends on the nature of the data:
- Business transaction data: its value lies in its current and future use.
- Market information, technological or competitive watch data: the value of the data is in the decision-making process.
- Personal data: protected by the law, it is traded for tens of euros on the dark web. It therefore has a direct financial value.
Those are the most obvious values. Big data researchers who input data to artificial intelligence, will, by accumulation, cross referencing and extrapolation, give it all the more importance.
How can data be an asset for businesses?
To see the value of this « data» asset, we can start with a simple question: what happens if we lose it?
If the most confidential data (or access to it) is lost, there is extensive damage.
The first problem is that working becomes impossible – at least until the backups are restored. If the backups are unusable or take too long to apply, the company will have no other option than to cease perating
Another consequence? The company’s brand image and credibility will be severely damaged. Not to mention the criminal proceedings if sensitive information has been leaked.
Loss of access to data assets is often unintentional (theft of a terminal, cyber-attack, etc.), but sometimes it’s organized by malicious third parties: disgruntled former employees, hackers, hostile competitors or even foreign governments, from whom the data must be protected.
Economic espionage is a little-known reality: in this by definition discreet domain, many cases are never reach the media.
Protecting data: how to use encryption
There are many security solutions that protect access to data and prevent its exfiltration. However, with new vulnerabilities being discovered every day, the most effective solution is to protect all data by default, at its very core.
As theft or hacking can never be ruled out, the data must be rendered unusable for unauthorized accesses.
Systematic encryption is the solution. We don’t manage access to the data, but the right to understand and use it.
An encryption solution must be global and end-to-end, and above all transparent (users don’t notice that their content is encrypted and their work habits aren’t changed).
This true digital lightning arrestor doesn’t protect from malicious intent, but prevents the use of content.
It lets the data sleep in a safe place.
A parallel could be with the protection of banknotes stored in ATMs: if the ATM is broken into or its safe opened by thieves, a dose of indelible ink is sprayed on the stored banknotes to stain them, making them unusable.
When it comes to data, this principle is applied by making it unusable in cases of theft: namely, making sure that even if there is an unfortunate or malicious data leak, no one else can read it, understand it, let alone use it.
The data we possess is a valuable asset that needs to be protected from theft, disclosure… It’s sometimes difficult to classify information: from “not very sensitive” to “strategic”, and determining the value of an item of data is difficult: the cost of replacement, disclosure, etc needs to be anticipated. Clearly, it’s not the value we give to the data that counts, but rather the value an attacker gives it.
So, what could be simpler than adopting a global principle: “Encrypt everything, everywhere, every time”. Useless to others, the data will only be of value to you and you alone.
