In the last few years, encryption has become one of the shields used to protect the sensitive data organizations produce and are entrusted with by their customers. In 2013, in response to revelations about government surveillance and censorship concerns, companies like Google, Facebook, and Yahoo made public efforts to strengthen their encryption efforts. Google Inc. Chairman Eric Schmidt went as far to say the “solution to government surveillance is to encrypt everything.”
In 2014, well over a billion data records were lost or stolen as a result of 1,541 breaches, including some like the Home Depot and Sony Pictures Entertainment hacks that made headlines and had long-term business consequences. Despite the new emphasis on enterprise encryption, more than 95% of the 2014 breaches involved data that was not encrypted, providing the perpetrators with access to the stolen information.
Companies are playing the encryption games — whether they know it or not. Winning begins with fundamentally changing the security paradigm. IT decision makers need to shift focus from breach prevention to breach acceptance. Accept that a breach will likely occur at some point in some way and prepare for it. Encryption for data at rest and in motion is a cornerstone to that approach.
And as more data is produced, shared, and distributed in more locations outside of organizations’ control, stronger encryption will continue to be adopted more broadly throughout the enterprise. That rise in encryption then leads to a rise in the number of encryption keys generated that must be safely stored and managed, and at that point you’re playing the encryption games at a higher level.
If you’ll be attending RSA Conference 2015, I hope you’ll attend my session, BC-W5N, to hear more on the topic. Join me on April 22nd at 1:30 p.m. in the Expo Briefing Center for The Encryption Games: Going from Encryption to Crypto Management.