An Inside Look At The Data Encryption And Identity Management Challenge
Interview with Jenn Markey, Marketing Director for Authentication at Entrust Datacard and Peter Galvin, Chief Strategy & Marketing Officer for nCipher Security from RSA 2020
Entrust Datacard is one of the leading global vendors for identity management and assurance. In June 2019, Entrust Datacard acquired nCipher Security, a data security platform that secures business-critical information and applications, including cloud, IoT, blockchain and digital payment technologies.
To find out more about the nCipher platform, as well as the challenges facing organizations in securing emerging cloud and IoT technologies, Expert Insights met with Jenn Markey, Marketing Director for Authentication at Entrust Datacard, and Peter Galvin, Chief Strategy and Marketing Officer at nCipher.
The Data Protection Challenge
nCipher helps organizations secure the masses of data that they’re generating, which is quickly becoming one of the most important security risks for organizations.
“If you think about the biggest challenges that CIOs and CSOs have, it’s that they’re collecting a lot of personal and sensitive information,” Galvin tells me. A crucial aspect of the security team’s role is to ensure this information is kept private and can only be accessed by the right set of people.
“We provide the capability for that data to be encrypted,” Galvin explains. “We store the encryption keys in hardware, and we generate the encryption keys and signing keys.”
Galvin explains these keys are secured in hardware rather than software, in order to maximise security. Many of their customers are in government, and financial services, where ensuring large amounts of data is protected and encrypted is absolutely crucial.
When it comes to protecting data, there are really two main issues that CIOs and CSOs are facing today, Galvin says.
“The first is actually protecting the data,” he says. “The second is about getting access to the data. To secure data we’re able to provide managed services for public key infrastructure and provide certificates for websites and identities.”
“From the identity standpoint, we can actually authenticate a user or an individual, to ensure that you’re able to identify the people and systems that are trying to access that information.”
Is 2020 The Year of Encryption?
Galvin has previously described 2020 as the ‘year of encryption,’ and a turning point in how organizations will have to approach the issue of data protection and access. Galvin argues that the ever-increasing number of data breaches that we see is driving this change.
“We now have a set of cyber criminals and nation states that are trying to attack any type of sensitive data.” Galvin says. It’s long been the case that cyber criminals have targeted organizations, looking for sensitive information like credit card information for identity fraud.
But now, nation states are another big threat to organizations. “We live in a world where we’ve moved from cyber criminals to nation states, who are using cyber as a form of low-level warfare. But they don’t just want information from other governments, they want information from industry.”
“The best way to keep information out of the hands of either rogue nation states or cyber criminals is through encryption.”
Why are the challenges around data encryption getting worse?
It seems the number of data breaches that we see are increasing all the time, with the challenges to protecting data becoming more difficult. Why are the threats to data becoming more prevalent?
“There’s multiple reasons,” Galvin says. “One is that there’s more data. We’re also moving to a digital and application economy.”
“Everything we do now is digital, so all of it leaves a digital fingerprint,” he says. “All of it contains information about you, including payment details. And all of this information is valuable to criminals and even nation states.”
Why are organizations struggling to protect their data?
The threats to organizations from our increasingly digitized world and economy are clear. But protecting this data is a very tough challenge, even for large organizations with big security teams and big budgets.
There are a number of reasons for this, Galvin says. “There are a lot of organizations using legacy systems and infrastructure, and so many are moving to newer types of infrastructures.”
One of the challenges around that, he argues, is securing access to the data, to make it as frictionless as possible to access, but also secure against cyber threats.
The challenges are also getting harder on the consumer side, and in the workplace, Markey says. “Employees mostly have no malicious intent,” she says. “But passwords were created for an era long before the one we’re operating in now. Passwords are notoriously insecure, so the challenge is, how do you evolve from that?”
nCipher announced at RSA a new password authentication product that gives users the ability to seamlessly access a workstation and all their apps without passwords.
“This helps to limit the ability of cyber criminals to target credentials and access data,” Markey says. “By removing the password, you eliminate that entire area of attack.”
The Increasing Use of AI and Machine Learning in Data Breaches
One of the major new challenges to encrypted data is the increasing use of artificial intelligence (AI) and machine learning (ML) by organized cyber criminals and nation states to target an organization’s security infrastructure.
Galvin argues like any technology, AI and ML will be used for both good and bad in the data security battlefield. “AI is just another example of a tool that can be used. Some will use AI to try to infiltrate systems, but on the flip side to that, you can also use AI to prevent those activities.”
“I think the real issue is having constant vigilance about what is happening, keeping abreast of technologies, understanding where your risks are and being able to do good risk assessment within your organization.”
“This is an ongoing set of activities that you have to do, because even as we plug holes and try to provide more security, cyber criminals are trying very hard to find other places that they can access information. Organizations have to constantly be thinking one step ahead of cyber criminals and what they’re trying to do.”
Advice for Organizations Considering Data Encryption Platforms Like nCipher
For organizations considering implementing data encryption platforms such as nCipher, Galvin’s first advice is to consider where your organization is going in terms of digital transformation.
“Understand where you’re going your journey,” he says. “Make sure that you’re looking at solutions and suppliers that can take you along that journey. Organizations have a lot of different infrastructure, they have on-premise, they have public cloud, and private clouds. You need someone that understands all of those phases, which is something that nCipher does very well.”
“Organizations also need to do risk assessment,” Markey says. “Look towards verticals that are out there and the threats they’re facing. Some industries may not necessarily think that they are a target, but it’s no longer the case as there’s always valuable data in any organization.”
“Work with a vendor that can do that risk assessment, understand what your vulnerabilities are, and how to protect them.”
Find out more about nCipher here: https://www.ncipher.com
Find out more about Entrust Datacard here: https://www.entrustdatacard.com/