On the previous post we discussed the ultimate ineffectiveness of edge defenses when it comes to protecting digital assets and the need to protect the assets themselves using encryption. To be clear, it is crucial to have the best edge defenses available to try and prevent any unauthorized access to the programs and data on various systems. But the focus on creating a hard shell around digital assets must not come at the expense of hardening the assets themselves.
To use an analogy to demonstrate this point, everyone knows that, in order to protect one’s house from being burglarized, one needs to use a deadbolt on the front door and have all the windows closed and latched down in order to protect what’s inside the house; however, if there are valuables such as important confidential documents or expensive possessions such as jewelry, it is just as important to have a fireproof safe that can house those items securely in case there is a breach of the exterior defenses. Thieves can break down doors and windows and get in. Even if there are alarms that can announce the break-in, it would not take long for someone to quickly grab what they can see lying around and make their get-away before getting caught. Having a safe means the most valuable assets inside the house are not so readily available to be stolen.
Having edge defenses and intrusion detection around physical assets as very similar to a house with locked doors and windows and an alarm system that will alert the homeowner and authorities. And if the digital assets are encrypted and not readable without the encryption keys, they will be similar to the homeowner’s valuables locked in a safe. So now the challenge will become where the encryption keys are for the encrypted assets.
Let’s continue with our valuables in a safe analogy. If the combination for the safe are written down on a notepad and placed in a desk drawer, then the valuables are secure as long as the thieves do not have the time or the patience to open and rifle through drawers. Similarly if the combination for the safe is shared with too many individuals, any one of them could accidentally or on purpose divulge the combination, rendering the protection offered by the safe useless.
An encrypted digital asset is as safe from falling into the wrong hands as its encryption key. Unfortunately, encryption keys by their very nature are impossible to memorize because they are a long randomly generated set of numbers and characters. They are also needed by programs that are used to access the digital assets to decrypt the data on demand to allow interaction by employees and partners. So they are usually put in various programs (similar to writing the combination to a safe on a notepad). There are third party solutions to record the keys in digital “lock boxes” to remedy this situation. But let’s face it, if the keys are recorded anywhere in human readable form, the hacker will get to them. So we have a safe, and the safe has a combination, but if we write down the combination on a notepad, we are just counting on the thieves to not have enough time or patience to look for the notepad. We are better off than not having a safe, but we are not fully protected against the loss of our valuable assets.
So in order for us to have an effective solution to protecting our digital assets from unauthorized access, we need a solution that:
- Encrypts our sensitive and confidential data and documents,
- Properly protects the encryption keys so they CAN NOT fall into the wrong hands,
- Makes it possible for anyone we trust to get to the assets when needed without having to know or look for the encryption keys,
Our DEXUSshieldTM does exactly that and more! I will cover how all that is done on the next post.
In the meantime, if you would like to learn more about DEXUSshieldTM, please fill out the form here and we can schedule a demo of our solution’s full capabilities.