By Mark Bower, VP, Voltage Security
Yet again, the attackers have gained access to sensitive data. The industry has to understand that incomplete approaches to protecting data that leave it exposed at some vulnerable point in its life will result in a breach. It's merely a matter of time. Traditional defenses leave too many exploitable gaps that present an opportunity for compromise. Data breaches are unstoppable, but it's entirely possible to neutralize their impact using new defenses that leading retailers and payment processors have already adopted successfully with the double benefit of risk and compliance cost reduction.
Today, the attackers are armed with the ability to penetrate IT architectures despite the presence of traditional perimeter defenses, monitoring, and scanning. Trying to stay ahead of the latest attack vectors is a costly arms race that's always one step behind the attackers.
The good news is there are ways to mitigate these threats, which are setting the new standard in best practice in data security: data-centric or end-to-end protection. Attackers go after high value data. Strong data level encryption and isolated key management with the ability to retain the business use of the data in protected form provides a powerful defense against these threats.
The problem is not all encryption is created equal. Methods that merely encrypt the disk only address threats to data when the system is powered off do nothing to mitigate these kinds of advanced attacks. Retail systems and e-commerce systems are 24/7 platforms — so data is at risk after capture, in flight, in use and in active storage. Until the magnetic strip credit card system and static credit card data is replaced, which is a long way off, retail payment protection has to be about the full lifecycle of the credit and debit card data from the instant it is captured to its hand-off to the card brands.
Mark Bower is VP of Voltage Security, which delivers data-centric security software solutions to protect data across enterprise, cloud, mobile devices, and big data environments.