3 Common Misconceptions About Data At-Rest and Encryption Innovation
In the last three years, CryptoMove has had the opportunity to take part in dozens of industry conferences and meet with people from a broad range of sectors that are facing cybersecurity challenges. We’ve overheard and been involved in countless conversations about protecting sensitive data, and frequently these discussions center on the topic of practical tools and innovation in encryption technologies.
A realization from these experiences is that there is considerable misunderstanding and confusion regarding the market for encryption-related startups in particular. There isn’t really a Gartner quadrant yet, and since the players in the market (including CryptoMove) are early-stage companies, the marketing, positioning, and language is still evolving and has not always been fully thought through by each company or observers of the space.
In today’s post, we hope to clear up three of the most common misconceptions about the early-stage startup encryption market and explain how moving target defense (MTD) fits into a robust data security strategy.
Misconception 1: Data Security Demands New Crypto
Because of the central role that encryption plays in protecting data, a common assumption is that enhancing security depends on new and more advanced cryptographic algorithms. But as Pete Herzog, the Managing Director of ISECOM, noted after this year’s RSA Conference, “new cryptography” has failed to deliver on lofty promises in practical applications, leaving security professionals deeply skeptical of any claims of innovation in this field.
There’s been so much snake-oil over the years selling bad cryptography and so many companies burned by it that it’s ingrained in us to take a step back when we hear the words “new” and “cryptography” side by side.
— Pete Herzog
Instead of new crypto, an alternative view is that it’s not necessarily the type of encryption that matters most — it’s whether the defensive infrastructure is stationary or dynamic.
For instance, moving target defense (MTD) actively fragments, relocates, and morphs data across distributed nodes in the cloud, containers, even devices. Splitting up data and keeping it in a constant state of change creates unpredictability that flips the advantage of asymmetry so that it benefits the defenders and not attackers.
CryptoMove is not an encryption company; it’s a secure storage company.
CryptoMove does not rely on any new encryption algorithms. As a default, it operates with standard, open-source implementations of AES-256, but the CryptoMove back-end can be modified to plug and play different cryptographic libraries or algorithms. Even with weaker encryption, fragmented and moving targets created by CryptoMove generate entropy in the data store.
Misconception 2: All Encryption is Designed to Serve the Same Purpose
With physical valuables, we instinctively know that different assets require different types of protection. Distinct measures are needed to protect a wallet, car, home, or bank vault.
In data security, on the other hand, there’s a tendency to view all security needs under the umbrella of encryption algorithms. This tendency obscures meaningful nuances in the types of assets at risk and the solutions that can defend them.
Exploring those nuances starts with recognizing three specific types of data:
- Data at rest is information that is stored and not currently being accessed, transmitted, or processed. Data at rest may be kept in various types of storage both on-prem and in the cloud.
- Data in transit is information being transferred from one location to another. As with data at rest, there are abundant types of data transfer in on-prem and cloud environments.
- Data in use is information that is actively being accessed. The need to make data available to users can create exposure to attacks.
Building a data security strategy starts with understanding your data protection environment. Are you defending data at rest, data in transit, data in use, or some combination of those three? Though this question seems simple, its answer is essential in identifying potential threats and the solutions that actually match your needs.
For example, homomorphic encryption, the technology behind startups like Inpher and Enveil, would enable a company to perform analytics on customer data without decrypting it, but it does not affect the storage security of data. It’s a great solution for data in use but is not really trying to address the issue of data at rest.
CryptoMove focuses on data at rest. While the technology has applications to both data in transit and data in use, its core function is protecting data at rest. Through fragmentation and movement, the Tholos key vault ensures that, even though your data is “at rest”, it is never truly stationary.
Misconception 3: Choosing a Data Security Service Requires Understanding Complex Math
If you’ve done even a preliminary review of data protection solutions, you’ve probably encountered dense equations and realized that many vendors throw math at you until your eyes glaze over.
It’s true that math is part-and-parcel of cryptography, but just like you don’t need to be a mechanic to drive a car, you don’t need an advanced degree in mathematics to understand how to best protect your digital assets.
While MTD is backed by powerful math, you can understand its value proposition without reviewing a single equation.
With stationary targets, data is more vulnerable, even with strong encryption, because it is kept whole and in one place. Time is an asset for attackers because it gives them the ability to learn more about the system and refine their tactics.
With MTD, data is fragmented, continually reshaped, and on-the-move. As a result, time becomes an asset for the defenders, not the attackers. Each minute (or second, or split second) that goes by generates a random and unique attack surface, creating unpredictability for attackers and neutralizing their prior reconnaissance.
MTD also has math behind it. A handful of studies have improved the ability to quantify data protection from MTD and have found impressive results, especially in multi-cloud environments where added nodes expand opportunities for fragmentation and shifting of data.
The math supporting CryptoMove’s technology overwhelmingly demonstrates its effectiveness. To cite one mind-boggling example, a successful brute-force attack would require 2²⁰⁴ more computations than the total number of atoms in the universe.
If you’re interested in the calculations, we invite you to take a look under the hood, but understanding complex math isn’t necessary to understand why MTD is a game-changing approach to securing vital data.
To see for yourself how this technology works and can help manage your keys and secrets, sign-up now for early access to the CryptoMove Tholos key vault.
