Would encryption (partially) solve corporate data breach problems?

Discussion in 'The Lounge' started by GoshenGeek, Feb 14, 2015.

  1. GoshenGeek

    GoshenGeek Corporal

    The multitude of corporate data breaches is appalling. Bad enough that hackers get into corporate databases. But then the hackers steal personal information. In the case of Anthem insurance, the social security numbers & other personal information were stolen from ~80 million people. Would encryption of personal data in corporate databases be a partial solution to the theft of personal data? If so, why is this not done? This would not stop the hackers from gaining access, but at least the data that is stolen would be of no value. Am I being overly simplistic? Comments?
     
    GoshenGeek, Feb 14, 2015
    #1
  2. Adrynalyne

    Adrynalyne Guest

    Would it fix it? No. Fixing the ability to break in would. How do you know it wasn't encrypted?

    There are varying levels of encryption and areas that are encrypted. How do we know the encryption key wasn't stolen along with it? For someone to use encrypted data, it must be decrypted. How do you know it wasn't stolen when it was decrypted?

    Its not a simple answer of just encrypting data. Security in IT is a tough job. It is easy to protect small amounts of data with double encryption, locking the key to the machine, etc, but it gets much harder with large amounts because then you have multitudes of people accessing the data, giving you multiple failure points. If you go too crazy with encryption, the data will be unusable due to severe performance issues, even a main frame would chug on something like that. I am not security expert, but there is a lot to consider.

    A good exmaple would be the Nexus 6 smartphone. Encrypted out of the box, it runs much slower than it should. Even worse, the second you unlock the device, the data is no longer encrypted.
     
    Last edited by a moderator: Feb 14, 2015
    Adrynalyne, Feb 14, 2015
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    A lot of these breaches is because employees open attachments in emails. The hackers then gain access to the servers.
     
    TimW, Feb 14, 2015
    #3
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    I agree encryption would be great but for the reasons that Adryn and TimW mention its not as easy as you'd think, huge amounts of data if encrypted is a nightmare, just think what if you have a server error and it corrupts the encryption key, all data is lost, to the very fact that most incursions into data are internal so leaked encryption keys are used.

    As Adryn mentioned and I have this issue in one area of my work thats encrypted is that when opening encrypted data it takes an age, so moving data to encrypted to un-encrypted is a PITA, its a necessity in the task I need to do, but easier ways need to be found, difficult though it may be.

    Have to also think half of the time the companies hacked are using similar techniques to banks to secure data, but if a hacker is determined and possibly they have insider help (which is majority of cases) no matter the security level they will get through, the trick is to try and prevent them at source, which is staff security and not getting malware infected, to making sure the access points to internal networks are as secure as possible.
     
    DavidGP, Feb 14, 2015
    #4
  5. DOA

    DOA MG's Loki

    Like TimW said, the users are the problem.
    I have a couple of government installs that have no outside access. No CD, no USB, no way into these systems except the keyboard and mouse. They are secure.
    Most IT do NOT want this as they have to physically go to the site for all problems. I have to virus scan data entering these systems, incubate it, scan again and then when I am sure it is clean go to the site. I then unlock a door in the computer room to access the USB and copy in data. The stored data is then encrypted as it goes in. As you can imagine the data is never current, but it is secure.
    There is a tradeoff between utility, convenience and security.
     
    DOA, Feb 14, 2015
    #5
  6. Mimsy

    Mimsy Superior Imperial Queen of the MG Games Forum

    No.

    As others have already pointed out, the solution to data breach problems is a little more complex than simply updating a firewall or adding encryption. Large corporations are already doing everything they can to protect customer data and payment data, that's not the problem. The problem is the people behind the breaches can do more because they're not limited by annoying little roadblocks like laws or budgets, or the fact the IS department has limited resources and a lot of things to do.

    When you get a chance, look up PCI compliance and the requirements you have to meet in order to be compliant. It's an interesting read.
     
    Mimsy, Feb 14, 2015
    #6
  7. GoshenGeek

    GoshenGeek Corporal

    Thank you all for your responses. To answer my own question: I WAS overly simplistic. As you all point out, encryption alone is not the answer.
    Thank you.....
     
    GoshenGeek, Feb 14, 2015
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds