Enveil CEO Ellison Anne Williams speaks with OPEN Forum about the importance to securing customer data in the financial space.
Excerpt: [Ellison Anne] Williams says encryption is effective because it renders the data useless to attackers. For example, if they steal credit card or other financial information, they receive garbled bits instead of a string of numbers they can repurpose.
“If they break in and take the encrypted data, they can't do anything meaningful to it—they can't exploit it," she says. “[Encryption] also has the effect of greatly deterring attackers from breaking in because if you're encrypting at every step of the lifecycle… they can't do anything with it and their motivation goes way down to attack the organization."
She notes, however, that the focus is typically on data at rest (where it resides, like a database) and in transit (transmitted through the network), but not when it's in use. So when the information is decrypted in memory—for example, to conduct analytics on customer transactions—it's still at risk.
“If I'm an attacker, I can patiently wait until you go use your data, and steal it when it's decrypted in memory—so everything you've worked hard to protect… is now exposed," she says.
Read the full article.
