The Importance of Shifting the Focus from Event-Driven to Preemptive, Data-Centric Security

MEffective data protection is essential for any business or organization that stores sensitive client data, or that wishes to protect its own sensitive data against competitors. The potential financial consequences of data leakage are disastrous for business owners, investors and shareholders. When businesses are bankrupted by the fiscal penalties for a data breach, employees and their families are the first to suffer.


There is also a high human cost for anybody whose sensitive personal or financial data falls into the hands of malicious actors, or is leaked into the public domain. Identity theft and fraud, or the theft of medical records and online breaches of physician patient confidentiality, has life changing consequences for victims. Most of these victims will at least consider seeking redress in civil courts.


Companies and organizations that store or process data have clear legal and moral obligations to safeguard the integrity of sensitive data. Regulatory authorities and the courts are demonstrating a clear willingness to punish data breaches. Where data protection laws are broken, criminal prosecutors are increasingly willing to target culpable individuals within corporate structures.


Preemptive Data Encryption vs. Event-Driven Encryption


Legal attitudes to data leakage have hardened considerably over the last decade. The new data protection climate is focusing minds in boardrooms across the US and the developed world. CEOs and IT managers need to cover all bases when it comes to data protection, particularly if they plan to bid for lucrative contracts in regulated industries like healthcare, the financial sector or the defense industrial base.


Traditional data protection methods like firewalls and antivirus programs are increasingly inadequate for effective data protection. At best, they offer a first line of defense against opportunistic or amateurish attacks. They can seldom protect against determined and innovative hackers, rogue employees - and simple human error.


Protect Sensitive Data Against Accidental Leaks


Old fashioned human error is often the hardest threat to guard against when you depend on an obsolete DLP project for data protection. Sophisticated defenses against hackers become irrelevant if an employee accidentally emails sensitive data to the wrong recipient, allows subcontractors unauthorized access to databases, connects to a public wifi in a coffee shop, or just leaves their company laptop on the bus.


Various types of data encryption can protect against these scenarios and ensure that accidently leaked data is unreadable by any unauthorized recipient. The challenge for IT managers is to find data encryption solutions that actually work across the entire IT eco structure and that are flexible enough not to impede or disrupt the daily workflow.


For most organizations, data protection comes down to a straightforward choice between preemptive data encryption vs. event-driven encryption. Most types of data encryption solutions are built around event-driven encryption. They require cumbersome and labor intensive DLP projects that devour IT budgets and rarely guarantee absolute security. IT managers often have to constantly upgrade and update their systems and frequently depend on the services or external contractors.


Ground breaking new technologies are making preemptive data encryption a viable reality for smaller businesses and MSPs that need to manage sensitive data. A comprehensive preemptive data encryption solution can remove almost all of the headaches and expenses associated with event-driven solutions. New data encryption software is transforming how businesses manage sensitive data. It is dramatically reducing the risk of accidental data breaches or leaks, as well as deliberate data theft.


The Most Common Types of Data Encryption

When considering the merits of preemptive data encryption vs. event-driven encryption, it’s worth taking a minute to evaluate the three most common types of data encryption in use today.


  • DES - Data Encryption Standard

  • AES - Advanced Encryption Standard

  • RSA - Rivest Shamir Adelman

  • Other Encryption Methods

DES - Data Encryption Standard


DES was an early form of data encryption that was basically already obsolete in the 1970s. It encrypts data at a rate of just 56 bits per second and was quickly defeated by the first generation of hackers.


3DES is the modern version of the original DES encryption. It still encrypts at 56 bits per second but uses three keys instead of the single 56 bit key used by its predecessor. Although 3DES nominally provides triple protection, the encryption process is slow and there are known vulnerabilities.


Some organizations still use 3DES, particularly for internal encryption requirements, but there is a general shift towards more modern and sophisticated encryption methods.


AES - Advanced Encryption Standard


AES is pretty much the default choice of encryption method for governments, organizations in the security field, and businesses that depend on high level data protection. AES is a symmetric key system that requires data end users to possess a decryption key.


AES encrypts sensitive data in blocs of either 128 bit, 192 bit or 256 bit size. The data blocs undergo up to 14 rounds of encryption depending on their size. AES encryption is highly effective, well regarded and works across multiple applications.


If you’re working online, or carrying out any secure activity online such as banking, shopping or healthcare, the chances are that your personal data is currently being protected by AES encryption.


RSA - Rivest Shamir Adelman


RSA is a useful data encryption method for transmitting sensitive data online and verifying digital signatures and verifying that online communicants are actually who they purport to be. RSA encrypts data with a public key, but the recipient decrypts it with a private key.


RSA is a reliable encryption method for people or organizations that require secure, or even anonymous communication. It can protect whistleblowers and ensure secure collaboration on sensitive projects. RSA isn’t a default encryption method for major organizations, but it is a useful tool to have available.


The possible drawbacks of RSA are that the encryption process is slow and isn’t really practical for major file transfers. There is also a learning curve for new users.


Other Encryption Methods


Data protection is a growth industry that is attracting some of the finest minds in the field of high tech. Data is the lifeblood of modern businesses and the threats to sensitive and confidential data are constantly evolving. These range from individual actors, to organized criminal gangs and hostile state agents.


Independent coders and developers are continually exploring new encryption techniques such as Twofish, Blowfish and Threefish. As public concerns grow about online privacy, there is an increasing interest in open source encryption software.


Advantages of Preemptive Data Encryption vs. Event-Driven Encryption


One California based IT manager described preemptive data encryption as the solution that lets him sleep at night. At its most effective, preemptive data encryption ensures that all sensitive data is automatically detected, risk assessed and then invisibly encrypted. IT managers really can sleep at night, secure in the knowledge that even if their systems are breached, stolen data will be completely unreadable.


Traditional DLP projects that rely on event-driven encryption are notoriously problematic and are ultimately only as good as the teams that operate them. Modern businesses depend on a timely flow of data across a huge range of devices and users. The dispersal of data is constant and it’s a real challenge to implement comprehensive data security across an entire ecosystem.


Tracking data across silos, endpoints, shadow cloud and diverse channels using traditional solutions is a sisyphean task with a huge potential for error. One mistake or omission can lead to the data breach that ultimately bankrupts a business. Switched on IT managers are opting for preemptive data encryption and are transforming their departments in the process.


You may also be interested in:

The Advantages of a Data-Centric Approach to Security vs. File or User-Centric

Now Is The Right Time To Discuss Data Risk

Why and How to Balance Security & Usability

Data privacy – a Daunting Opportunity


Get Complete Protection with Actifile Preemptive Data Encryption


Revolutionary Actifile software is closing the preemptive data encryption vs. event-driven encryption debate for good. The software package is simple enough for any IT pro to master on the spot and there is no need for specialist training or external consultants. As soon as you initiate the software it will begin scanning your entire IT operations, including channels and shadow cloud.


Within 48 hours you will receive a detailed report mapping all sensitive data. The cost of data leakage is quantified in either US dollars or the major currency of your choice. As soon as you have the reports, you can make informed, risk aware decisions about how to manage your sensitive date and remediate vulnerabilities.


The Actifile user dashboard allows you to either immediately encrypt sensitive data to FIPS 140-2 validated encryption levels, or schedule it for delayed encryption. The invisible encryption causes zero disruption to either your work processes or to your employees. You also have equal flexibility with decryption, with options for immediate or delayed decryption.