Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

A few days ago, 191 million American citizens were put at risk. A database containing the entire U.S. voter registration became publicly accessible, exposing records that included addresses, phone numbers, party affiliations, and more. The database, which has since been taken down, held records that dated back to 2000.

Having occurred at the year’s end, this story certainly serves as a harsh reminder that 2015 was the year of the data breach – a bad year for corporations and a great year for hackers.

A Forward-Looking Strategy

As we turn the page and hang up the new calendars for 2016, the following question must be asked: what exactly are we doing wrong? Despite the huge rise of cybersecurity tools and services in the past year, hackers are still getting by and still getting hold of sensitive data.

In order to answer this question, let’s take a closer look at this recent incident with the U.S. voter registration. The records appeared to have almost no protection – they were literally in the clear in a database for anyone to access. This could have been entirely avoided had encryption been implemented. If done properly, it would have left the public eye with nothing but useless strings of data. However, encryption alone won’t solve the problem; a new approach to how and where we apply security measures is just as important as applying them in the first place. Ultimately, this comes down to application-level security.

Application Security: Protection at the Source

By adding encryption and other security features at the application level, all data that leaves to a database is already inherently secure. Even in the event of a public leakage or malicious hack, the data remains protected and everyone else is left with meaningless, encrypted data. The problem, however, is that developers are just not security experts. Implementing proper, robust encryption is hard. Whenever developers do go about encrypting their data-at-rest, they often make mistakes – sometimes fatal, such as storing encryption keys right next to the data, relying on simplistic and insecure tools such as Transparent Data Encryption (TDE). Furthermore, development teams generally do not have the resources to add encryption to their projects and applications without taking months and months of time with custom code – an error-prone and risky process in and of itself.

This is part of the reason why data breaches are still happening: a false sense of security is established by applying too many ‘afterthought’ security tools that don’t actually protect data at the source. Before long, databases brimmed with sensitive data are breached, scoring new headlines and causing lost customers – and everyone is still sitting there scratching their heads.

Application security – done correctly – is what will allow organizations to be more proactive about their sensitive data, and give them the confidence that their most important asset – the data itself – is safe and sound.

One way to achieve this is by using Crypteron’s developer-friendly security framework. This new high-end security product integrates with any application in a matter of minutes. A few lines of code grants any .NET, Java, or Scala application with military-grade AES-256 encryption, automatic and transparent key management, regulatory compliance and much more.

Here are some of the awesome benefits:

Prevent data breaches and protect mission-critical data
Save over a year of development time
Achieve instant regulatory compliance in the cloud
Eliminate risky, error-prone custom code
Integrate with all popular public, private or hybrid
clouds
Supports all popular SQL, NoSQL and
unstructured data stores
Cloud-first, zero trust approach – no need to
trust anything other than your application