Kolkata: Cutting-edge data security solutions arises from the dynamic and evolving nature of cyber threats, the critical importance of safeguarding sensitive information, and the complexity of modern IT landscapes. Adopting advanced security measures is essential to stay resilient against a wide range of security challenges.
During the National Securing Cyber Space for Digital Governance Conclave hosted by APAC News Network, held in Kolkata, Nishant Rana (Senior Solutions Sales) from Thales, a French multinational organisation that operates in the aerospace, defence, transportation, and security markets, gave a technology presentation on “New approach in data security.”
Rana said, “Data protection responsibility always lies with the customer. Data providers can assist them to have the capability to protect their data, but it will never replace the customer’s responsibility of protecting their own data.”
Major problems around data protection
Ransomware attack: Ransomware attacks involve malicious software that encrypts a user’s files, rendering them inaccessible. Perpetrators then demand a ransom, usually in cryptocurrency, for the decryption key. These attacks often target individuals, businesses, or institutions, causing data loss, financial harm, and operational disruptions.
Privileged accounts getting misused: Ensuring that data is used appropriately and preventing unauthorised access or misuse of information is an ongoing challenge. Insider threats, intentional or unintentional, also contribute to these concerns. To prevent such challenges, strong cybersecurity measures need to be taken, along with regular backups and user awareness training to mitigate the risk of falling victim to such attacks.
Privacy by design
It is a proactive approach to incorporating privacy considerations into the initial stages of designing systems and processes. It emphasises making privacy the default setting, ensuring ironclad protections without compromising functionality. This concept advocates for end-to-end security throughout the data lifecycle and encourages transparency about data practices.
Privacy by Design respects user privacy by collecting only necessary data, obtaining consent when required, and empowering users with clear visibility into and control over their privacy settings. This approach aligns with data protection regulations and aims to embed privacy features seamlessly into the framework rather than addressing privacy as an afterthought.
Lack of data visibility
It refers to a situation where individuals do not have clear insight into how their personal data is collected, processed, or used by organisations. When data practices lack transparency, users may be unaware of the extent to which their information is being utilised. This lack of visibility can lead to concerns about privacy, as individuals may not fully understand or consent to the ways in which their data is being handled.
Transparent communication and clear disclosure of data practices are essential to empower users with the information they need to make informed decisions about their privacy and to establish trust between individuals and organisations.
Portability in a hybrid cloud environment
This term refers to the seamless movement of applications, workloads, and data across diverse cloud platforms, including on-premises infrastructure and multiple cloud service providers.
The objective is to enhance flexibility by ensuring compatibility, standardisation, and consistency in technologies and interfaces and to avoid vendor lock-in (a situation in which a customer becomes heavily dependent on a particular vendor’s products, services, or technologies, making it difficult to switch to an alternative vendor without encountering substantial challenges or costs).
Achieving portability involves containerisation, adherence to industry standards, and effective data management strategies. This approach enables organisations to optimise resource utilisation, control costs, and strategically leverage different cloud providers based on specific requirements while maintaining operational efficiency.
Key management for cloud applications: BYOE, BYOK and HYOK methods
Bring your own encryption (BYOE): It refers to a practice where users or organisations bring their own encryption methods or tools to secure their data. This could involve encrypting data before it is stored or transmitted using encryption solutions of their choice.
Bring Your Own Key (BYOK): describes a model where the customer or data owner generates and utilises its cryptographic keys, maintaining sole access to them ideally. “If you are storing data with medium risk, then in that case, it is better to go ahead with the BYOK approach, where you provide an encryption key,” Rana advised.
Hold your own key (HYOK): It involves encrypting data before it enters the cloud, ensuring that the key material stays outside the cloud environment. The aim of this approach is to avoid the inclusion of plaintext data in the cloud altogether. “If the data falls under very high risk classification, it is better to go ahead with the HYOK approach, where the cloud vendors should perform all the encryption and decryption,” Rana said.
These methods offer enhanced security by allowing the implementation of encryption methods aligned with specific requirements and compliance standards. This customisation caters to unique industry needs and regulatory mandates, enabling organisations to address data authority concerns by retaining control over encryption keys.
Discussion about this post