Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

A few days ago, 191 million American citizens were put at risk. A database containing the entire U.S. voter registration became publicly accessible, exposing records that included addresses, phone numbers, party affiliations, and more. The database, which has since been taken down, held records that dated back to 2000.

Having occurred at the year’s end, this story certainly serves as a harsh reminder that 2015 was the year of the data breach – a bad year for corporations and a great year for hackers.

A Forward-Looking Strategy

As we turn the page and hang up the new calendars for 2016, the following question must be asked: what exactly are we doing wrong? Despite the huge rise of cybersecurity tools and services in the past year, hackers are still getting by and still getting hold of sensitive data.

In order to answer this question, let’s take a closer look at this recent incident with the U.S. voter registration. The records appeared to have almost no protection – they were literally in the clear in a database for anyone to access. This could have been entirely avoided had encryption been implemented. If done properly, it would have left the public eye with nothing but useless strings of data. However, encryption alone won’t solve the problem; a new approach to how and where we apply security measures is just as important as applying them in the first place. Ultimately, this comes down to application-level security.

Application Security: Protection at the Source

By adding encryption and other security features at the application level, all data that leaves to a database is already inherently secure. Even in the event of a public leakage or malicious hack, the data remains protected and everyone else is left with meaningless, encrypted data. The problem, however, is that developers are just not security experts. Implementing proper, robust encryption is hard. Whenever developers do go about encrypting their data-at-rest, they often make mistakes – sometimes fatal, such as storing encryption keys right next to the data, relying on simplistic and insecure tools such as Transparent Data Encryption (TDE). Furthermore, development teams generally do not have the resources to add encryption to their projects and applications without taking months and months of time with custom code – an error-prone and risky process in and of itself.

This is part of the reason why data breaches are still happening: a false sense of security is established by applying too many ‘afterthought’ security tools that don’t actually protect data at the source. Before long, databases brimmed with sensitive data are breached, scoring new headlines and causing lost customers – and everyone is still sitting there scratching their heads.

Application security – done correctly – is what will allow organizations to be more proactive about their sensitive data, and give them the confidence that their most important asset – the data itself – is safe and sound.

One way to achieve this is by using Crypteron’s developer-friendly security framework. This new high-end security product integrates with any application in a matter of minutes. A few lines of code grants any .NET, Java, or Scala application with military-grade AES-256 encryption, automatic and transparent key management, regulatory compliance and much more.

Here are some of the awesome benefits:

  • Prevent data breaches and protect mission-critical data
  • Save over a year of development time
  • Achieve instant regulatory compliance in the cloud
  • Eliminate risky, error-prone custom code
  • Integrate with all popular public, private or hybrid
    clouds
  • Supports all popular SQL, NoSQL and
    unstructured data stores
  • Cloud-first, zero trust approach – no need to
    trust anything other than your application

Learn more about Crypteron and start securing your applications today:

Try Crypteron for Free Now.

Or Contact Us

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent blog posts

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

Crypteron CipherStor Performance Benchmarks

Blazing fast performance by Crypteron CipherStor that hits several gigabytes/sec enabling security even in high bandwidth scenarios

Data-Centric Security: The Way Forward

Properly implemented encryption holds the key to a robust data-centric approach to security.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

by David Reich time to read: 2 min
0