22 Jul What Is Real Data Security?
Buzzwords like “Cyber Security,” and “Data Security” have been tossed around almost interchangeably over the past few years, and understandably so. The “security” industry, as a broadly encompassing term, had progressed tenfold since the time before the Internet when confidential information was in physical files, floppy disks, and databases. In the age of the Internet, your information is seemingly everywhere!
You have multiple social media accounts, you have your bank account, your Google Drive, your Dropbox, all of which contain some amount of information that individually identifies you. With all this information floating around in the “cloud,” you begin to worry about your Cyber Security and cyber threats. After all, you’ve just received an email about unauthorized access, and you’re starting to get concerned.
Cyber” is a word used about anything related to computers, AI, or information technology. For instance, cyberbullying is bullying, which occurs through the medium of technology; there is the interdisciplinary field of Cybernetics; there is even a Tesla Cybertruck! Case in point- Cyber is a very broad and nebulous term that has a host of different usages and meanings.
Data is a much more specific word as it describes the facts, figures, and statistics, which make the basis of reasoning and calculation. A majority of the time, your most sensitive information comes in the form of numbers like your Social Security Number, your bank account number, debit card number, and other things like photos, documents, and spreadsheets that contain essential information. So when somebody says, “I’m concerned about my Cyber Security,” more often than not, they are concerned about a sensitive data breach.
So what is “Real Data Security” anyway?
Let’s take the example of the social security number. Joe Generic’s SSN is 078-05-1120. This nine-digit code is an example of structured data: it resides in a fixed field within a record or a file. The only way this code is authentic is if these nine numbers are in this order, ergo structured. In the hands of cybercriminals, this personally identifiable information can be quite useful when committing identity theft.
The number sequences 05, 1120, and 078 are meaningless when separated from the full data scheme. By separating, encrypting, and moving these pieces of information to various databases, the encrypted data is entirely secure. If one database is hacked, the information stored within it is useless because it is out of context.
Unstructured data comes in the forms of images (like pdfs), emails, social media data, presentations, video, and audio files, just to name a few. Often, SMBs store sensitive trade secrets and personal information within these various types of business documents. At STASH, we call these bits of private and secure unstructured data DigitalConfetti®. For more information on how to better protect your data, read our blog about How To Protect your Personal Data.
This DigitalConfetti® process, in combination with several other patented security features, makes STASH the only one & done privacy and security solution for business data. By setting up your multi-factor authentication process, you are activating a critical first step to ensure that your identity is protected and that you are the only person who can gain access to your data “STASH,” which is where the encryption algorithm and the data parsing process occurs to the data you upload. When you need your files, you activate your multi-factor authentication process, access your “STASH,” and decrypt and reassemble all those protected bits of data back into their re-structured form.
Another STASH exclusive is when a user initiates the process of encrypting or decrypting files via SaaS, API, or Secure Backup, STASH®’s Keys-on-the-fly® file encryption and decryption keys are generated from multiple components when they are needed and destroyed immediately after use. Private keys aren’t sitting somewhere they can be compromised or stolen, unlike most other encryption systems, data storage facilities, or data management firms, even those using high-security hardware modules. If STASH® were directed to access your data, we do not have the means to comply. It’s part of our “your data is yours, period” initiative.
This is the only logical method of truly securing data. In the instance of a data breach, there is simply no data that could be compromised. Perimeter methods of security like Network Access Control, VPNs, Endpoint Security, and other security methods don’t protect data in the instance of a real cyber-attack because they were not built to do so; a vulnerability that is becoming widely known. Unless you are utilizing a data-centric security solution like STASH that protects data by protecting the data itself, that data is waiting to be taken. The STASH approach to data security also ensures that your business is compliant with the General Data Protection Regulation (GDPR) as well as US Data Protection laws and regulations