RSA Keynote: Protecting the Changing Value of Data
February 16, 2017 • Blog Post • Terence Spies, CTO, HPE Security Data Security, Hewlett Packard Enterprise
Data you collect today may be used in completely different ways in 20 years
Are you in the data business?
Your first instinct may be to answer no. But odds are that, in reality, the answer is most likely yes. Almost every business, in nearly every industry, is actually in the data business.
Technology and data collection advancements have made data the core of every business and organization. On the surface, it may look like newspapers, banks, universities and government would not be considered data businesses. However, a data business is any organization that collects information and stores it in repositories. These organizations have an unavoidable responsibility to guard the integrity and privacy of that data.
A newspaper is essentially a distributed store of reliable and trusted data, which if compromised can have a critical impact on its credibility. A bank is essentially a bunch of walls and access controls around a ledger that maintains balances, and is only as good as its ability to guarantee that they can keep their customers account details private and ledgers secure. And governments are the infrastructure around collecting, managing, and securing the data needed to run our cities, states and country.
The real value of a piece of data may be its future value
While collecting and storing data is important, protecting the integrity of the data is what really matters. A bank cannot function without information about accounts and customers. Governments come to a halt if they cannot access their data. And even more than not being able to access it, the cost of losing this data is astronomical. Many companies want to know how much their data is worth and how they can use it today when determining how much to spend on securing it, yet this approach is shortsighted.
The data you collected today may be used 20 years from now in completely different ways, because of future technology. This makes it impossible, and almost dangerous, to base security investments on the current value of a piece or collection of data. Just as legitimate organizations are leveraging the power of big data analytics, so too are cybercriminals to extract meaningful insights to use pieces of information for nefarious purposes. They are creating unexpected value by aggregating their stolen data and correlating multiple data repositories to produce new and more powerful insights. Instead of focusing on the value, it makes more sense for enterprises to focus on how to protect the data both from todays threats and those in the future.
Using cryptography as a new computational model to secure data
It would be nice if a single piece of technology existed that would secure your data forever. But that is not how it works. Instead, your core business planning strategy must include how you identify, store and handle data. Newer technologies are being developed in the cryptography community which enable businesses to include cryptography as an integral part of their data. These new cryptographic models protect both the current and future value of information by allowing business professionals to create, use and dispose of data with the confidence that it will be protected over time.
Here are three new models that all data businesses (meaning everyone) should consider for protecting their data for its future value:
- Post-quantum cryptography By protecting data from future quantum computing models, this model promises to increase the speed of practical problems and change the way people think about solving problems. The challenge from a cryptographic point of view is that it is not compatible with current cryptographic algorithms, such as AES and RSA.
- Homomorphic Cryptography This model allows for computation on encrypted data for the future usability of that data. This enables you to encrypt data and perform computations in a way that allows you to keep the data encrypted. Instead of using encryption as part of the storage and computation process, this technology enables new ways of thinking of data other than sending data from one trusted repository to another over encrypted channels.
- Blockchain This is the most practical model of the three because it is rooted in cryptography. By distributing the data and using consensus mechanisms to cryptographically maintain the integrity of the data, blockchain creates immutability of data by using the power of distributed computing consensus cryptography.
It’s a challenge to figure out exactly how to manage your data. However, by researching and using these newer technologies, you can improve your business’s ability to maintain the privacy and integrity of the data. While we don’t know what the future holds in terms of technology, it’s a given that data will play a critical role in business, and protecting the information should continue to be a top priority.