Beyond the Red and Blue Pill – Maintaining Data Usability while Protected
Many of us remember, or have at least have seen the meme, presented by the movie The Matrix, where Morpheus offers Neo a choice between a red pill and a blue pill. The decision is to either live in a harsh reality or choose blissful ignorance. Neo takes the red pill, preferring to explore the harsh reality of the Matrix.
Now, if you’re a security administrator working with an application team or line of business owners, you may not realize that you offer your business a similar choice each day:
- Do you encrypt sensitive data and leave it blissfully unusable, happy to remain at rest within your storage and servers, free from potential abuses? Or,
- Do you make data available in the clear to applications within the harsh Matrix-like reality that exists in IT with the potential insider misuse and external threats to steal it?
In the Matrix, Agent Smith wants to attack your data, Neo!
Back in IT reality, it’s a tough call when weighing the trade-offs between business continuity and reliable access to data with the need to protect sensitive data. The “red pill” of open data usability must be considered as a risk trade-off with the “blue pill” of constant protection where one need not worry.
But what if I told you there was a Purple Pill compromise for usable data protection and it has a name? It’s format-preserving encryption and offers the best of both worlds—data usability with security.
Let’s stay in Wonderland and go further down the rabbit-hole with format-preserving encryption…
Traditional encryption forces a risk decision to encrypt or to leave data exposed in clear text. This creates gaps in security controls when data moves from at-rest, in-motion, to in-use. Instead, format-preserving encryption (FPE) maintains data in an encrypted state, while also making it useful to applications with limited or discretionary risk exposure. If data needs to be exposed for a particular use, it can be limited to specific elements of the data, such as partial masking of a phone number (think, XXX-XXX-3265). But how does FPE do it?
HPE SecureData’s FPE implementation, as an industry-leading example, are based on standardized AES encryption to protect data reliably, while keeping the format of the data unmodified. A social security number looks like one to a database without requiring schema modifications, and a date field will still look like a date to an application, and so on. At the same time, referential integrity is preserved for the data class, so Big Data analytics or database joins can be run on the encrypted data, just like normal, without an application choking on the operation.
This is a game changer when compared to traditional encryption that lacks this dynamic and is a differentiator that HPE can offer for today’s high-volume, data-intensive applications that act on protected information, without exposing unnecessary risks, such as Big Data data lake mining and IoT applications.
By addressing both utility and security, FPE doesn’t need to compromise on either aspect. Security is transformed from a business inhibitor to now the opposite—an accelerator of new initiatives while still mitigating risks. Encrypted data that retains its format looks and acts the same to applications, making it possible to avoid revealing it in clear text unless absolutely required for a specific use case.
Unleash the power of your data initiatives without the fear!
What a boring movie it would have been if Neo simply chose to live in harsh reality, but never needed to use his amazing bullet-time martial arts as a defense. He simply got on with his day without worries, while Mr. Smith gave up against a proven competitor. Now, any security administrator can be a hero to their line of business owners!
Consider today how your data can be afforded the same luxury using the data-centric approach of format-preserving encryption. If an authorized application requires data to be revealed, it would be a situational choice if required for that application, rather than a constant risk when data moves from storage, across the network and into various applications. To learn more about format-preserving encryption, products and solutions, swallow the purple pill and visit these links: