| Caveat Emptor |
This multi-part series is designed to provide a deeper understanding of the threats that your organization and its data face. As we speak to customers and partners, we see gaps in understanding when it comes to data security. Our goal is to educate our readers to understand the broad threat to your organization derived from your data and drill down to show the interdependencies and connections to help you take a holistic view of protecting your data.
There is no shortage of “data security” solutions in the marketplace. However, much like three years ago, when company after company was adding “blockchain” to its name to cash-in on the buzz-phrase of the day, the phrase “data security” is often misused as a marketing tool. We have spent the past three weeks touching on what the threat looks like, and while only scratching the surface so far, you should understand it is much broader and much more challenging than perhaps you believed. This is, in no small part, because several solutions are focused on a very narrow definition of critical data. In looking for a data security solution, you must look beyond the often-empty buzzwords used in the marketing materials and ask some vital questions.
Your first question needs to be, “is this data security platform truly data security?” You need to ensure the platform protects you against all threats – external, internal, back-end, and front-end – utilizing dynamic and persistent threat protection for all data types in all states. It is important to remember that simply because data is not subjected to a regulatory standard does not mean it is not critical to your organization. It is also essential to understand that, on top of not covering all vital data, most (if not all) data governance systems provide data protection, not data security. While these may seem synonymous, they are quite different. Data protection is more focused on policy management and enforcement – being able to define who can do what with specific data sets and action that policy. Data protection is a phrase also used for data backup and disaster recovery systems. While those are both components of data security, it does not go nearly far enough in today’s threat environment. Data security needs to authenticate the “user” is who they purport to be. It needs to understand the context of the data interaction to ensure they are not a bad actor. It needs to provide immutable and auditable tracking of everything that happens to that data.
Once you know that you are getting a trustworthy data security platform, your next question should be, “what is the impact on user behavior and productivity?” This may seem like an odd question, but the reality is data is meant to be an asset, not a liability. If you are not going to focus on keeping the data useful, why even have data security? Just put it on tape and store it in a vault. Similarly, you should follow that question with “what is the impact on my infrastructure?” Infrastructure is a significant investment, and you do not want to deploy solutions, mostly solutions you have never used before, that require you to make substantial modifications to your infrastructure. If the answer to these first two questions is anything other than “minimal,” it is best to keep looking.
Covax Polymer is the only solution that checks all of those boxes. Our unique data molecule structure protects data on the back-end (in all states) and through the various states of transit. The thin client that renders the secured data usable resides at the access point, thus minimizing the ability of bad actors to conduct “man-in-the-middle” operations. Polymer leverages artificial intelligence and machine learning to scrutinize the user and their actions, preventing stolen credentials and trusted user attacks. Granular control is provided at the molecule level, with file-level permissions (ACL’s, passwords, etc.) being maintained within the molecule structure. All actions on molecules are immutably recorded in ledgers—Covax Polymer molds security, governance, and life cycle management into a single cohesive platform.
The idea is to leverage technology to do the heavy lifting, not create the need to hire or deploy additional resources and minimize access points and system integrations. Configuration errors and security gaps are causal events at a material level and should not be dismissed. Often, new systems change the threat vector and become the target themselves. Skilled attackers are great at exploiting vulnerabilities, and often the “cobbling together” of specialized solutions is a vulnerability creating exercise when it should be the other way around. Holistic solutions are not the norm these days, but they are still the best solution. Covax Polymer brings everything into one system – security, governance, and information lifecycle management – which reduces vulnerabilities resulting from system integrations and unnecessary access points.
In the next post in this series, we will begin taking a deeper, more technical dive into all the aspects we have discussed so far – from threat vectors and pain points to understanding the critical elements of data security solutions – in much greater detail.
Originally Posted On: October 22, 2020