What exactly is data security and encryption & key management, and why care about it?
Interesting conversation this morning as I walked from the parking lot to my office building. Another person from one of the eight companies that occupy this building and I walked in together and chatted... first it was just “looks like the weather is getting better”... then it moved to “what floor are you on? what company?” and when I told her ‘Townsend Security’, she said “oh, I’ve always wondered what you folks do”...
As the newest staff member, I wasn’t sure I had perfected my 30 second elevator pitch, but I told her that we were a data encryption company and design the software (and provide hardware) that almost everyone needs to protect themselves from a data breach. At first her response was “oh, we don’t need that, we have a guy that takes care of our computers”. Then we talked about how high the statistics are for people who would experience a data breach ("In 2010, if you received a data breach notification, your odds of being a fraud victim were one in nine. Last year, that jumped to one in four."), and after asking if they had a database and if they kept any records that held personally identifiable information (PII) or credit cards, it quickly became “I think we need that!”.
It reminded me that when I started working here, I wasn’t fully aware of many of the reasons or regulations that make data encryption so important. I’m not sure I will ever have a complete technical understanding of all the nuances, but I’m working on it... Luckily I work with incredibly brilliant people who daily do all of the hard programming work and are very passionate about encryption.
I am lucky enough to be working with a company that I believe in, doing work that I know is important and can really make a difference in peoples lives. One of the main reasons I love this job... all the wonderful people that I work with, people so passionate about data security and the positive impact we can have on other people’s lives!
The founder, Patrick Townsend, impressed me so much at our last staff meeting when he reminded everyone to really think about why we are here, why we do what we do. “It isn’t about selling a product. It isn’t about the bottom line. It is about protecting people from the devastation that a data breach can have on their individual lives. It is about making sure we help companies protect their customers and clients. It is about stopping the bad guys from wrecking havoc by making it impossible for them to get what they are after. That is why we are here, remember that”.
Think about what your company does with the data you collect. Is it encrypted and secure when it is “data at rest” (just sitting on your server)? How about when it is “data in motion” (being transferred to someone else)? Look into what is happening with your information, and if you depend on someone else to take care of it, make sure they are doing it right.
Data gets out. Period. Either by accident or by design (someone hacking into your information). Make sure that when it does get out (and unfortunately it is “when”, not “if”) that it can’t be read. You can make that data useless by encrypting it. Remember to keep the encryption key stored in a different location than the data (encryption key management 101) because you wouldn’t lock up your house and then tape the key to the front door or leave it under the welcome mat!... Would you?
If you aren’t sure what encryption or key management is all about. We have a wonderful resource section on our website, and I’ve gathered a collection of some great Key Management resources right here.
Check out the information we have on data security and encryption key management and then contact us with questions, we are here to help!