Through the years, Kingland has continued its 'all-in' approach when it comes to security measures. We're revealing why we choose to encrypt everything when it comes to protecting our data for ourselves - and for our clients within their solutions - from potential threats.
It can be scary out there for security teams. According to a report from IBM, the average cost of a data breach has risen to $3.92 million. Couple this with the scrutiny of audits, industry expectations, and internal requirements and you can understand the attention to detail we and others must have when protecting our clients' turf.
Think about encryption as a way to protect your house. We'll delve into physical security for a moment here. You can choose to put a fence around your property and as long as no one gets through or around the fence, you could choose to leave everything inside the fence unlocked. Of course, there are people who could get through the fence so you may want to - at a minimum - lock the exterior doors. You're still left with the question of putting the same level of locking mechanisms on all your internal doors, but you may choose to leave it be since it's inside. You're making this decision based off your risk position.
While less than 50% of organizations implement an enterprise encryption strategy, at Kingland, our default approach is to encrypt everything to keep data as secure as possible. Each workstation is encrypted. The information on hard drives is encrypted. Even if an employee attaches an outside source to their workstation, it's immediately encrypted. You can't access specific areas of our buildings without the proper key. A benefit to encrypting everything is that you have several layers of security blanketing your information which makes it that much harder for bad actors to gain access. This same approach is taken with client solutions. For example, we provide direct, secure integration with a client's data systems.
Augmenting Security with the Cloud
Our use of cloud technologies enables our robust encryption mechanisms. Through the help of cloud technologies we can encrypt data at rest and in transit. We understand that data can be exposed in either state, which can leave a company vulnerable to bad actors. We encrypt data on-premise prior to sending data to the cloud. Security Information and Event Management software helps us aggregate and analyze activity from network devices, servers and more to discover trends, identify threats and receive alerts.
Transport Layer Security (TLS) and Secure Socket Layer (SSL) are two methods we use to help us communicate securely over our network. Creative work goes into ensuring seamless communication inside and outside of the enterprise among servers, microservices, applications and more.
Encrypting it All or Just Enough
Usually, organizations that choose not to encrypt everything believe their defense - up to a certain point - is safe enough that nothing past a specific point would cause a material impact to the organization. For example, let's let this Computerworld excerpt explain the risk position banks take with the use of ATM cards.
"An easy way to see how this is applied is to think about the PIN on your ATM card. Most banks have simple policies for ATM cards: You have a four-digit PIN; there is a limit on how much cash can be taken out of the account every day, say $500; and there is a policy that says after three wrong PIN attempts, the ATM annoyingly eats your card, usually on Friday afternoon just before you leave for that weekend in Vegas.
Now, assume the card is lost, and someone is attempting to get money from it illicitly. The chances of guessing the PIN correctly with no extra information (you didn't write the PIN on the back of the card, right?) are 1 in 10,000 for one try, or about 1 in 3,333 for the three tries you get. The hazard is $500, so the risk is about 15 cents. In other words, the bank can be pretty confident that over many thousands of depositors and ATM cards, the cost of this kind of fraud per card is about 15 cents each."
Again, this is about each organization's risk position. What's the percent chance a bad actor will get through my security door and how will that impact my organization?
Slowing Down Bad Actors
Another safety concept here regarding encryption is about slowing down the bad actors. Encryption can allow you to set up several obstacles with the hope that bad actors look elsewhere, give up, or the obstacles buy enough time for you to respond and mitigate the breach.
Getting to an encrypt everything state is really about making the commitment and investing the time and effort. While we have talented and creative people at Kingland, many times it's about accepting the cost for the end result. In our case, it's about the benefit of rigorous security practices which lower security risks that could impact how our clients work in their data-intensive and highly regulated industries.