Uninterrupted Security
Posted on August 29, 2023 • 2 minutes • 315 words
Any system is as reliable as its weakest link. It’s a well-known truism, but often it gets disregarded in the cybersecurity world.
Statistics show that companies spend disproportionately large amounts on authentication and identity tools, while their data still remains unprotected within their security perimeters. Encryption at rest is important, but it only protects data when someone gets physical access to a company’s infrastructure.
Obviously, all important data needs to be encrypted at all times: at rest, in transit, and at work. This means that data must be protected at all stages. This is the main idea of uninterrupted security: keep data protected at all stages with the same level of security, without gaps or weaknesses.
Many systems encrypt data, but then they fail to keep it encrypted when users need to share their data.
We see services claiming to employ zero-knowledge that happily provide the user with a link to an encrypted file and make the sharing of that link the user’s problem. Often, users will email those links to their counterparts, completely unaware of who can access their emails on the sender’s and receiver’s sides.
More advanced users will use WhatsApp or similar software for sharing such links. Again, this breaks the chain of trust. Does the company record who gets access to sensitive data? No, because the “secure” software fails in its promise to keep data secure at all times. Or do the users know how their messenger histories are backed up? Hint: the backups are not encrypted.
The truly secure software must keep its security uninterrupted. If users share sensitive data, the software must keep track of who sends data and who receives it. It must safeguard files, links, and the keys with the same level of protection, no less.
When you are making decisions about protecting your data, ask your vendor whether they provide uninterrupted security. And ask yourself, too.