Protecting Vital Data by Assuming the Worst

By Admiral James Stavridis, USN (Ret)

 

From commanding Aircraft Carrier Strike Groups in combat deployments to the Arabian Gulf to becoming the Supreme Allied Commander at NATO, I have been focused on geopolitical security issues for the entirety of my career. I have always endeavored to keep my finger on the pulse of threats to national security – and to work towards finding solutions to these threats as they evolve.

 

Currently, a good portion of my attention is squarely on cyber security. The reason: of all of the security threats faced by the U.S., only cyber threats cut across every level, from the vulnerability of vital military strategic assets to our personal day-to-day cyber infrastructure. Part of the reason for this is that the ‘threat surface’ – i.e., the number of devices connected to the internet – is expanding exponentially. And part of it is an unfortunate complaisance by the very companies holding data vital to the corporate infrastructure of the American economy.

 

Perhaps nowhere is the cyber security threat more visible, more tangible, than with regard to businesses – including those meant to keep our very identities secure. As we witness one high profile breach after another, it is clear that companies must do their part to make America safer, by protecting their own data. This starts – but certainly doesn’t end – with encryption of emails and documents. Seem like a “no-brainer” for business? The stats say otherwise: over 95% of the seven billion records breached since 2014 were not encrypted1. And for those businesses that do encrypt, the outlook isn’t much better:  54% of businesses don’t know the location, ownership or use of their encryption keys and certificates2.

 

Part of the problem is the types of encryption currently applied by businesses: most IT systems only encrypt traffic to and from the server.  Once on the server, all user information is decrypted — because the servers are where user information is processed.  The problem is that if the server can see user data, anyone who attacks the server can see it as well.  End-to-end encryption turns the traditional server paradigm upside down.  The server never sees raw user data; it only operates on encrypted data.  Decryption only happens on the user’s phone or computer.  So if the server is breached, the attackers can’t see the plan user data, only gibberish.  What can we do?

 

The first step is to admit our vulnerability.  We must assume that we WILL be hacked.  As the saying goes, there are only two kinds of companies – those who have been penetrated, and those who just don’t know it yet.  We must find solutions that create a security architecture that provides end-to-end encryption. The ONLY time date should be visible in a useable format is when you open it on your device.

 

Then there’s the issue of passwords – a security paradigm that is, frankly, obsolete. Hackers often rely on users’ bad habits: most of the passwords used by individuals to access multiple online accounts are the same or very similar for 39% of Americans3. This means that thieves can rely on already-stolen login information to attempt to breach additional accounts. The lesson: passwords are an inherently flawed way to protect important data. Much better to rely on extremely strong cryptographic keys stored locally on user devices, not easily guessed passwords, to facilitate user access to encrypted information in the cloud.

 

In addition, because even the most thorough encryption method is useless when it isn’t used, we need to remove the “encryption theater” (pop-ups, log-ins, etc.) endemic to many current encryption approaches. Users can then send secure emails as easily as regular emails. There is no special email or domain required, so users are identified by their regular email address.

 

Recent high-profile breaches have clearly demonstrated the vulnerability of central points of attack. In fact, most organizations have the concept of a “super-user” or “administrator” who can access all information in the system.  It is important to have trust that is not centralized, but rather, distributed amongst a set of administrators or users. This avoids centralized points that can become targets for attackers.

 

If we can decentralize trust, no one person within an enterprise – whether they’re hacked from the outside, or are themselves an insider threat – can bring the entire business down.  This de-centralized trust takes the form of “Approval Groups,” which can be set up to require x out of y people to agree before a privileged activity can occur. Approval groups are enforced cryptographically, not by using business logic on the server; therefore an attacker cannot force approvals by taking over the server.

 

Only by combining those three ideas can we effectively protect vital data.  After searching for several years for a company capable of creating this kind of solution, I have decided to join the board of directors of PreVeil. The company’s leadership, CEO Randy Battat and Chairman Sanjeev Verma, along with CTO Raluca Ada Popa, have a perspective on cyber security that I believe is vital to protecting businesses: ensuring protection of data under the assumption that a hack will occur.  We are moving to market with this solution, and I believe it is the kind of technology that can revolutionize data protection – something deeply needed for our increasingly interconnected world.

 

Admiral Stavridis served as the 16th Supreme Allied Commander at NATO.

 

 

1 July 2017 IBM study

2 Hewlett-Packard study, February 2017

3 2017 Pew Research Center study