June 24, 2016 By David Strom 3 min read

An article in The Washington Post called “A Shift Away From Big Data” chronicled several corporations that are actually deleting their most sensitive data files rather than saving them. This is counterintuitive to today’s data-heavy landscape; after all, one of the tenets of the big data movement is to store everything — even data that you feel could compromise your customers or proprietary information that you wouldn’t want to fall into competitor hands.

Handling Sensitive Data

“In Silicon Valley, there’s a new emphasis on putting up barriers to government requests for data,” The Washington Post reported. Firms are trying to place their customer information beyond the reach of law enforcement requests, should they be necessary.

But far from being a shift away from big data, this trend is more about firms becoming more adept at saving their data. It helps that many IT managers are more educated about how encryption works. They understand who holds the keys to their most sensitive data and how it is kept by each enterprise. This is a good thing, mainly because for too long IT managers have tried to educate others in the C-suite about these issues with little success.

Even a few years ago, IT specialists had to do all the encryption key management on their own, which was daunting to say the least. Modern products do a better job of handling this, thankfully, although encryption is still not a cakewalk. But we are more sensitive to how we manage our key infrastructure.

The Most Pressing Data Trends

There are several components to this trend that can be identified as going beyond just growing paranoia. First is that enterprises are looking to own their encryption keys so that even if encrypted data falls into others hands, it can’t be decrypted. Cloudera and Box, among email providers such as Proton Mail and Mailpile, now do this as part of their normal operations.

Similarly, DataMotion can be set up with an option so that no decrypted messages are ever stored locally. Email messages or documents are encrypted at their source before they make their way to the cloud, and the vendor can’t ever decrypt them. There was the case of Lavabit, an email encryption provider. The service closed its doors in 2013 rather than provide its keys to the U.S. government.

Second is a need for metadata privacy. While encryption protocols such as PGP work well at encrypting message bodies, they don’t usually touch the subject lines or addressees, especially when email is read by HTML-compatible services. But a new breed of vendors is more sensitive to metadata collection. This need has driven programmers to work on initiatives such as the Dark Mail Technical Alliance, which offers end-to-end encryption services to the public.

Third, protecting sensitive data is not the same as providing anonymous communication. Most people think they are the victim of a spammer when they receive an anonymous email. Today’s services are more focused on data protection than the anonymizers of earlier eras. Some vendors, such as Mailpile, have gone to great lengths to document how they address their users’ privacy.

Finally, there has been a growing concern that American-based companies are more vulnerable to government requests than businesses operating their infrastructure offshore. Whether or not that is true, a number of international vendors have sprung up with claims that their servers aren’t subject to seizure by the U.S. legal system. For example, Silent Circle and Proton Mail’s servers are based in Switzerland, and Mailfence has its servers based in Belgium.

Where will this lead? Certainly, there will be other legal battles over law enforcement access to encrypted data, but in the interim there are tools that can help protect a corporation’s sensitive data — that is, if those enterprises decide that information is worth keeping at all.

More from Data Protection

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Cost of data breaches: The business case for security AI and automation

3 min read - As Yogi Berra said, “It’s déjà vu all over again.” If the idea of the global average costs of data breaches rising year over year feels like more of the same, that's because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of technologies that can help safeguard data, such as artificial intelligence and automation.IBM’s 2024 Cost of a Data Breach (CODB) Report studied 604 organizations across 17…

Cost of a data breach: The industrial sector

2 min read - Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement.According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost industrial…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today