How to Implement Defense in Depth

The threat of cybersecurity breaches remains omnipresent for today’s cybersecurity professionals, for whom one false keystroke or under-protected storage location could mean millions in financial penalties, to say nothing of the reputational damage of exposing their organizations and ultimately their customers’ data. As a result, companies are eagerly adopting a cybersecurity strategy in which multiple security controls are layered to protect sensitive data from accidental or malicious exposure – defense in depth.

The need for defense in depth points points to some inherent flaws in what has long been cybersecurity’s favored protection method – encryption. While still a valuable form of protection, today’s cybersecurity climate has exacerbated weaknesses such as complex key management and performance degradation, both of which can contribute to insufficient implementation of encryption. In fact, over half (51%) of businesses and other organizations still do not use encryption to protect sensitive data in the cloud according to a Thales 2019 Global Cloud Security Study.

Even when implemented properly, encrypted data is still stored in a consolidated location, which, when accessed maliciously, is technically vulnerable to being decrypted given enough time and compute power. As a result, organizations are finally looking beyond legacy encryption solutions to modernize security infrastructure, especially as they embrace public cloud computing.

Critical new security controls are being implemented as a complement to encryption in a layered defense in depth strategy. We see this approach used by a number of ShardSecure customers. While for some, Microshard™ technology either replaces encryption altogether or is used to secure previously unprotected data, many of our users layer Microshard technology with existing encryption solutions to provide true defense in depth.

ShardSecure’s Microshard solution breaks data into shards that can be as small as single-digit bytes to eliminate sensitivity, pollutes shards to ensures data has no value and distributes to multiple locations to render data incomplete. Whereas compromised encrypted data resides in a single location, hackers of Microshard data would never have a full set without compromising all storage locations everywhere. It expands the attackers challenge from a time and compute power problem to a time, compute power, and spatial problem.

As a result, ShardSecure’s Microshard solution ensures data zero value and contains no sensitivity in case of breach, cloud misconfiguration exposure or access key theft, providing true defense in depth for cloud storage locations, databases, applications, backup solutions and code repositories. Plus, its ability to implemented quickly, for example in under fifteen minutes in AWS, adds to its appeal as a security layer in a defense in depth strategy.

If you’re interested in learning more about defense in depth and Microshard technology, get started with a product demo here.