We were thrilled to have the opportunity to educate over 800 cybersecurity and compliance professionals last week when we partnered with ISACA to host a webinar about Microshard™ technology as a defense in depth approach for data at rest. ISACA®, or “Information Systems Audit and Control Association”, serves over 145,000 members and enterprises in over 188 countries to promote effective governance of information and technology through their enterprise governance framework, COBIT®.
While encryption has been last line of defense for securing data for decades, its implementation on cloud infrastructure has resulted in unprecedented levels of data exposure. One wrong click can result in a major cloud data breach in today’s increasingly cloud-centric landscape. In the webinar last week, the ShardSecure team and ISACA board member Rob Clyde discussed how Microshard technology should be considered by security and compliance professionals in building defense in depth for data at dest in the cloud and on premises. The ShardSecure team went on to provide detailed use cases of Microshard technology in action, including the implications of use in common cloud data breach and software supply chain hack scenarios.
Microshard™ technology uses a shred, mix, distribute approach to eliminate the sensitivity of data to ensure true security and privacy for organizations and the customers they serve. Challenges such as key management and performance degradation are well known to encryption users, and are part of the reason large percentages of data, especially in the cloud, remains unencrypted and vulnerable to breach from common occurrences like misconfiguration. Even when implemented correctly, though, encrypted data at rest still contains sensitive information and remains whole and in a single location should someone seek to access and unscramble.
Microshard technology provides a critical failsafe: first breaking data into fragments as small as single-digit bytes, before mixing and polluting with false shards, then distributing to numerous locations that can include multiple cloud providers and on-prem locations. As a result, Microsharding completely eliminates the sensitivity of data in the storage area and reduces the attack surface. While sharding has been used in different applications, Microsharding is the only known solution capable of breaking data into bytes that can be as small as four megabytes before mixing and distributing – all without performance degradation.
Some interesting statistics came out of the webinar from 463 attendees who participated in the polls. Only 13% of respondents had heard of Sharding or Microsharding at the beginning of the webinar. However, attendees quickly grasped the power of Microsharding to reduce data sensitivity and make data secure during the one-hour webinar. At the end of the webinar, less than half of the respondents (48%) disagreed with the statement “Microsharding Reduces the Scope for Compliance or IT Audits of Storage Location” and only 52% of respondents definitively answered “yes” to the question, “If Microshard Data Is Publicly Exposed or Stolen via Cyber Attack, Should it Be Reported to Regulators and Subject to Fines?” Interesting food for thought for compliance and audit professionals and regulators worldwide.
If you’re interested in learning more about how Microsharding can provide true defense in depth and want to see the technology in action – check out the full webinar here!