Blog

Vaccine hacks shed spotlight on data privacy and security

Written by ShardSecure | July 28 2020

Cloud’s remote accessibility and scalability, along with the many SaaS products teams must employ to keep work moving forward remotely, have produced a significant global increase in the volume of sensitive data now being sent and stored via public cloud.In fact, Microsoft CEO Satya Nadella was quoted in April stating, as detailed by the Financial Times, “this year’s crisis has already brought two years of transformation in two months.” The article outlines further evidence of soaring cloud adoption by reporting, “Both Microsoft and Amazon, which run the two biggest cloud platforms, have seen their stock market values propelled about $1.5tn on hopes that this points to a lasting shift.”

Recently, Europe’s largest lender, Deutsche Bank, signed a long-term partnership with Google Cloud. In a joint release, the organizations described the minimum ten-year agreement as both a cost-cutting and revenue-generating endeavor. Deutsche Bank joins fellow financial giant HSBC, who brought their business to Google Cloud to accommodate massive influxes in their data burden and to capitalize on the flexibility cloud for agile DevOps initiatives. HSBC employs a multi-cloud strategy and recently announced they have also partnered with Amazon AWS as part of a broad cost-cutting initiative.

Still, with all the flexibility of cloud, not all data is created equally when it comes to the risk vs reward of embracing public infrastructure. The security and privacy concerns that have long forced organizations such as global financial institutions to be wary of the cloud remain, and it is with reluctance that organizations consider moving, for example, personally sensitive data there.

A Spotlight on Highly Sensitive Data

Personal financial data is not the only data type whose sensitivity poses unique privacy challenges to the organizations tasked with managing it. The global pandemic has also shone a spotlight on another type of highly sensitive data: vaccine research and associated medical records. As scientists across the globe search for a Coronavirus cure, data privacy and security have become a challenge all their own.

The U.S. recently accused two Chinese hackers of targeting vaccine data as part of a broader, yearslong global cybertheft campaign that also targeted defense contractors, high-end manufacturing and solar energy companies. The targeted industries, of course, have in common the burden of managing highly sensitive data. The need to eliminate data sensitivity and maintain complete privacy is of paramount importance, and is only heightened by the urgency with which nations across the globe are pursuing any information that could help lead to a cure.

Eliminating Data Sensitivity, Achieving Absolute Privacy

In the case against the accused Chinese hackers, F.B.I deputy director David L. Bowdich explained that suspects targeted hundreds of computer networks around the world and caused unnamed companies to lose hundreds of millions of dollars of intellectual property. The hacks were particularly damaging because of the ability of the attackers to pinpoint and steal especially sensitive, valuable data.

Coupled with the pandemic’s role in accelerating cloud adoption even for organizations dealing with sensitive data, the theft of vaccine data is further highlighting the need for security solutions that address the sensitivity of data on backend infrastructure. Technology leaders across the globe should be looking for ways to achieve true privacy by eliminating the sensitivity of the data itself, rather than just relying on legacy encryption-only solutions.

Microsharding Data

Microsharding™ breaks data into tiny fragments pieces, which are then polluted with false shards and distributed to multiple locations in the cloud and/or on-prem, such that the data is rendered completely meaningless to hackers. Even if accessed maliciously, data is incomplete, unreadable and therefore protected. Data is also separated from privileged administrators including third party cloud providers, ensuring users can also achieve Zero Trust.

An attacker intercepting Microshard data has no way to put the pieces back together because they will always have an incomplete set. This is contrasted with encryption, in which the full set of data is compromised and needs to be unscrambled. Unscrambling data requires time and compute power. Reconstituting data fragments requires most or all of the data fragments, something the attacker cannot obtain without compromising all possible storage locations everywhere.

As such, ShardSecure turns the attacker’s challenge from a time and compute power problem to a time, compute power and spatial problem. Encryption may slow an attacker down, but Microshard data protection persists over time. Faster computers won’t help an attacker, not even quantum computers, as the hacker does not even have possession of the data to unscramble.

In addition to eliminating data sensitivity and ensuring privacy, Microshard™ data can have additional compliance-related cost benefits, as the financial burden of storing sensitive data no longer appliance once sensitivity is eliminated.

As 2020’s unique circumstances continue to highlight both the extreme benefits and risks of being able access highly sensitive data from anywhere, there are likely to be more instances of it being maliciously stolen or accidentally exposed. Fortunately, organizations are already beginning to update their security and privacy strategies, using technology like Microsharding to eliminate data sensitivity and eradicate the consequences of theft or exposure altogether.