FAQ: ShardSecure’s Agentless File-Level Protection
Q: How safe is sensitive data?
A: Much less safe than people imagine. One study shows that 83% of security professionals believe that sensitive data has been accidentally exposed at their organization. Another revealed that only 5% of a company’s folders are protected.
Q: Why does unstructured data need protection?
A: Unstructured data makes up at least 80% of all enterprise data, and it’s growing at a rate of 55 to 65% annually. This is four times faster than structured data — and yet unstructured data is still underserved in the encryption space.
Because of how it’s stored, the privacy of unstructured data is reliant on the filesystem or the storage service it resides in. This creates privacy issues, as infrastructure administrators — including cloud storage providers, local storage admins, server admins, and more — will always have access to it.
Q: What role do agents play in file-level encryption?
A: Agent-based file-level encryption (FLE) has traditionally been the way that companies have protected their unstructured data. This method involves installing agents, or software code, onto each device, server, and client system that will be handling protected data. The agent is typically tied to a certain folder or file, and it controls the access to those files.
Q: What problems do agents cause for DevOps teams?
A: Agents can be slow, difficult, and resource-intensive to manage. It can be challenging to install, configure, and maintain them on each device and server that requires file-level protection.
Just as importantly, agents can introduce a significant performance drawback — anywhere from 5% to 40%. While there’s normally some tradeoff between performance and security, agent-based FLE can be particularly slow because of the CPU required for constant encrypting and decrypting.
Lastly, many modern tools and services were not designed to have agents installed on them. New architectures like blob storage, S3 storage, K8s containers and many other cloud offerings often do not support the installation of software code to manage unstructured data. So traditional agent-based solutions just don’t work in some environments.
Q: What other problems come with traditional file-level protection?
A: File-level encryption has long been the gold standard for data protection. But, as we mentioned in the previous question, it’s resource-intensive. The constant encryption and decryption of data often affects the performance of applications and slows down operations.
Additionally, traditional encryption approaches don’t offer data resilience. Encrypted files can still be lost during outages or tampered with and deleted in ransomware attacks.
Q: How does ShardSecure’s agentless solution work?
ShardSecure uses modern cryptographic solutions to protect data without leveraging any servers or endpoints. Unlike agent-based performance drawbacks of up to 40%, we introduce little to no performance drawback, and our low latency and fast throughput sometimes even improves performance.
Our API-based abstraction layer sits between your application and your infrastructure, where it performs advanced file-level protection. Data on end devices can be accessed exactly as usual, with no changes to data flows or user behaviors, and agents are never required.
Q: How does ShardSecure provide advanced data privacy and protection?
A: Our technology prevents third parties from reconstructing data in on-prem, cloud, and hybrid- and multi-cloud environments. By splitting data into very small pieces (microshards) and then distributing those containers to multiple customer-owned storage locations, we ensure that data is unintelligible to all unauthorized users.
Even in the highly unlikely scenario that someone is able to gain access to all the microshards from every storage location for a given data set, that data still cannot be reassembled.
- Our technology strips file content, filenames, file extensions, and all other metadata, meaning that there is not enough identifying information for reassembly.
- Our technology allows organizations to add a configurable amount of poison data to their real data.
- Our solution also requires multiple components to be used in concert with both each other and the complete data set for reassembly, meaning that it’s not possible for an unauthorized user to deploy their own instance of ShardSecure to reconstruct data.
Q: How difficult is it to implement ShardSecure?
A: ShardSecure is quick and seamless to integrate, with only one line of code change needed to get started. It’s also easy to manage, with “set and forget management.”
Our technology functions transparently, so workflows remain the same for users. It is vendor-agnostic and works in the background as a zero-downtime event without the overhead and complexity of traditional file-level encryption.
Q: ShardSecure provides strong file-level protection. What else does it do?
A: Quite a lot. Our technology was designed to provide advanced data security while keeping control in the hands of data owners. It can:
- Neutralize ransomware in the cloud, including the threat of double extortion.
- Support compliance with cross-border data regulations like the GDPR, Canada’s PIPEDA, Japan’s APPI, and Brazil’s LGPD.
- Offer unbeatable data resilience in the face of outages and attacks with self-healing data, virtual clusters, and high availability.
- Provide secure cold-storage migration from on-premises to the cloud for cost savings.
- And more.