Encryption and microsharding
Q: I already have encryption. Why do I need microsharding?
That depends. Microshard technology may be both a complement and a replacement for encryption, depending on the need.
- Microsharding has no concept of a key, therefore, the process has no key management requirement. This also eliminates a single point of failure as there is no key to be compromised, stolen, or lost.
- Please see our microsharding FAQ to learn how our solution architecture supports high-availability and fail-over.
- Encrypted data is stored in just one location, making it potentially susceptible to theft, unauthorized deletion, tampering, and other malicious activity, including ransomware. Microshard data is distributed making it extremely difficult for an unauthorized user to access a complete set of data.
- Microshard technology was created to specifically protect data at rest in hybrid-cloud and multi-cloud environments. Encryption may be used to protect data at rest, as well as data in motion.
- Microsharding provides organizations the option to microshard data that is not required to be encrypted and encrypted data may also be microsharded.
Q: Can encrypted data be microsharded?
Yes. There are multiple reasons that customers may choose to microshard their encrypted data.
- Microsharding encrypted data provides a deeper level of defense-in-depth protection for highly sensitive data.
- Microshard data is self-healing. This means that Microshard data affected by unauthorized deletion or tampering, including encryption by ransomware, is automatically reconstructed to its unaffected state in real-time.
- Self-healing data also helps improve data resilience. “Missing” Microshard data caused by a cloud storage service outage is similarly reconstructed in real-time to help ensure business continuity.
Q: How secure are microsharding and encryption for cloud storage?
Faster computers can crack encryption, but they won't help an attacker with microsharded data.
- Encryption provides baseline security to keep out the everyday unauthorized user. However, encrypted data may be decrypted with enough time and compute power. Once that happens, the full set of data is compromised.
- With microsharding, sensitive information will be unintelligible even if a storage location is compromised. No single storage container will contain enough data microshards to reassemble, and metadata and other file identifiers are removed to add yet another barrier to unauthorized reassembly.
- Attackers cannot reconstruct microshards without first compromising all storage locations for that data.
Q: How do microsharding and encryption impact latency?
Microsharding and encryption offer different benefits to different deployments.
- For sites with high transaction volume, encrypting and decrypting data takes time, and companies may experience performance degradation and require hardware acceleration.
- Microshard technology does not require any hardware acceleration. It also reads and writes in parallel while sending data to multiple customer-owned storage locations, which can help with performance.
- Based on ShardSecure’s benchmarks, there are scenarios in which Microshard technology improves performance, in which it slightly slows down performance, and in which it does not affect performance.
Q: How will Microshard data and encrypted data be affected by quantum computing?
Encryption may only slow an attacker down. Microsharded data's protection persists over time.
- Encryption is essentially a complex mathematical problem, and full data sets can be decrypted with enough time and resources. This is not a threat for many organizations, but for certain risk profiles, encryption may not be enough to stop a motivated nation-state or well-resourced attacker.
- According to research by the Thales Group, encryption cannot be guaranteed beyond 2042.
- Faster computers — including quantum computers — won't help an attacker with Microshard data, since they can’t reassemble data that they don’t have. An attacker intercepting Microshard data has no way to reconstitute incomplete sets of data fragments, regardless of how strong their computational power is.
Q: How do microsharding and encryption impact data availability?
Microshard technology inherently upholds the CIA triad, including data availability.
- Encryption wasn’t designed to reconstruct data, and it does not inherently protect data availability. When an encryption key or data set is lost, corrupted, or deleted, that data is lost.
- Microshard data is self-healing with a RAID-like ability to reconstruct Microshard data that has been deleted, tampered with, including by ransomware, or is unavailable due to cloud storage service outage. This is all performed in real-time without user downtime.
Q: How are Microshard data and encrypted data affected by ransomware?
Encryption was not designed to include self-healing properties or protect against cloud storage ransomware. Microshard technology’s features help mitigate the impact of ransomware.
- Although encryption provides advanced data protection against certain kinds of cyberattacks, it does not offer inherent protection against ransomware, which itself uses encryption to hold files and systems hostage.
- Microshard technology’s self-healing data and RAID-like ability to reconstruct affected data means that Microshard data containers can be rebuilt when they’re held hostage by ransomware.
- Microshard technology’s multiple data checks detect unauthorized modifications — including cloud storage ransomware — and roll back affected data to its earlier state. Data integrity is built in from the start so that critical data at rest stays secure and available.
Q: Does Microshard technology protect data in motion?
No. Microshard technology was designed to protect data at rest.
- The microsharding process reads and writes Microshard data from and to multiple storage locations in parallel. While this and the nature of Microshard data, itself, do make man-in-the-middle-type attacks more difficult, we do use TLS to secure data in motion.
Q: Does ShardSecure use encryption?
Yes. We use encryption to protect a core component within the application, but it is not used in the microsharding process.
- A single component with our application is encrypted.
- This key is customer-generated and managed. ShardSecure has no access to this key.
- Our solution provides native integration with HSM (hardware security modules) for key management.