According to IBM (“Cost of Data Breach Report 2021”), “organizations using high standard encryption (using at least 256 AES encryption, at rest and in motion), had an average total cost of a breach of $3.62 million, compared to $4.87 million at organizations using low standard or no encryption, a difference of $1.25M or 29.4%.” But even the “high standard encryption” failed to stop data breaches. The reason? Quality of implementation matters and fragmented encryption doesn’t add up as a whole because it leaves attack surfaces behind when data is accessed.
For example, data stored on the cloud is encrypted, but when data is accessed by a user from an end device, a local copy on the end device is created and it is not encrypted. As a matter of fact, nearly all the data on end devices are not encrypted at rest when a device is running, and neither are emails and attachments.
Data stored on some servers may be encrypted, but when the same data is used on a different server for another application, e.g. machine learning, they are not encrypted at rest on the new server because the encryption works only on the server that stores the data.
Therefore, encrypting data on some devices but not others creates vulnerable attack surfaces. For enterprises, those attack surfaces are large enough to cause data breaches and inflict server damage.
UDS presents an entirely different solution that leaves zero attack surface. With UDS, data is encrypted as soon as it is discovered and transformed into APFX format, and remain encrypted through its entire life cycle. When APFX data is moved to other devices, it remains encrypted. When a user or application accesses APFX data, the UDS client app obtains permission from the UDS cloud after policy verification and decrypts the data to the intended application only. It clears the cache as soon as it is no longer needed and doesn’t leave behind clear data on the device.
Not only are the increasing attach surfaces a cause of concern, but the encryption technology itself is also facing challenges as the chip capabilities, especially quantum-computing, advance rapidly. If the data encryption keys or access control data are protected by RSA (public/private key encryption), they are vulnerable to attack by a quantum computer in a decade or less. In fact, experts warn that attackers today are hoarding encrypted data to be harvested in the future.
UDS pioneered a quantum-computing proof encryption scheme to ensure the data safety in the age of the quantum computer. UDS protected data doesn’t have keys or access control data attached, and UDS doesn’t use RSA or other asymmetric encryption in any data-related encryption. Furthermore, UDS gives each data a unique, maximum length, random symmetric key. So to break the UDS data, the attacks must attack each and every data repeatedly which makes breach of UDS data impossible, even with future quantum computers.
Interested in learning more about how APF can help your organization’s data protection and cyber privacy needs?