Page 28 - Cyber Warnings
P. 28
The data lifecycle is complex and extends beyond the container and application, into offsite
backup services, cloud analytic systems, and outsourced contractors.
Data-centric security – a proven approach
Recent advances in data-centric security techniques protect data no matter where it resides,
how it is transported, and even how it is used—without increasing complexity and without
requiring massive application changes, or impeding mission performance.
An essential part of a layered-defense security strategy, data-centric security includes
encryption, tokenization, data masking, and enterprise key management techniques to help
effectively protect data from the moment it is ingested, through analysis, to backend storage.
In the private sector, Format Preserving Encryption (FPE) is the main data-centric approach that
helps reduce exposure of personal data to cyber thieves or internal threats.
Format preserving encryption (FPE) – Neutralizing data breaches
Format-preserving encryption (FPE) makes it far easier and cost effective for organizations to
use encryption. It is critical in protecting sensitive data-at-rest, in-motion and in-use while
preserving data format. Traditional encryption methods significantly alter the original format of
data.
For example, a 16-digit credit card number encrypted with AES produces a long alphanumeric
string. FPE maintains the format of the data being encrypted so that a social security number or
birth date still look like a social security number or birth date when encrypted. That usually
means no database changes and minimal application changes.
FPE enables government organizations to de-identify sensitive personal data without
extensively revamping existing IT infrastructure. With FPE, even if a security system is
breached, the data is worthless to attackers because it’s encrypted.
However, because the encrypted data looks like the real thing, analysts can still use it to identify
patterns, and run queries without decryption. It also allows data to be mobile so it can be moved
between systems and shared.
NIST validation brings FPE to government
In 2016, the National Institute of Standards and Technology’s (NIST) released the AES FF1
Format-Preserving Encryption (FPE) mode standard that makes encryption easier using an
approved and proven data-centric encryption method for government agencies and contractors.
28 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
