It’s not as hard as you might think

I was reading an article from ITWorld this week that touched on the recent data breach at the South Carolina Department of Revenue. While I find this type of thing fascinating, I also find it scary when someone says something like this:

“The industry standard is that most SSNs are not encrypted… A lot of banks don’t encrypt, a lot of those agencies that you think might encrypt Social Security Numbers actually don’t, because it is very complicated. It is cumbersome and there’s a lot of numbers involved with it.” – South Carolina Governor Nikki Haley

Statements like this are akin to my kids saying they don’t want to do something because it’s hard.  Far be it for me to pass judgment on the State and its security practices, they are what they are, I’m talking more about the concept that encryption is hard, complicated, cumbersome and other such nonsense. It’s not.

[Dear South Carolina Department of Revenue, we have a neat little product that might be able to help you with the difficulty you’re experiencing in encrypting your constituent data and will send a representative ASAP to walk you through the value of our data protection offerings.]

But getting back to the complexity of encrypting and securing data, it really isn’t that hard. With the onset of technologies like AES-NI, SEDs and the general improvements in OS performance and processor speeds encryption is nowhere near as ‘cumbersome’ as it was 5 years ago. And yes, there are a lot of ‘numbers involved with it,’ mostly to do with encryption strings, keys, key files and other millisecond transactions that encryption solutions do to secure data – all of which are completely transparent to the user.

Now, one thing that really stands out in all of this is that the State is stepping up and offering free credit monitoring to those affected for one year. In looking up the costs associated with credit monitoring (Equifax, Identity Guard) it ranges from $9 a month to $20 a month. Let’s assume that the State received a deal and are only being charged $5 a month per user. If every one of those 3.6 million affected people sign up for the service, that will cost the state $216,000,000. That’s nearly a quarter billion dollars.

As it stands, only approximately 287,000 people have signed up for the service to date. That may cost the state a paltry $17,220,000 but likely a lot more as more people realize they’re affected.

Now think of this from a business perspective – If you lost that many customer records… and had to make the same offer to offer peace of mind to those customers to ensure you KEEP them, could your business afford, at minimum, a $20 million hit?

A data encryption solution like SecureDoc would cost exponentially less to implement. Guaranteed.

Previous Post
Windows 8 is here! Now what?
Next Post
The importance of partners

Related Posts

The CES of Security Events

Much like January marks the annual tradition of consumer electronics companies embarking on a trip to Las Vegas for the mother of all technology tradeshows, February is the time of year all security companies gather together in San Francisco for…

Think Safety, Stay Secure

Safety is one of the most important aspects today – for people, for organizations, for governments and for countries. There is a lot of talk around the safety of people in general and data, which is critical to businesses. (more…)

The value of SEDs

Secure but expensive. That’s been the traditional spin on Self Encrypting Drives (SEDs). That however, is changing and quickly. (more…)
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
 
Contact Us
 

This will close in 0 seconds