It’s not as hard as you might think

I was reading an article from ITWorld this week that touched on the recent data breach at the South Carolina Department of Revenue. While I find this type of thing fascinating, I also find it scary when someone says something like this:

“The industry standard is that most SSNs are not encrypted… A lot of banks don’t encrypt, a lot of those agencies that you think might encrypt Social Security Numbers actually don’t, because it is very complicated. It is cumbersome and there’s a lot of numbers involved with it.” – South Carolina Governor Nikki Haley

Statements like this are akin to my kids saying they don’t want to do something because it’s hard.  Far be it for me to pass judgment on the State and its security practices, they are what they are, I’m talking more about the concept that encryption is hard, complicated, cumbersome and other such nonsense. It’s not.

[Dear South Carolina Department of Revenue, we have a neat little product that might be able to help you with the difficulty you’re experiencing in encrypting your constituent data and will send a representative ASAP to walk you through the value of our data protection offerings.]

But getting back to the complexity of encrypting and securing data, it really isn’t that hard. With the onset of technologies like AES-NI, SEDs and the general improvements in OS performance and processor speeds encryption is nowhere near as ‘cumbersome’ as it was 5 years ago. And yes, there are a lot of ‘numbers involved with it,’ mostly to do with encryption strings, keys, key files and other millisecond transactions that encryption solutions do to secure data – all of which are completely transparent to the user.

Now, one thing that really stands out in all of this is that the State is stepping up and offering free credit monitoring to those affected for one year. In looking up the costs associated with credit monitoring (Equifax, Identity Guard) it ranges from $9 a month to $20 a month. Let’s assume that the State received a deal and are only being charged $5 a month per user. If every one of those 3.6 million affected people sign up for the service, that will cost the state $216,000,000. That’s nearly a quarter billion dollars.

As it stands, only approximately 287,000 people have signed up for the service to date. That may cost the state a paltry $17,220,000 but likely a lot more as more people realize they’re affected.

Now think of this from a business perspective – If you lost that many customer records… and had to make the same offer to offer peace of mind to those customers to ensure you KEEP them, could your business afford, at minimum, a $20 million hit?

A data encryption solution like SecureDoc would cost exponentially less to implement. Guaranteed.

Previous Post
Windows 8 is here! Now what?
Next Post
The importance of partners

Related Posts

Last Day Exhibiting At Interop

Today is the last day we will be exhibiting at Interop – New York. Come by and visit Booth #548 to learn about the latest in our data encryption solutions. We have specialists on hand who can answer any of…

Security Mistakes To Avoid in the Office

Security is not only a concern for your devices, but should is also in your work space. Each employee is guilty of one or more bad security habit; after all, you’re in the office and feel that your sensitive information…
Read more

Keeping the random in RNG

Earlier this week my colleague Garry talked about his experiences attending the TCG conference recently and the ‘hallway talk’ about the NSA. It raised some good observations and had me thinking about a recent blog from the NY Times about…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 0 seconds