It feels like data breaches happen in the news everyday. Even major password managers such as LastPass meant to secure accounts seem to suffer them at a disturbing regularity. It's not just a feeling, 2022 roared off with a 14% increase in breaches Q1, mirroring increasing trends.
For “83% of companies, it's not if a data breach will happen, but when.” The data breach costs $9.44M on average in the United States.
Increasing data breaches are “partly the result of the rising availability of data due to the increase of digital products.” Unfortunately, data breaches can harm people and companies in areas such as intellectual property theft, stolen financial information for fraudulent transactions, and even in areas of personal safety like stalking if a bad actor has the information to exploit.
Data breaches happen for many reasons, either intentionally through malice, including inside jobs, or unintentionally through mistakes or negligence, for example if someone loses a laptop that has access to a network or if security protocols are not followed. In any case, it's clear existing security paradigms don't protect data sufficiently.
We at Cape Privacy believe that encrypting data before it leaves the source will add an additional layer of armor. We believe in Encrypting Everything Everywhere. For example, if data from a group of sensors or a pool of partners is being combined, that data would be encrypted prior to centralization. Even if your cloud is breached; it won't be readable.
Today, encryption is difficult and a specialized skill. It's also a practice area that is centralized, for example, around a DevSecOps team or a security function. Effectively, this means that encrypting large amounts of data is near impossible at most organizations, let alone how to utilize that encrypted data.
What if we could Shift Left on Encryption? What if any developer could encrypt data client-side or before it traverses through different processes in an organization?
It can be almost impossible to know what data moves through what pipelines at the quantities today data can be transferred if there’s sensitive information. Encryption would secure all that data on the move and processing that data could be specified to only a particular secure environment or even a particular operation within that environment.
Image from: https://devopedia.org/shift-left
Shifting Left in software often refers to testing earlier in the software development life cycle rather than at the end. This means catching issues in the earlier stages of development versus testing at the end and avoiding cascading problems down the chain. Shifting Left means changing that sequence from the end to earlier in the process resulting in a higher-quality code base and product. The downstream benefits include cost savings and higher customer satisfaction.
There have also been trends to Shifting Left or starting earlier in the process in deployment, design, and security. At Cape, we increase security by Shifting Encryption Left.
Today, protecting data and related policies organizations often fall under DevSecOps functions. Developers who want to encrypt data in many companies either don’t know how or have to file a ticket for a key or a request to be completed, which effectively means weeks if not months of waiting time for fulfillment while development remains stalled.
With cape encrypt, any developer could encrypt data before it leaves the source. As with the Shift Left paradigm in testing, we Shift Security Left into the hands of any developer working with data to protect that data. That data can only be processed in a specific secure enclave. We can go as far to specify that data can only be used by a particular model or function. Therefore, the consequences of losing data lineage and track of data along any number of nodes and protecting that data are mitigated.
When Encryption Shifts Left, organizations can worry less about privacy being compromised even in the event of a breach because the encrypted data will be unreadable. By Shifting Left, developers become an active part of protecting data in the value chain. Data is protected at-rest, in-transit, and in-use. If you’re concerned about intellectual property, aka your applications or models, they are protected as well.
In the Cape model, because data is encrypted and can only be processed for a particular purpose, this opens up data collaboration opportunities and using data previously thought to be too sensitive to transport could be used to bring value to organizations in AI/ML workloads. Even if a data breach occurs, the encrypted data will not be readable. Empowering developers to encrypt client-side or at the source means faster time-to-value and protecting data.