Crypto-Risk: Your Data Security Blind Spot

Crypto-Risk: Your Data Security Blind Spot

For many years — almost since the beginning of secure internet communications — data security professionals have had to face the challenge of using certificates, the mechanism that forms the basis of Transport Layer Security (TLS) communications. Certificates facilitate secure connections to websites (represented by the “s” in “https”), and are a core component of verifying the identity of servers, machines, internet of things (IoT) devices, users and access points — and that is just the beginning of a long list of occasions where we use and depend on certificates.


Certificates, encryption keys and the algorithms that they employ to protect data are part of a growing area of discussion: cryptographic risk, also known as crypto-risk.


What Is Crypto-Risk?


Crypto-risk is a metric used to represent how well our data is protected by cryptographic means. To put it in context, experts use “data risk” to represent unmanaged or unprotected sensitive data, and they use “platform risk” or “infrastructure risk” to represent the unmanaged vulnerabilities of a computer, the physical location where it resides or the security of its operating system.


In order to evaluate those risk metrics, organizations use a variety of tools to discover everything from unprotected sensitive data, such as Social Security numbers or credit card information, to unpatched vulnerabilities in their operating systems and applications. Many organizations do not, however, have an effective set of tools for measuring how well their data is protected by encryption. In other words, there is not currently an adequate method of measuring crypto-risk.


To move the science of data security forward, ..

Support the originator by clicking the read the rest link below.