Current techniques for protecting data have certain drawbacks. When information is outside of a trusted environment, like a secure network, it is typically protected by encryption in large part because other security measures, such as network IAM and PAC applications, no longer govern use of the information. In current techniques, encryption keys must be present within an application, or revealed or traded by users or via an application, for encrypted data to be useful, thereby potentially compromising protection and confidentiality. Encryption keys can be stolen in a discovery or APT assault, or can be compromised via social engineering or other means. Further, once an encryption key (or password) is shared and the data unlocked, control of the data is lost. Even when data is within a trusted environment, such as behind a firewall or the like, it is vulnerable to attack or misuse, as files are available to anyone with access to their storage location. Protecting information traditionally requires teams of people with expertise in networks, BYOD, telecommunication, servers and applications, integrating them all and coordinating efforts on an enterprise scale to achieve a level of security which nevertheless can be compromised by exploiting flaws and gaps inherent in complex integrations.
Typical data encryption relies on algorithms that run in a predetermined sequence to encrypt and then run in the reverse sequence to decrypt. There may also be a process of moving pieces of data in a static pattern to cloak it, and then reversing the process to reveal the complete, unencrypted file. With this prior-art method, an attacker who understands the encryption algorithm used to encrypt data can break the encryption by reversing the encryption process.
Fully homomorphic encryption attempts to remove the trust aspect of a relationship, making trust between parties an irrelevant factor. For example, one party can send their data to an outsourcer for storage or processing without trusting what the outsourcer might do with it, as the outsourcer is only given access to an encrypted version of the data to perform processing that does not require decryption. However, fully homomorphic encryption is too cumbersome to be practical.
Another traditional technique for protecting data is the use of dynamic controls. Dynamic controls are application dependent, such as password protected PDF files generated and used by document viewing and editing software produced by Adobe®, or the like. Traditional dynamic controls are dependent on the application or reside within an application. Rules are executed by the application. While also dependent on a key (password) exchange as given above, another drawback to this method is that application-dependent rules may be overridden (as in the example of a protected PDF opened with Adobe® Acrobat®) or, a developer could write an application that ignores the rules imposed by the authoring application.
Accordingly, what is needed is a data assurance solution that is self-protecting and self-governing, that is less dependent on keys and passwords for authentication, on predictable reversible encryption sequences for protection, and on external applications for execution while remaining functional and efficient both within and outside the secure environment, both for data at rest and in transit.