Confusion from ambiguous security terminology leaves unwitting users and confidential data in jeopardy.
Austin, Texas (PRWEB) November 30, 2011
In a paper released by MerlinCryption LLC, Prem Sobel CTO, exposes critical misconceptions about the three commonly noted ‘states of data’ and identifies a ‘fourth state of data.’ The paper advocates that understanding the independent behavior of the newly defined Data-in-Change and demarcating it from Data-in-Use is essential to data protection.
The controversy surrounds that much of the Data-in-Use and End-Point Security lexicon implies that unencrypted data, when in use at an end-point, is secure.
“While data can be protected from many serious threats, it cannot be adequately secured against malicious employees, root kits, or screen capture malware,” reports Sobel “The current literature is muddled and definitions are nebulous regarding Data-in-Use. This broad-brush deficiency not only makes it difficult for security providers to effectively identify conditions for Data Loss Prevention (DLP), but more critically, confuses the actual margin of risk for the user."
Current security discussions regarding encryption typically define Data-at-Rest, Data-in-Motion, or Data-in-Use as the three states of data. Sobel proposes that to more accurately describe encryption solutions, a new definition is required.
The publication reviews the definition of data and presents two new ways to look at the behavior of data: data on a Static Axis and data on a Dynamic Axis. It states that Data-at-Rest and Data-in-Motion represent data with unchanging content and can be directly encrypted; even when transported, no user or computing device is accessing it for “use.” The report then defines Data-in-Use as opening, viewing, and reading a document or file, viewing a database query result, or viewing search results.
“While some security solutions protect data when it is opened and viewed, we must assume the changing data is vulnerable in its unencrypted state, no matter how short in duration or restricted in its exposure to being copied, at an End-Point.” Sobel submits, “To overcome this precarious gap, it is necessary to explicate the existing data state, Data-in-Use, and distinguish Data-in-Change as a new ‘state’ of data.”
Sobel explains that Data-in-Use and Data-in-Change at some moment in time, reside at an End-Point where the data is either accessed only, or is changed and saved, and that Data-in-Use can be encrypted up until it reaches its End-Point.
The publication differentiates Data-in-Change as data that is being created for the first time, altered totally or partially, destroyed, deleted, added to, or modified in any way. Data-in-Change resides at an End-Point and at some point in time storage media needs to be altered to record the change.
Sobel proposes that Data-in-Use is different: by this revised definition, storage media is never altered in the Data-in-Use state and that a new distinction is necessary within the encryption field to educate users and improve overall Data Loss Prevention solutions.
About Prem Sobel
Prem Sobel is Chief Technology Officer at MerlinCryption LLC. Graduating with honors with a B.S.E.E. Electrical Engineering from Pratt Institute, and M.S.E.E. Electrical Engineering from California Institute of Technology, Mr. Sobel holds four patents in CPU Architecture.
About MerlinCryption LLC
A software technology company in Austin TX, MerlinCryption LLC develops invincible data security solutions that combine powerfully robust encryption products with surprising affordability and functional ease.
Leading edge MerlinCryption technology secures data-at-rest and data-in-motion, and pioneers innovative products to protect data-in-use and data-in-change. The unprecedented encryption protects file, email, instant messaging, password, and broadcast data as it is created, viewed, edited, shared, stored and moved around the Internet and around the world. Experience how MerlinCryption architecture is changing the way the world protects data.
# # #