As we move into another new year, there is an unfortunate sense of déjà vu – existing approaches to securing applications and infrastructure have been ineffective. The harsh reality is that despite an over-abundance of cybersecurity solutions, there haven’t been any real breakthroughs in preventing data breaches to date. Given all the talent in the industry, this is fairly alarming!
Most approaches to application security rely on either isolation or detection, but neither seem to seal the gaps that attackers continue to exploit. To make matters worse, applications are running on increasingly complex infrastructure including cloud computing and face a broader attack surface. There are just too many entry points for threats to seep into the application’s runtime environment. As we have seen recently attacks, breaches and identity theft are at an all-time high. What are we as an industry going to do differently in 2018?
At Fortanix we focus on Runtime Encryption. Runtime Encryption is a class of security solutions that keeps data encrypted even when in use by applications. During our year-long customer survey and research process, we identified a need for securing three different types of assets:
- Keys (including PKI certificates, account credentials, API tokens, etc.) – these are the most sensitive and sought after assets of an enterprise.
- Data — infrastructure applications might consume or generate a variety of sensitive data, including PII, healthcare data, financial data, or critical configuration data.
- Applications — applications may contain proprietary and sensitive code that organizations want to protect from reverse engineering or unauthorized access.
We believe organizations need deterministic security that delivers on 3 important attributes: Provable, Portable and Preventative. Why? Here’s more:
- Critical infrastructure and applications need security that is provable— that works flawlessly all the time by keeping your apps and data encrypted and protected from all external threats.
- Security should be portable— able to follow the applications wherever they run, either in public cloud or on-premises
- Lastly, it’s not enough to be reactive and alert an overwhelmed SOC team that the proverbial horse is about to leave the barn or has just left the barn. Security must be preventive— it must not allow sensitive assets to be compromised in the first place.