Leveraging AI and Encryption for Secure Data Analytics
by Ron Powell
Originally published March 26, 2019
This article is based on a podcast Ron Powell conducted with Simon Bain, founder and CTO at ShieldIO. Ron is an independent analyst and industry expert for the BeyeNetwork and executive producer of The World Transformed Fast Forward Series. His focus is on business intelligence, analytics, big data and data warehousing.†
Simon, accelerating analytics is becoming increasingly important in todayís enterprise environment. What are some of the challenges facing enterprises when implementing a strategy to extract more value from their data?
Simon Bain: Thatís a really good question. To me, there are lots of things that people have to do, but there are two main ones. First, they have to know what the data is. There is an awful lot of data out there, and itís easy to say, ďWe need analytics. We need to extract it.Ē So you have to understand what it is youíre trying to get. Second, you need to make sure that you can actually access it and that it is secure.†
What advice would you give to customers that are moving their analytics to the cloud for the first time regarding data security?†
Simon Bain: Encrypt. Itís a very simple answer, one that everyone talks about. Make sure that your encryption is what you think it is. Most of the hacks, generally speaking, come from internal/insider threats. If you look at how much data is stolen each year, itís billions and billions of records from inside. Before I go into the reason for that, Iíll relate a quick story. You see a hack happens, and the company comes out and says, ďItís okay. Itís all encrypted. Itís not a problem.Ē† But in ten minutes itís decrypted and on the dark web. They ask, ďIf itís encrypted, how did that happen?Ē Itís because they have a key store, and the first place a hacker is going to go is the key store. No matter how much security you put in your car, if you give someone the keys to it, theyíre going to drive off with your car. The same goes for your data. If you have a key store, then thatís going to be the place that gets hacked. And all of your data is then gone. So make sure that if you have encryption, you donít have encryption with a key store, especially if youíre in the cloud, because that is where youíre going to have your security threat.
Tell me about your solution and how securing data at the field and subfield level can enhance analytics, data access and security.
Simon Bain: As you might have gathered, we donít use a key store! We have an artificial intelligence (AI) engine that manages the process of encryption. We encrypt to the Advanced Encryption Standard (AES) 256. We have 12 AI algorithms that the system uses to determine how to create a key. It creates the key, encrypts the data, and then destroys the key. Then, when it comes to recreate it, it basically has to go through and hack itself. We have two pieces of information that it uses to try to recreate. I think we have something like 9 trillion to the power of 6 available keys that we can utilize, which are created ephemerally. Now thatís 9 trillion to the power of 6 on one cloud system. Each cloud system has its own unique 9 trillion to the power of 6 that it can utilize.
We donít believe in key stores. That means that you can rest assured that the only way into that system is through someone stealing a user name and password. We canít prevent someone from giving away their user name and password, but with our system, it means that the only data they can get is that one userís data. Theyíre not going to get everybody elseís data, no matter whether theyíre the system administrator or power user. A lot of people are scared about the cloud and they shouldnít be. The cloud is one of the most secure places. The cloud vendors spend billions each year on security.
However, the cloud has one big drawback. If you look at DBaaS (database as a service), for example, you as a company donít get your own database server. Youíre sharing your database server with someone else, which means that your database instance could be on the same server as your nearest rivalís database instance. And, if that database itself isnít encrypted to your specifications, where you are the only ones that have the key, then theoretically the data from the two could combine. Weíve seen that in the past with virtual machines, and DBaaS still has that issue. And there are many companies out there, including ourselves, that are looking at how we can encrypt an entire DBaaS database to a specific instance.†
So with the cloud key stores are bad. Cloud is generally secure, as long as you look at encryption correctly.†
The use of AI is exploding. How can AI be applied to data security and analytics in order to produce deeper insights for an organization?
Simon Bain: AI is really, really good. It enables things to happen in a fraction of a millionth of a second, something the human brain or standard programming couldnít do.†
AI in security, as we use it, works because it enables us to produce trillions and trillions of different formulations for keys, which we couldnít do with standard programming, without AI and without those algorithms.†AI enables security to do things and go places where before it was pretty static. I canít talk about other companies, but I know other companies are looking at AI at the chip level to produce security at that level for organizations. Without the power, the speed, the knowledge base that AI can draw on, and the learning AI can draw on, those things arenít possible.†
Can you share a use case of how this would benefit a large company?
Simon Bain: Iíll give you my simple one. If youíre a large organization with a massive data set and you use outsourcing for your developers, you have thousands of developers somewhere else, and theyíre developing applications for use on your data set. If you have PHI (protected health information) or PII (personally identifiable information) data in there, youíre not allowed to give them that full data set. That means itís very difficult for them to do their job. If you can totally secure the data set and not have to decrypt it for the analytics, they can now use that data without ever seeing the data in the first place, but also without the encryption security getting in the way of what the data actually enables them to do on the analytics side. Thatís a very simple use case, but one in which weíve found going around to various customers is very, very big out there.†
Simon, this has been a very intriguing interview, especially regarding the importance of encryption for data security. Thank you very much for providing us with this insight.
Recent articles by Ron Powell
Copyright 2004 — 2019. Powell Media, LLC. All rights reserved.
BeyeNETWORK™ is a trademark of Powell Media, LLC