Tuesday, May 27, 2014

Surprise! Big vendors don't keep your data particularly secure

As Yozons talks with various companies regarding our U.S. Patent No. 7,360,079, we were surprised to learn how many vendors do not treat their customers' data securely.

I suppose after decades of viruses targeting Microsoft products, Adobe PDF exploits -- heck Adobe's products in general -- Target losing 40 million+ of its customers' credit cards numbers and other personal information, it shouldn't really be a surprise.  We just thought that web contracting vendors would be different.  We were wrong.

Some vendors claim they encrypt their customer data and documents using impressive sounding things like 256-bit AES, but if you read the details, you will find they only do so using HTTPS when your data is transferred over the Internet.  Yes, HTTPS is a key starting point and is fundamental to our patent, but once they store your data on disk, all bets are off.

Some do not make any attempt at encrypting your data when stored.  I guess they just take the "trust us" or "what? me worry?" attitude and are exceedingly cavalier with regard to your data.  Laws surrounding health information (HIPAA), financial information (GLB, PCI) and just plain common sense regarding any sensitive business information (NDAs, trade secrets, competitive advantage) should make data encryption the standard for any service provider that deals in web contracting and electronic signatures.  Rather than let their servers do a few extra calculations to keep your data secure, these vendors choose not to.

Others do at least encrypt the data on disk, but if you read carefully, you'll learn many are using what's known as disk encryption and/or filesystem encryption.  That is certainly a step up over those who don't encrypt at all, but such encryption makes the most sense on laptops and other portable electronics.  That's because those portable devices tend to be lost or stolen.  But larger servers in a secure data center generally don't suffer issues with disk theft.

So what's wrong with such disk/filesystem encryption?  Well, disk/filesystem encryption typically is unlocked during the server boot process.  It's also fully automatic, meaning that when a file is read, it is automatically decrypted, and when a file is written, it is automatically encrypted.  If your database stores its tables and indexes on such an encrypted disk, the data is encrypted automatically when stored, but also decrypted automatically when read.

This means that your data is only secure against physical theft of the disks.  If a hacker gets access to the server, every file the hacker reads will automatically be decrypted.  If a hacker exploits an SQL injection or other web site vulnerability, when it requests data from the database, it's all automatically decrypted.  There's no run-time security whatsoever.  Heck, if they implant a virus on the server, such a setup will dutifully encrypt it just like your sensitive data.

Unfortunately, far too much theft occurs from insiders -- think Edward Snowden for a particularly egregious example against an agency that takes encryption and security seriously.  With disk encryption, system administrators can easily view your data just by running queries or reading files.

While Yozons may be small, we're at least smart enough to keep customer data encrypted before storing it to disk or into the database.  The advantage is that database queries and reading files will return only encrypted data.  If the disks are stolen, the data is encrypted.  Backups are automatically encrypted.  The use of disk encryption helps, but only in limited, far less likely scenarios.

When dealing with sensitive information like Yozons does on a daily basis for its hundreds of thousands of users, Yozons practices what it preaches when it comes to privacy.  Customer documents are alway stored encrypted, as is all of the data populated into forms. Some of the data may not need special security, but we also handle a lot of financial information, human resource information, and other sensitive business communications.

As a vendor, we don't keep your private data "in the clear" to save a few computing cycles.  As a customer, you shouldn't have to worry if hackers or system administrators can sift through your data.  Don't be surprised: read the details and ask questions of your vendors.

No comments:

Post a Comment