Recent reports that the Healthcare.gov web site may be leaking sensitive information provides another example of why absolutely all sensitive information should be encrypted and encrypted as early as possible, according to Luther Martin, chief security architect for Voltage Security.
Martin says:
“It is virtually impossible to find all of the ways in which sensitive data can be inadventently leaked, so it is probably not worth the time and effort that it can take to try to find and address such vulnerabilities. A better approach is to de-identify all sensitive information by using technology like encryption. Approaches like Voltage Security’s Page-integrated Encryption allow this to be easily done on web pages that handle sensitive information and make implementing such a data-centric approach to protecting sensitive information both possible and easy.
Free Cyber Security Training! Join the revolution today!
“Once the sensitive information in encrypted, it’s of no value to hackers: even if they somehow manage to get their hands on it, it’s useless gibberish to them. This can be the difference between a hacker getting information like “parent=&pregnant=1” and getting information like “nebrneeanepevayspn.” One leaks sensitive information while the other does not. And because it’s also possible to use techniques like Voltage Format-Preserving Encryption to keep the encrypted data in the same general format as the sensitive data that it’s replacing, it’s easy to integrate this approach into existing applications in a way that lets them handle the encrypted data just like they were handling the unencrypted data.
“The bottom line is that the technology that could prevent leakage of data like what’s happened at Heallthcare.gov exists today. It’s now just a matter of using it.”
By Luther Martin, Chief Security Architect, Voltage Security
About Voltage Security