Entrust Datacard is one of the leading global vendors for
identity management and assurance. In June 2019, Entrust Datacard acquired
nCipher Security, a data security platform that secures business-critical
information and applications, including cloud, IoT, blockchain and digital
To find out more about the nCipher platform, as well as the challenges facing organizations in securing emerging cloud and IoT technologies, Expert Insights met with Jenn Markey, Marketing Director for Authentication at Entrust Datacard, and Peter Galvin, Chief Strategy and Marketing Officer at nCipher.
The Data Protection Challenge
nCipher helps organizations secure the masses of data that
they’re generating, which is quickly becoming one of the most important
security risks for organizations.
“If you think about the biggest challenges that CIOs and
CSOs have, it’s that they’re collecting a lot of personal and sensitive
information,” Galvin tells me. A crucial aspect of the security team’s role is
to ensure this information is kept private and can only be accessed by the
right set of people.
“We provide the capability for that data to be encrypted,”
Galvin explains. “We store the encryption keys in hardware, and we generate the
encryption keys and signing keys.”
Galvin explains these keys are secured in hardware rather
than software, in order to maximise security. Many of their customers are in
government, and financial services, where ensuring large amounts of data is
protected and encrypted is absolutely crucial.
When it comes to protecting data, there are really two main
issues that CIOs and CSOs are facing today, Galvin says.
“The first is actually protecting the data,” he says. “The
second is about getting access to the data. To secure data we’re able to
provide managed services for public key infrastructure and provide certificates
for websites and identities.”
“From the identity standpoint, we can actually authenticate
a user or an individual, to ensure that you’re able to identify the people and
systems that are trying to access that information.”
Is 2020 The Year of Encryption?
Galvin has previously described 2020 as the ‘year of
encryption,’ and a turning point in how organizations will have to approach the
issue of data protection and access. Galvin argues that the ever-increasing
number of data breaches that we see is driving this change.
“We now have a set of cyber criminals and nation states that
are trying to attack any type of sensitive data.” Galvin says. It’s long been the case that cyber criminals
have targeted organizations, looking for sensitive information like credit card
information for identity fraud.
But now, nation states are another big threat to
organizations. “We live in a world where we’ve moved from cyber criminals to
nation states, who are using cyber as a form of low-level warfare. But they
don’t just want information from other governments, they want information from
“The best way to keep information out of the hands of either
rogue nation states or cyber criminals is through encryption.”
Why are the challenges around data encryption getting worse?
It seems the number of data breaches that we see are
increasing all the time, with the challenges to protecting data becoming more
difficult. Why are the threats to data becoming more prevalent?
“There’s multiple reasons,” Galvin says. “One is that
there’s more data. We’re also moving to a digital and application economy.”
“Everything we do now is digital, so all of it leaves a
digital fingerprint,” he says. “All of it contains information about you,
including payment details. And all of this information is valuable to criminals
and even nation states.”
Why are organizations struggling to protect their data?
The threats to organizations from our increasingly digitized
world and economy are clear. But protecting this data is a very tough
challenge, even for large organizations with big security teams and big
There are a number of reasons for this, Galvin says. “There
are a lot of organizations using legacy systems and infrastructure, and so many
are moving to newer types of infrastructures.”
One of the challenges around that, he argues, is securing
access to the data, to make it as frictionless as possible to access, but also
secure against cyber threats.
The challenges are also getting harder on the consumer side,
and in the workplace, Markey says. “Employees mostly have no malicious intent,”
she says. “But passwords were created for an era long before the one we’re
operating in now. Passwords are notoriously insecure, so the challenge is, how
do you evolve from that?”
nCipher announced at RSA a new password authentication
product that gives users the ability to seamlessly access a workstation and all
their apps without passwords.
“This helps to limit the ability of cyber criminals to
target credentials and access data,” Markey says. “By removing the password,
you eliminate that entire area of attack.”
The Increasing Use of AI and Machine Learning in Data Breaches
One of the
major new challenges to encrypted data is the increasing use of artificial
intelligence (AI) and machine learning (ML) by organized cyber criminals and
nation states to target an organization’s security infrastructure.
Galvin argues like any technology, AI and ML will be used
for both good and bad in the data security battlefield. “AI is just another
example of a tool that can be used. Some will use AI to try to infiltrate
systems, but on the flip side to that, you can also use AI to prevent those
“I think the real issue is having constant vigilance about
what is happening, keeping abreast of technologies, understanding where your
risks are and being able to do good risk assessment within your organization.”
“This is an ongoing set of activities that you have to do,
because even as we plug holes and try to provide more security, cyber criminals
are trying very hard to find other places that they can access information.
Organizations have to constantly be thinking one step ahead of cyber criminals
and what they’re trying to do.”
Advice for Organizations Considering Data Encryption Platforms Like nCipher
For organizations considering implementing data encryption
platforms such as nCipher, Galvin’s first advice is to consider where your
organization is going in terms of digital transformation.
“Understand where you’re going your journey,” he says. “Make
sure that you’re looking at solutions and suppliers that can take you along
that journey. Organizations have a lot of different infrastructure, they have
on-premise, they have public cloud, and private clouds. You need someone that
understands all of those phases, which is something that nCipher does very
“Organizations also need to do risk assessment,” Markey
says. “Look towards verticals that are out there and the threats they’re
facing. Some industries may not
necessarily think that they are a target, but it’s no longer the case as
there’s always valuable data in any organization.”
“Work with a vendor that can do that risk assessment, understand what your vulnerabilities are, and how to protect them.”
Find out more about nCipher here: https://www.ncipher.com
Find out more about Entrust Datacard here: https://www.entrustdatacard.com/