It’s not the encryption you fool, it’s the decryption!
Every week we hear of yet another Teradata or Big data encryption project that requires our urgent support.
Companies buy an expensive FPE encryption solution, after being dazzled by shiny brochures and slick salespeople, quickly piloting an optimistic and over-simplified scenario of ingesting 10 columns with 10 million rows. And they think they are done!
Reality starts to shine through the cracks once realizing that mere 10 sensitive columns are replicated thousands of times across Teradata tables, UDBs and Big data – all need to be decrypted for systems and users who need access to the decrypted data (about 20% of users have a legal basis). And with few hours to days for creating each UDF and maintain it over time while carrying its performance tow, UDFs becomes an unacceptable architectural decision.
Another major caveat with the use of UDFs is that decryption of the data (making the data sensitive again) is performed in the cloud (with encryption keys available in the cloud). This prohibits the use of UDFs for organizations who are obliged to maintain sensitive data on-prem only.
Panic appears when they realize that Teradata is also pouring data into a maze of other operational data stores. These data spills contain encrypted values which cause data corruption at all these target business systems!
In times when data protection is closely monitored by C-level executives and “go-live delays” are punished by auditors and regulators alike, our proven practices and tools used at 4 of 10 largest Telcos, 3 of 10 largest financial institutes will ensure your data protection success on-time and on budget.