It’s not the encryption you fool, it’s the decryption!
Every week we hear of yet another Big data or cloud analytics encryption project that requires our urgent support.
Companies buy an expensive FPE encryption solution, after being dazzled by shiny brochures and slick salespeople, quickly piloting an optimistic and over-simplified scenario of ingesting 10 columns with 10 million rows. And they think they are done!
Reality starts to shine through the cracks once realizing that these 10 sensitive columns are replicated thousands of times across Datawarehouse – scope is increasing to thousands and even tens of thousands of columns that are in scope.
UDFs that could handle the load of encrypting 10 columns, cannot scale to support these thousands of personal and sensitive columns as every additional UDF increases the ETL window loading time exponentially until it is unacceptable by the business.
In addition, Cloud Analytics platforms cannot use UDFs to encrypt the data as HIPAA, PCI and other privacy regulations require segregating the keys from the data-stores.
As UDFs are encrypting and decrypting data in the cloud processing servers – they require access to the encryption keys – breaking key segregation requirements.
Other UDF limitations include lack of context (UDFs are blind when service accounts/SSO/BI caching is used), cost and expert skills required for
creating each UDF and maintaining it over time while carrying its performance tow, UDFs becomes an unacceptable architectural decision.
In times when data protection is closely monitored by C-level executives and “go-live delays” are punished by auditors and regulators alike, our proven practices and tools used at 4 of 10 largest Telcos, 3 of 10 largest financial institutes will ensure your data protection success on-time and on budget.