Enhancing
Since 1995, Mike has served as President, Vice President of Marketing and Sales, Director of Corporate Services, and Consultant for Paperclip Incorporated. In his current role, he is responsible for strategic direction, operations, and corporate communications. Prior to joining Paperclip Incorporated, Mike was the Executive Vice President and co-founder of CMF Design System, a custom software and systems integration firm. Mike received a Bachelor of Science from Rowan University and served as a Captain in the United States Marine Corps.
Paperclip is a proven technology partner that continues to revolutionize content and document management and data security for firms worldwide. Every second of every day, our innovative solutions are securely processing, transcribing and communicating sensitive content across the internet. Maximizing efficiency to save millions annually, while maintaining absolute security and compliance.
It’s clear traditional data privacy and security techniques can’t keep up with the fluidity of data leveraged by today’s on-demand operations. We see data theft and data ransom continuing to rule the headlines.
Threat actors continue to breach cybersecurity-focused organizations such as Verizon, AT&T, Microsoft, Hewlett Packard, Cloudflare, Bank of America, Integris Health, and Trans-Northern Pipelines. These organizations have many things in common, most concerning is their large datasets of plaintext private customer data. And this large dataset is continuously exposed to threats to support basic, daily operations such as customer service, account management, HR/payroll, shareholder reporting, and analytics.
Cybercrime has become an $8 trillion global epidemic, growing to $10.5 trillion by the end of 2025. A large component of that global cost is the exposure of private data online. To remedy this epidemic, we need innovations that can remove private data from the risk of data theft and data ransom.
PETs are typically defined as a suite of tools (hardware and/ or software based) designed to safeguard personal data and uphold privacy principals, specifically during storage, processing, and transmission. These technologies aim to minimize personal data use, enhance data security, and empower individuals in their control over personally identifiable information (PII) provided to online services or applications.
Even though this Privacy-Enhancing Technology hasn’t become law, it is currently part of proposed legislation.
Recent U.S. legislative draft entitled as the “American Privacy Rights Act (APRA)” proposed by House Committee on Energy and Commerce Chair Cathy McMorris (RWA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) specifically identifies Privacy-Enhancing Technologies under SEC. 10. EXECUTIVE RESPONSIBILITY and under SEC. 16. PRIVACYENHANCING TECHNOLOGY PILOT PROGRAM.
This points to the fact that Privacy-Enhancing Technology has been identified as a key to greatly reducing the risk to data privacy and must be part of minimal data privacy requirements.
Overall, PETs strike a balance between data utility and privacy, ensuring that technology users can confidently manage their personal information. According to an IDC
Survey Spotlight from April 2024, over 50% of organizations surveyed are exploring searchable encryption technologies, like SAFE®, to protect data in use within their organization. IDC experts expect that to continue to grow, especially with the adoption of GenAI.
Given the fluid nature of on-demand data requirements that continue to put private data in harms way, it’s time to evolve the way private data is secured. One key area that is gaining momentum as a foundation for securing private data is within the area of Privacy-Enhancing Technology (PET), sometimes referred to as Privacy Preserving Technology (PPT).
1. Confidentiality: PETs ensure that personal data remains confidential. Users can protect their information from unauthorized access.
2. Data Minimization: PETs minimize the collection and use of personal data by service providers and merchants. They allow users to share only necessary information.
3. Anonymity: PETs use pseudonyms or anonymous data credentials to provide anonymity. Users can interact without revealing their true identities.
4. Informed Consent: PETs strive to achieve informed consent regarding the sharing of personal data with online service providers and merchants.
5. Privacy Negotiations: Users and service providers can establish personalized privacy policies through ongoing negotiations. These policies define data handling terms and conditions.
6. Auditability: PETs enable remote auditing of data handling practices by online service providers and merchants.
7. Data Transparency: Users can log, archive, and review past transfers of their personal data, including details like recipients and conditions.
8. Identity Hiding: PETs allow individuals to hide their personal identities by using pseudo data, or anonymous identities.
The Federal Reserve Bank of San Francisco had a good visual that breaks down how they categorize PETs:
documents for their clients. The majority of those documents contained private, sensitive, and controlled data. This was the genesis of the SAFE solution.
Eight years ago, Paperclip needed to assure that privacy was protected where it is most vulnerable, while the data is being queried and in use. Paperclip SAFE is the most innovative PET currently available, and it’s been in active use for three years.
Paperclip SAFE is more than Privacy-Enhancing Technology (PET). As defined, PETs are a suite of tools designed to safeguard personal data and uphold privacy principles, specifically during storage, processing and transmission. More than a typical PET, Paperclip SAFE is a Privacy-Enhanced Technology Platform (PETP).
Foundationally, SAFE is an encryption solution designed to secure data-in-use. This means that the data remains encrypted and doesn’t need to be decrypted to support searchability. Knowing that homomorphic encryption is not practical for real-time data usage due to poor performance, technology costs, and accuracy challenges, SAFE employs Searchable Symmetric Encryption (Song, Wagner & Perrig) with military grade, NIST approved AES256 algorithms supported by dual key vaults (data owner and data holder). This process protects private data at rest, in motion, and where it’s most vulnerable, IN-USE.
In addition to innovative encryption, SAFE performance is suitable for real-time data usage as required by highdemand operational applications (for example: customer service, account management, human resources, manufacturing, clinical trials, etc.). As a PETP, SAFE employs additional protections such as:
Paperclip SAFE® was designed to address the need for privacy controls to address the gap related to private datain-use. SAFE is an innovative solution that Paperclip Inc. developed to protect all private, sensitive, and controlled data being passed through their suite of financial services solutions. In 2023, Paperclip handled over 70.6 million
•
• Data masking/synthetization/anonymization which controls what data is revealed to the end user upon presentment within the query application. AI/ML (Artificial Intelligence and Machine Learning) continuous monitoring of the platform. This is done to monitor for SQL injection attempts. SAFE is also using AI/ML to support administrative configured access control and authentication. By monitoring end user trends, the SAFE AI/ML identifies and immediately reacts to any out-of-trend or anomalous activity.
• Prior to encrypting data, SAFE employs Paperclip’s patented shredding technology. This deconstructs the plaintext into pieces creating a library of shreds. The solution then removes all duplicates from that library, and salt & hashes that library. Doing this breaks all context and creates massive entropy. After the shredding process, SAFE applies AES256 encryption to each shred. This practice assures that even if the AES256 encryption is compromised, the threat actor would only get access to potentially millions of shreds with no context. Based on current technology, it would take approximately 6,000 years to reassemble in any usable form.
The SAFE encryption of data-in-use is a MultiParty Computation (MPC) or Secure Multi-Party Computation (SMPC) solution. The SAFE protocol allows multiple parties to collaboratively compute while keeping all inputs private. As a SaaS solution, SAFE is positioned to be an internal “data exchange” or repository for all private data (also controlled and sensitive data) which will service each operational application as those applications need to query private data. In short, all private data is segmented into one, centralized, efficient, highly secure data-store.
• Paperclip SAFE is a SaaS PETP. As such, the solution does not require a change to the applications an organization uses to support operations. This means that there is no requirement for end-user training. It’s also important to note that the SAFE SaaS solution doesn’t require any change to network or security architecture. The SAFE solution will reduce the complexity of tools and expertise currently required to secure private data.
For those organizations not ready to move their private data to the cloud. SAFE is also available as an on-premises implementation. SAFE as an onpremises solution still meets all the PETP functionality described within this answer. The SAFE on-premises implementation runs on five virtual machines (VMs) per instance. To secure the VMs from a VH hijack, SAFE employs Paperclip’s mooring technology. This digitally anchors each VM to a client’s physical device. Worse case, In the event the VM is hijacked by a threat actor, it is rendered completely useless outside of the client environment.
As a PETP, Paperclip believes the SAFE solution aligns well with the recently released Gartner Data Security Maturity Roadmap (See Illustration) as posted within Gartner’s Security Leader’s Guide to Data Security. As the illustration identifies, SAFE encompasses a multidisciplinary approach to business-centric demands on data privacy and security. As highlighted, Privacy-Enhancing Computation (PEC), Data Security Platform, Synthetic Data, Data Masking, Encryption, and Data Access Governance are included as part of the “Proactive” layer. SAFE provides strong Data Loss Prevention (DLP) as the data is always encrypted and removed from data theft and data ransom risk. This removal from risk will position an organization to exceed “Foundational” Data Security Governance and Data Risk Assessments and/or Audit.
Gartner: Data Security Maturity Roadmap 2023
SAFE is uniquely positioned to address not only the current demands related to data privacy, but also, the future demands as AI and GenAI continue to evolve how data is utilized and accessed. The power behind every AI and GenAI application is the data leveraged within the learning model and the data created by the AI itself. Securing private data with SAFE will control the expanding risk footprint.
Use cases for Paperclip SAFE as a PET include but are not limited to:
1. Multinational corporations required to meet growing global data sovereignty requirements. There is no need to disrupt operations, build out localized infrastructures, or operate in-country cloud solutions. Paperclip SAFE meets data sovereignty as the private data is covered by dual key vaults (two cryptography keys, one for data holder, and one for data owner). This combined with Paperclip’s proprietary shredding technology means that the data is never visible in plaintext outside of the controlled region. Because SAFE is a SaaS application, it “plugs” in via an open JSON:API to existing, localized authorized applications. Customer Service and Account Management is a challenging area when it comes to securing private data. Activities such as walking a client through their billing put private data in harms way. When you look at large customer service departments such as those supporting a mobile telephone service. They often have thousands of customer service representatives located throughout the world, supporting millions of customers. Because the role of customer service relies on immediate access to customer data, and there is no way of determining which customer is going to call for assistance at any given time, the customer database is always available as plaintext to support the query. That means it is always at risk. The SAFE PETP assures that the private customer data is always encrypted and immediately accessible. With SAFE, private data is removed from exposure to data theft and data ransom.
Third-Party private data accessibility is a known issue that has expanded the risk footprint and exposed private data to theft and data ransom. Currently, third-party access to private for use (analytics, customer service, consulting, and extended business
operations) is handled in two ways (We recognize that there are variable nuances to each way described, but foundationally the functions are the same).
An organization will provide a third-party with direct access to datasets within the organization’s environment. This is accomplished in many ways such as VPN connectivity to the database or assigning the third-party log-in and password access to an operational application that utilizes the data required. The organization pulls the required data and sends it via an encrypted format to the third-party where it is unencrypted and loaded within the third-party’s database.
In each of these cases, the data being accessed is in plaintext while in use. The first example allows the third-party to have access to the data within the organization’s environment. In the second example, the third-party has plaintext access within their environment. With SAFE, the third-party can be provided access to the data they need to perform their operations via an API connection while the data remains encrypted at all times. The access is controlled by the organization issuing the access, usage is monitored and logged, and exposure is minimized. As data becomes easier to discover, classify, and store, data sprawl creates an unmanageable footprint that results in private data exposure. Many organizations have employed a siloed business application to database siloed architecture. The result is a situation where organizations have the same private data duplicated and stored within several databases which service unique operational applications.
For example, in banking, the mortgage department may have my private data as part of a loan application. At the same time my private data sits in the auto loan department, wealth management, and core banking applications. SAFE can be leveraged as a private, sensitive, and controlled data “exchange”. Meaning, all private data is stored, fully encrypted within one SAFE environment, and that environment supports each of the banking applications.
In this case, the amount of private data is reduced to a minimal form, and the threat footprint is reduced down to a manageable scale. No one has the expertise, budget, and capability to manage three, four, five plus plaintext datastores, but it is realistic to manage one fully encrypted SAFE datastore.
Because every organization is in possession of private, sensitive or controlled data, there are many use cases where the SAFE PETP will secure private data. If you’re not sure, just ask “What data under a threat-actor’s control will impact my organization?”. That’s the data you must encrypt and remove from exposure.
5. Paperclip’s SAFE PETP will greatly reduce your exposure, exceed compliance, improve cybersecurity efficiency, and remove critical data from data theft and data ransom.
As a SaaS solution, Paperclip SAFE can be implemented within your environment in as little as thirty days with no disruption to your end-users and you get to keep your existing database.
Paperclip is a proven technology partner that continues to revolutionize data security, content and document management for Fortune 1,000 companies worldwide. Every second of every day, our innovative solutions are securely processing, transcribing, storing, and communicating highly sensitive content across the internet Maximizing efficiency to save millions annually, while maintaining absolute security and compliance For more information, visit paperclip.com.
Paperclip SAFE builds on the foundation of trust and collaboration that Paperclip has established with its security and content management solutions over three decades. Paperclip SAFE utilizes in-depth knowledge of the database and data pipeline to secure all points within the data lifecycle. Nine of the 10 top life insurance carriers in the U.S. are currently protected by Paperclip SAFE. With Paperclip SAFE, outpace threats with data that is always encrypted and always ahead of evolving risk. For more information, visit paperclip.com/safe.
Paperclip SAFE® increases user performance while reducing IT budgets, enhancing data security to a new level. Always encrypted. Always ahead.
Authors Chad Walter CRO of Paperclip Inc. cwalter@paperclip.com
201-525-1221 x212
Contact Paperclip
Mike Bridges CEO, Inventor of SAFE mbridges@paperclip.com 732-506-9415
One University Plaza, Suite 518,Hackensack, NJ 07601
Phone: 201-525-1221
Fax: 201-525-1511
https://paperclip com/safe/
CISOs, CIOs, and cybersecurity leaders have the challenge of securing operational systems and data while ensuring security never impedes business sustainability and growth. Everything must operate quickly and seamlessly while preventing cyber attacks, ransomware, and data breaches. To achieve this, cybersecurity leadership must keep up with advancing technologies and innovative solutions that can make the impossible possible.
Marene Allison, former CISO for Johnson & Johnson and current advisor to Paperclip said, “One of the defining moments I had as a CISO was realizing it wasn’t just about securing the IT networks and IT systems—it was about the data. That’s why if you look back at regulations, they’re all about data. HIPAA , PCI, Gramm-Leach-Bliley, they’re all about the data and how it’s used. Security and access.
Unfortunately those regulations were written in 2005 and we didn’t have the technology we have today,” she added “Now we not only have encryption of data at rest and in transit, but encryption of data in use.”
Ultimately, data is the prize that the cyber criminals are chasing, which is why data security is at the core of a cybersecurity leader’s responsibilities. Until recent advancements, there were major gaps in data security technologies. We didn’t have the ability to encrypt data in production, or to choose which data sets were essential to keep encrypted. Data was simply at rest (static, not in use), or at rest in transit (still not in use) where it could be encrypted.
Otherwise, it was in use as plaintext to support an application or business operation. In short, data has either been encrypted, or fully exposed.
When considering the ongoing rise in data theft and data ransom cases, combined with the growing cost of cybercrime (over $8 trillion globally in 2023), it’s time we address encryption differently. After all, data usage has evolved to a point where most data is in use and rarely static. It’s the foundation of our business operations. It’s time for encryption technology to evolve to meet the challenge.
The biggest evolution to hit encryption is the ability to maintain encryption on data while it is supporting business operations. Otherwise known as Encryption in Use, or more formally referred to as the ability to perform computations on encrypted data. With Encryption in Use (EIU) organizations can run queries (computations) on encrypted data while that dataset remains fully encrypted. Speed has historically been seen as the number one concern preventing widespread adoption of EIU. This perception is based on older technologies and is no longer the reality. The evolution of EIU has led to new, proven solutions that address speed, complexity, and compatibility issues while keeping the data always encrypted.
Read more below to learn about the evolution of encryption and the impact of Paperclip SAFE on data security.
The first technology introduced in 2009, Homomorphic Encryption (HE), was flaunted as the future of Encryption in Use, some called it the Holy Grail Large software companies over the next decade worked with HE and could never create a viable product That is because HE performance is still 10,000 times slower than today’s computing norms.
To put this in perspective, a query that takes one hundred milliseconds in SQL would take seventeen minutes with HE. In today’s fast paced world, that’s unacceptable and would impede functionality and practicality. For example, imagine a customer service representative putting you on hold for almost twenty minutes just to look up your account it doesn’t work.
Searchable Symmetrical Encryption1 (SSE) is the foundational game changer for near real-time Encryption in Use. Paperclip SAFE started its journey enhancing the work of Song, Wagner and Perrig (Practical Techniques for Searches on Encrypted Data), the creators of Searchable Symmetrical Encryption This breakthrough development, funded by DARPA and other agencies and conducted by UC Berkeley in 2000, produced the methods and techniques to create, search, edit and delete encrypted data while the data remains fully encrypted
SSE was established as “provably secure” nine years before full Homomorphic Encryption Unfortunately, SSE was not pursued because database attacks were very rare to nonexistent, and symmetrical encryption keys were in their infancy (In 2000, NIST adopts Advanced Encryption Standard (AES)) while securing Internet communications was the top priority (TLS first specified in RFC 2246 in 1999).
SSE at that time did not meet user expectations for speed and usability but that has changed with new technological breakthroughs
Fast forward to today, and we have seen a surge in database attacks and advancements in SSE technology. Now, the research done around SSE is more relevant than ever and has fueled the creation of a fast, simple SSE solution called Paperclip SAFE
With the SAFE technology, Encryption in Use now runs in milliseconds Paperclip’s approach has reduced round trip latency to less than 50 milliseconds while enhancing security
By removing the latency issue, you remove the barrier to EIU adoption for cybersecurity leadership The Paperclip SAFE encryption solution is the only product on the market that uses a foundation built upon Searchable Symmetric Encryption, coupled with Paperclip’s patented data shredding technique and full NIST approved AES-256 encryption backed by two key vaults (data holder and data owner).
As a cloud-based SaaS solution, SAFE is easy to deploy and doesn’t change the way users work within their business applications, and it doesn’t require specialized teams to rearchitect the network environment In addition to being the only product on the market to take the data beyond traditional encryption, SAFE is lightning fast, meeting the requirements of active, on-demand business use-cases such as customer service, PCI, financial services, and healthcare.
Paperclip built SAFE to be meet speed requirements demanded by users A study by Dr Jakob Nielsen2 on “Human Computer Interaction, Web Usability” revealed that “people can form basic visual impressions very quickly, at the limits of human perception.” He found that 0.1 second (100 milliseconds) is the response time limit if you want users to feel like their actions are directly causing something to happen on the screen If it takes longer than 0 1 seconds for the revised state to appear, then the response doesn’t feel instantaneous instead, it feels as if the computer is doing something to make the menu open Thus, to create the illusion of direct manipulation, a user interface must be faster than 0.1 second.
1 Searchable Symmetrical Encryption, Dawn Song, David Wagner, Adrian Perrig, UC Berkeley, 2000
2 Dr Jakob Nielsen, Powers of 10: Time Scales in User Experience, Nielsen Norman Group, October, 2009
When the computer takes more than 0 1 second but less than 1 second to respond to your input, it feels like the computer is causing the result to appear. Although users notice the short delay, they stay focused on their current train of thought during the one-second interval.
According to Google3 in 2021, “the average response time should be under 200 milliseconds as it gives the feeling of an instant response. A web response time ranging between 200 milliseconds and 1 second is considered acceptable as users still likely won’t notice the delay. For better user satisfaction, you should take the time to optimize it Any response time over 1 second is problematic and needs to be fixed The higher the response, the higher the chances of users leaving your website or application”
This research indicated that users have their limits, and it’s safe to conclude the limit is around 1 second. One second to hit the enter key and have your results. If that increases to two- or three-seconds users will become frustrated and raise the issue to the IT department, who will question the technology When IT is asked what the problem is, they often reference the additional security services and tools that are slowing down operations
According to the IDC TechBrief: Applying Post-Quantum Cryptography to Data Protection to Enhance Digital Trust from June 2023, “Adding encryption to data is typically resource intensive… How data protection vendors implement it will likely impact compute efficiency. IT organizations will demand efficiency.”
Paperclip SAFE has removed the limitation of speed to ensure response time is within milliseconds, and never longer than the one-second threshold held by users
Latency issues and poor user experience are also impacted by flawed compliance requirements and the growing popularity of the Defense in Depth approach.
Current cybersecurity compliance is focused primarily on user access and detecting threat actors. Because of this, the various tools in play have created necessary speed bumps within the infrastructure and data path to be fully effective.
3 Google for Developers, Nov 15, 2021
In the first example below, we examine what infrastructures looked like a decade ago when the primary focus was on Perimeter Security. This example below shows a typical office supporting 1,000 users and where access to SaaS business tools are in use.
In this case, the user wants to look up a record, and their actions start a chain of events to provide the question and return the answer across many special-purpose devices called hops. Each stop has a function and it takes time. We measured the user experience as round-trip latency and in this example, 312 milliseconds is a very good response with a positive user experience.
The IT cost for this infrastructure varies due to its complexity such as supporting 1000 users in one complex would be less expensive versus 1000 users distributed across a wide region via branch offices. For the most part, Perimeter Security does not exist anymore, the workforce is distributed and not confined to secure locations Users today use many devices from many locations, and it has proved difficult to defend against threat actors
In 2023, companies’ resources are focused on Defense in Depth Security (DefDS), solutions designed to counter specific threats and meet privacy compliance. To enhance access security, we are removing the traditional role of software applications managing users and security to centralizing access and authentication whereby applications will only provide access by a secure singlesign-on token
Cloud Identity and Access Manager (IAM) can provide more methods to identify an individual than most application vendors can. IAM providers can specialize in biometrics (e.g., face, finger, and eye scans), device identity and multifactor authentication. IAM is estimated to add 300 ms to Round Trip Latency (RTL) and costs $6,000 annually, a wise expense
API Gateway is like a vehicle check point where you stop and provide proof of identity along with your visas. API calls represent client requests to target applications and services are processed based on defined policies (e g , IAM authentication & authorization, access control, SSL/ TLS offloading, routing, load balancing, and security monitoring) API Gateway processing adds 200 ms to RTL and costs $5000 annually, necessary for security execution. Key Vaults store and manage application secrets and cryptographic keys used by applications and storage accounts. Key Vaults securely store and control access to secrets (e.g., passwords, database encryption keys, authentication keys, storage account keys, tokens, API keys, certificates)
Decades ago, with perimeter security, application secrets were stored by the application, database, and config files Much like taking user security away from applications with IAM, key vaults remove application secrets and cryptographic keys from applications Accessing key vaults adds 200 milliseconds to RTL and costs $2500 annually, another wise expense.
Data Loss Prevention (DLP) is a cybersecurity solution that detects and prevents extraction of sensitive data used for internal security and regulatory compliance This is another checkpoint to interrogate the content for sensitive information and block it. It’s become very prevalent in infrastructures today but mildly effective. DLP is high maintenance, has many false positives, and requires plaintext data, a vulnerability itself. DLP latency is estimated to be 100 milliseconds added to RTL and costs $325,000 annually an expensive option
Data Masking is a method of presenting partial data or anonymized data to users for application testing and user training Privacy compliance uses techniques to protect sensitive data from unauthorized users General Data Protection Regulation (GDPR) requirements are stronger stating unauthorized access does not reveal sensitive information about individuals Data Masking solutions perform their operations as data returns to the application. It’s important to note this has no effect on the database which remains in plaintext. Data Masking adds 100 ms to RTL and costs $250,000 annually. This technology is shortlived, as all database vendors (e.g., SAFE) are releasing new masking features
Defense in Depth Architecture has added almost 1 second (920 ms) to RTL or in other words, we’ve crossed the line to poor user experience. Defense in Depth has increased latency by 76%, 4.2 times increase (312 ms to 1,232 ms) to users’ request The additional infrastructure expense of $588,000 represents an increase of 16% in operational IT expense budgets
Putting aside the slow performance and high cost,, this “new normal is not resulting in any substantial decrease in cybercrime Cybercrime is growing year-over-year and what we do to protect our data is clearly not effective
When comparing Paperclip SAFE to other solutions that claim to encrypt or protect data, SAFE stands out as a faster, simple more secure, and more affordable option SAFE is the only always-encrypted data security solution on the market today
Professionals across a wide spectrum of security experience agree we need to rethink how we protect our data and processes. The current Defense in Depth Security approach is not sustainable and will have adverse effects on user experience, business productivity, and result in increased exposure to vulnerability exploitation
Recognized over a decade ago, professionals started designing a new network architecture, one without IP addresses and port addresses; a dark network Today these designs have materialized and have begun entering the market known as Zero Trust Architecture (ZTA) ZTA
eliminates implicit trust with everything (e.g., user, device, node, or service) and only grants access upon identity verification from multiple sources ZTA then establishes a direct connection between the user and the application, not providing any visibility into the infrastructure and its resources ZTA brings the cyber security focus then to the user’s endpoint device and the backend application and data.
ZTA will have a positive effect in reducing latency as we know it today by dramatically reducing the number of hops between the user and application. Endpoint security will continue to protect and monitor users for phishing and malware attacks designed to get a foothold on the user’s device.
Encryption in Use is a recognized goal and requirement to achieve ZTA’s optimum security posture as demonstrated by Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model V2 (2023) Encrypting data in use will deny threat actors access to plaintext data in storage, memory, CPU, and I/O processing
Paperclip SAFE®, searchable symmetrical encryption database overhead is very small; 42% increase in database latency. SQL database latency for a normal transaction request averages 100 milliseconds, the same query to SAFE would take 142ms; 42ms increase. Data Masking is built into SAFE, therefore eliminating 100ms for data masking, a net pickup of 58 ms in RTL, improving the user’s performance
eliminate
pickup of
for data masking 42%increased latency 1000ms 58msin RTL
The SAFE benchmark to the right illustrates a compound search of partial first name, partial last name, partial Social Security from a million rows database which returned one identity with an RTL of 187ms. As a function of the SAFE search process, only the identity requested was decrypted for use No additional data was ever decrypted or exposed to risk
Searchable Symmetrical Encryption is the solution to data stored in plaintext and vulnerable to cyber-attacks. Encrypting data in use will have a major impact reducing cybercrime.
According to the Gartner Guide to Data Security 2023, “A datacentric approach to security architecture can provide great benefits in terms of protecting valuable assets consistently and enabling demonstrable compliance. This area is rapidly changing, and so is your organization’s use
of data. Your strategy will need to embrace change within a more agile process to enable you to continuously protect your data from different environments and threats.”
The computing industry for the last three decades have turned to encryption to protect critical data. Two decades ago, we used SSL/TLS encryption to protect our Internet traffic. In 2005, we used encryption to protect our off-line data, (e.g., archives, backups); encryption at rest. The use of encryption in these two cases have proven very effective and now it’s time to use encryption to protect our online data, production data stored and processed in plaintext ZTA incorporating SSE is the new end-to-end security architecture that will give us the greatest chance to reduce cybercrime, reduce IT budgets and improve user performance. ZTA/SSE is the newest practical security technology available today and I predict that it will be commonly used by the end of this decade; a better new normal.
A research team lead by Dr Gitte Lindgaard4 found that “people can make rough decisions about a web page’s visual appeal after being exposed to it for as little as 50 milliseconds ” Think about how fast the human brain can process input and react. It’s fair to say that humans can process just as quickly as computers can; therefore, humans know when applications slow down by just milliseconds.
4 Dr Gitte Lindgaard, Distinguished Research Professor, Carleton University, 2009
For web usability, this means that new pages must display within 1 second for users to feel like they’re navigating freely; any slower and they feel held back by the computer and don’t click as readily Normally, no special feedback is necessary during delays of more than 0.1 but less than 1.0 second, but the user does lose the feeling of operating directly on the data.
Paperclip SAFE® increases user performance while reducing IT budgets enhancing data security to a new level always encrypted
Mike Bridges President of Paperclip Inc. Inventor of Paperclip SAFE®
Contact Paperclip
One University Plaza, Suite 518,Hackensack, NJ 07601
Phone: 21-525-1221
Fax: 21-525-1511
https://paperclip com/safe/
