"Ice Cube": A Solution to Data Breaches  

The data breach problem is a major concern for everyone now. Data breaches can lead to many serious issues like identity theft, fraud, and in some cases threats to the national security. In the last 12 months there have been more than 15 reported data breaches in major organizations including Fortune 500 companies and government departments. The series of breaches in the Office of Personal Management (OPM) were perhaps the most serious reported in 2015. The recent Experian credit agency breach was a shocker to nearly everybody.

 

Hackers use sophisticated techniques to break into the supposedly well secured information systems of organizations and steal the data related to the organization and also the personal sensitive information like SSN, DOB, address etc. of the individuals associated with the organization. The hackers then sell this data on the black market and earn millions of dollars. Hackers with more malicious goals such as those related to terrorist groups can cause considerable damage to national security. The people who buy the data can use it for identity fraud by opening bank accounts, getting credit cards or mortgage loans on the stolen identity. Of all the breaches that happened in the last year the OPM breach was perhaps the most alarming because the data stolen is related to nearly all federal employees. 

 

So what is the solution? With constantly emerging technologies and an ever growing criminal hacker community it is impossible to secure information systems completely. Actually, from an ability perspective, hackers can be considered some of the most elite or capable people in the software industry. Unfortunately they have chosen to use their abilities in destructive ways rather than for helping people. So instead of only trying to safeguard systems we have to think differently and make the data useless even if it is breached. This is what we call the 'ice cube' concept. As long as an ice cube is in the refrigerator it will stay an ice cube, but once it is taken out of the refrigerator it becomes water and is no longer an ice cube. In the same way, as long as the data is in the system it should be useful and once it is out then it should be useless. One possible way of doing it is by dividing the data and storing it in multiple places. For example the date of birth can be stored in three different servers: Month in one server, Date in a second server, and Year in the third server. This way, even if a hacker gains access to one server, he will only get a piece of information which is much less useful for him. Data encryption is one way of making the data unusable but it is still complete and if a hacker gets hold of the decryption key then it is a gold mine for him. Therefore if agencies like SSA, DMV, IRS and DHS collect and store the data in parts then it will become much tougher for hackers to utilize the data. Admittedly, implementing this solution will take some time as it involves changes in the process of storing and retrieving the data, but it is a worthy effort, considering the legal, mental and security issues associated with data breaches.

 

You might also ask: What about companies, banks, rental agencies etc. that collect personal identification information for various reasons and store them in their databases?. Well, for that we have an innovative patent pending solution, which, when fully implemented, will eliminate any requirement for providing or storing the personal identification information. 

 

Partner with us: If you are with a company working in the cyber security domain and are interested to know more about our solution or would like to partner with us then please contact us at info@ajacsolutions.com.