Paperclip, Inc have announced that its SAFE searchable encryption solution now provides data masking. SAFE is the only data security platform that ensures continuous encryption across every data state, including in search.
“SAFE ensures data always remains encrypted, even during the query function, and with this added feature we also mask sensitive data presented to end user applications,” said Chad Walter, CRO of Paperclip SAFE. “While data masking has become expensive, SAFE clients get full data encryption—including searchable encryption—plus data masking for the average cost of data masking solution.
“It also reduced complexity by giving users two critical security functions—data masking and full encryption—in one complete solution.”
Data masking, also referred to as de-identification or anonymisation, is the process of modifying sensitive data in such a way that it is of no or little value to unauthorised intruders while still being usable by software or authorised personnel. The addition of data masking to SAFE was driven by user feedback and changing compliance requirements.
Data masking is required by many compliance frameworks such as GDPR, CCPA, HIPAA and ISO 27002:2022 (Control 8.11) and is recognised by Gartner as a growing category within data security technology.
The data masking market has grown from a little over half a billion dollars in 2022 to what is expected to reach over one billion dollars by 2028, as per the April 20, 2023 press release from Market Research Guru.
Data security concerns often impedes data collaboration within highly regulated industries. Paperclip SAFE already ensures that sensitive and private data is always encrypted and secure making it more useful in supporting business operations without risk of exposure.
The addition of data masking goes beyond encryption, providing another layer of security and makes data more useful and secure all the way out to the end user.
In IDC’s recent spotlight paper, “Rethinking Effective Security by Protecting Data in Use”, Analyst Jennifer Glenn states “Many organisations have been actively implementing data loss prevention (DLP), data access governance (DAG), and data monitoring to detect, classify, and protect sensitive content as it moves through the organisation.
Encryption, key management, and certificates have been used even longer to help facilitate secure connections and obscure data to maintain the integrity of valuable assets.
“All together, these tools have offered a measure of protection against data breaches and unintentional data exposure,” she added. “However, they are typically only used to secure data at rest (information stored in a database or application) or data in transit (content that is sent in an email or moved to another location).
“Many of these technologies do not protect data in use, and they do not typically encrypt searchable data.”
That’s where SAFE fills the searchable encryption gap, by encrypting data throughout its lifecycle while working at the speed of business to support business growth and operations.
You can read the full IDC Spotlight paper here.
While searchable encryption has not yet been identified as a compliance requirement as demonstrated by CISA’s (Cybersecurity and Infrastructure Security Agency) recent Zero Trust Maturity Model update, governing bodies are beginning to identify the requirement to encrypt data not just at rest and in motion, but also in-use. Related to compliance requirements, Paperclip SAFE supports data minimization, data access, data segmentation, zero trust architecture, and now, data masking.
“We designed Paperclip SAFE to protect the data we house on behalf of our clients, so we all could trust the security of that data,” said Mike Bridges, President and COO of Paperclip Inc. “Because of this we had to think beyond compliance and focus on security without sacrificing usability. It was never about a series of compliance check boxes.
“The questions we had to answer were 1) Is the data always secure? 2) Is it accessible without sacrificing security? 3) Will SAFE stop data theft and data ransom? Will it disrupt the way we or our clients do operate?” he added. “The answer had to be three yeses and a no, respectively. We continue to build upon those four foundational principles, data masking is just the most recent enhancement.”
