Data breaches are a problem reaching epidemic proportions. In the last 24 months, two-thirds of all Americans, half of all Filipinos and half of all South Africans have had their personal details breached via unintended disclosures. The leaked information included names, addresses, government issued IDs (such as SSNs), places of birth, and even passport numbers and fingerprints.
At the same time, legal regulators are clamping down on such egregious failures in I.T. security. The European Unionâ€™s GDPR introduces potential fines of up to 2% of global turnover for failure to adequately secure data against breach. Meanwhile, in the USA, violations of HIPAA attracted $19.4m in fines in 2017, including a $3.2m fine for leaks of electronic patient health information from unencrypted laptop and mobile phone devices.
When a data breach happens, every citizen becomes more susceptible to identity theft, fraud and discrimination, while the organizations responsible risk severe fines and reputational damage. Spearheading the fight back, Australian company Scram Software has been working with leading cryptographers from around the world to research and develop the next generation of encryption solutions for data at rest. Founded in 2014, the companyâ€™s mission is to secure the worldâ€™s data in the cloud by mitigating the risk of data breaches, intellectual property theft and sabotage through strong encryption.
Strong encryption is a highly effective way to prevent or limit data breaches. Encrypted data looks like gibberish, and is of no value to a thief or hacker. However, it remains heavily underutilized. A recent study showed that only about 4% of breached data is encrypted. This represents a huge opportunity for improvement for the I.T. industry.
Founder of Scram Software, Linus Chang, explains why encryption is so rarely used:
â€œIn the past, encryption has had some significant drawbacks. It was poorly understood, and had a reputation for being difficult to implement. It was tedious for system administrators to manage encryption keys, certificates and passwords. The few solutions on the market were either aimed at large corporates and thus prohibitively expensive for SMEs, or open-source projects that lacked commercial support and credibility.â€
â€œWe knew that to make any impact in the market, we had to completely revolutionize the approach. â€œThe challenge is to create the next generation of encryption, taking something incredibly complex and making it incredibly simple,â€ added Chang.
ScramFS provides client-side encryption for data at rest, while being exceptionally easy to deploy into organizations. It is designed as a â€œuniversal encryption systemâ€, transparently encrypting and decrypting on demand, enabling I.T. departments and administrators to secure data at rest â€“ whether stored on-premise, or in a hybrid or public cloud â€“ with minimal overhead. It can encrypt any information stored as files, such as database backups, drive images, and biometric data such as fingerprints and DNA.
In terms of usability, ScramFS makes it easy for I.T. professionals to secure data at different stages in its lifecycle.
Securing primary copies of data: enabling software developers to integrate encryption to their systems, without having to code any cryptography. Regular Crypto Application Programming Interfaces (APIs) are extremely difficult to use and error-prone for developers. The breakthrough approach is that the ScramFS API exposes a file system interface instead, making it impossible for a developer to make a cryptographic error.
Securing secondary copies of data: enabling system administrators to integrate encryption into their processes, such as backing up, archiving, migrating and transferring data. ScramFS offers a Command Line Interface (CLI), enabling system administrators to integrate encryption into batch processes and scheduled tasks.
Most encouragingly, Scramâ€™s usability tests have shown that I.T. professionals can go from nothing, to securely encrypting data in under 30 minutes. Another issue with encryption software is its level of trustworthiness. Because itâ€™s impossible for a user to verify the security claims, choosing a cryptosystem requires blind faith in the vendorâ€™s marketing. In reality, many cryptosystems are poorly designed and contain vulnerabilities, leading to flimsy security that is easily bypassed or broken.
Scram Software tackles this problem by engaging leading cryptographers and security specialists throughout the R&Dprocess. ScramFS was designed by noted cryptographer, Dr Ron Steinfeld (Monash University) and peer reviewed by an additional three university professors from Australia and the USA. It was designed to provide a level of security never before available to SMEs â€“ resistant to attack from quantum computers for long-term security; maintaining privacy and integrity against unauthorized parties (such as hackers), and even resistant to attack from malicious or sabotaged cloud providers.
Software security expert Dr Toby Murray (The University of Melbourne) approved of Scramâ€™s rigorous approach. â€œScramFS has now undergone at least four independent security reviews, for which the ScramFS developers should be applauded. Scram Softwareâ€™s ongoing demonstrated commitment to security is very encouraging for its future evolution.â€
All this bodes well for Scramâ€™s future, according to Chang.
â€œWe know that good encryption could have significantly restricted, and even entirely prevented, the majority of reportable data breaches. But encryption must also be simple and affordable. Our approach is to empower I.T. professionals to encrypt sensitive data by providing them a powerful, extremely secure and easy-to-use toolkit in ScramFS. We see huge potential for Scram to lead the fight against data breaches and make them a thing of the past.â€
Greet the luminary
Linus Chang is a computer software entrepreneur specializing in data security, with a long track record of creating successful products. Linus is well known for developing BackupAssistÂ®, the highly successful backup and disaster recovery software for Windows servers sold to 165 countries since 2002. This experience gave him the insights to start Scram Software, helping SMEs fight the data breach epidemic.
"Our vision: A world where data breaches are a thing of the past."