Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Encryption’s Expanding Role in Securing Cloud Data

Linus Chang, CEO of Scram Software

By Linus Chang, CEO and Founder, Scram Software (

Any company that collects data about EU residents now has a duty of care in safeguarding that data from leakage. But despite being custodians of such data, many companies saw it was low in value, and therefore did a poor job of securing the data from breach. But thanks to steep regulatory fines such as those enforceable by the EU’s new GDPR, it is now possible to put an actual price on personal data, i.e. the size of the potential fine if the data is stolen.

The next step is to determine the best way to protect it. While many cloud providers purport the ability to secure data, there are clear reasons why organisations can’t simply rely on the level of “security” that a cloud provider offers.

Dr Toby Murray, a leader in software security (University of Melbourne, Australia), recently commented, “In theory, the market is supposed to incentivise cloud providers to keep customer data safe. Yet history tells us that few organisations can truly be relied upon to have sufficient security, even when their business models depend on them remaining secure.”

As an example, Murray cites certificate authorities like DigiNotar, which went out of business in 2011 after a significant security breach. “Knowing that your cloud provider might go out of business if your company’s data is breached is little comfort if that breach would also cripple your own business,” said Murray.

Most people only think of encryption in relation to privacy, but encryption is also a way that a data owner can use the cloud while still retaining control of their assets. This, in fact, is one of the most valuable features of encryption as a tool – provided that the owner manages the encryption key properly. While other methods can safeguard the network, the computer, or the file system, encryption is the only way to safeguard the data itself.

Two additional layers of data security via encryption 

In addition to providing data owners with privacy and control over their files, cryptography also offers two additional layers: integrity, since it ensures that the data isn’t modified from its original form, and authentication, since it verifies that the data comes from the specified source. An example of this usage is with fingerprint data, since encryption ensures two fingerprints aren’t swapped. As Dr Vanessa Teague, a cryptographer at the University of Melbourne, points out, sometimes data is evidence. “Think about police cameras, for example,” she said. “The police might not only have to keep the data private, they might also have to prove at a later date that nobody had the opportunity to tamper with it.”

Teague emphasises another reason why encryption is critical for data security today: not all data breaches occur by accident. “Some occur because the entity to whom you entrusted your data could make money by reselling it, or giving others the opportunity to exploit it,” she said. Teague added that if you look carefully at the dispute between Cambridge Analytica and Facebook, you will see that the Cambridge University researcher who acquired the sensitive data of millions of people did so with Facebook’s permission.

“A cloud provider of any data might, similarly, decide to share it,” explained Teague. “This becomes even murkier if the entity believes your data has been ‘de-identified’ before sharing. Although it may be very easily re-identifiable, you may have no way of knowing, and some countries are considering making it a crime for you to try to find out.”

This should make it clear why secondary copies of data – such as backups, archives, migrations, and transfers – should ideally always be encrypted. Since these forms of data live as files, this is easy due to recent advances in file system encryption. Many primary copies of data can also be encrypted, and with more web systems collecting private or sensitive information (such as identification data and fingerprints), it’s becoming even more important that this happens.

However, despite the obvious need, one must ask why encryption is used so rarely. Unfortunately, cryptography has had a reputation for being troublesome and expensive to implement. With data coming from so many sources and being stored in so many systems, the encryption tools have not been able to keep up with the changing environment.

In a world that’s experiencing unprecedented levels of data breaches, what is needed is a well-designed, universal file encryption system that secures different types of data to protect against many forms of cybercrime, thereby minimising the chance of a successful data poach. Further, the system must also be easy to deploy, and come with foolproof instructions so that it is always implemented correctly. Dr Ron Steinfeld, a leader in post-quantum cryptography (Monash University, Australia), has been working on one such system, called ScramFS. “Encrypting stored user information on the cloud server with a key known only to the user, as is done by ScramFS, should significantly reduce the likelihood of such data breaches,” Steinfeld commented.

Bio for Linus Chang, CEO & founder of Scram Software:

Linus Chang is CEO & founder of Scram Software, which provides world-class encryption tools enabling SMEs and government organisations to easily and affordably secure data stored locally and in the cloud. ScramFS – the flagship product Chang designed, developed and peer-reviewed alongside international security and cryptography experts – also achieves aspects of GDPR compliance by enabling organisations to implement encryption and pseudonymisation security protections (Article 32) by design and default (Article 25), while also mitigating the obligations of reporting data breaches to data subjects (Article 34).

A computer programmer and entrepreneur from Melbourne, Australia, Chang previously created BackupAssist, a SME software product which has sold over 170,000 copies to 165 countries, with customers including the Department of Homeland Security and NASA.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post