Yes, It’s (Finally) Time to Talk About Searchable Encryption

Earlier this month we exhibited at the Gartner Security & Risk Management Summit—one of the largest cybersecurity conferences that brings together cybersecurity leaders and specialists. And after three days with the best minds in cybersecurity, we learned that none of the leaders we talked with are protecting operational data through searchable encryption.

It’s not because they don’t understand the importance of protecting searchable data, but rather because they didn’t know it was possible to search encrypted data. For over 20 years, searchable encryption has been theoretical. It’s been on wish list of every organization with sensitive data but wasn’t practical. It simply couldn’t be done at the speed of business. When we told people that Paperclip SAFE delivers complete, searchable encryption without compromising speed or security—they were skeptical.

So, how did we do it?

We were thrilled to hear this question from Gartner Summit attendees, and even more thrilled to share that with our SAFE solution, searchable data encryption is now a proven, practical reality. Paperclip’s patented shredding technology—which has been used in our trusted content management solutions for many years—provides a fundamental architectural advantage to enhancing and accelerating searchable symmetrical encryption.

Paperclip has been around for 32 years in the content security and management space. We handle terabytes of PII, NPI, PHI and other sensitive data for our insurance and financial services clients. Like our clients, we came to the conclusion many years ago that we needed to more to better protect this data. We needed to go beyond basic compliance and the solutions that are readily available on the market.

The statistics make it clear that traditional data security methods just aren’t working. The total cost of a data breach globally reached an all-time high in 2022, averaging $4.35 million, according to IBM’s Cost of a Data Breach Report 2022. This number jumps to $9.44 million for data breaches in the U.S. Threat actors aren’t just stealing data, they’re stealing trust, time, and hard-earned revenue.

There are plenty of tools to keep data encrypted at rest on the disk (encryption at rest), and plenty of tools to keep data encrypted when you’re sending it somewhere (encryption in motion). Both of those are common practice. The weak link and biggest gap in data security is when the data gets pulled out of the encrypted storage and moved to accessible memory or storage to support search functions—anything searchable is sitting in memory unencrypted and therefore easily exposed to risk. The Paperclip security experts, data scientists, and developers knew about this weakness and innovated a way to solve the challenge without compromising speed, sacrificing security, or disrupting business.

We witnessed a lot of “Aha!” moments through these discussions. And there was even mention of searchable encryption in one of the first sessions at the summit. Mark Horvath, Gartner VP Analyst mentioned searchable encryption several times during his session titled: “The Changing Face of Data Security: Navigation Systems, Not Seatbelts.”

While we did not see a lot of exhibitors or breakout sessions focused on unencrypted data, through our discussions with attendees and fellow exhibitors we did learn that this is something on everyone’s mind. When we talked around the show floor, we didn’t see many booths calling out data security, let alone the importance of persistent encryption. The other vendor we found talking about searchable encryption is using the term while their solution is decrypting the data during search. Like AI (Artificial Intelligence), trending topics are often misaligned to garner target market attention. As this space grows, we expect to see many vendors promising searchable encryption without the actual technology to make it a reality.

As a first-time exhibitor in a large-scale cybersecurity event, we were unsure how our SAFE solution would be received as it challenges the conventional ways sensitive and private data is secured. We’ve been innovating secure SaaS solutions for over three decades. But the SAFE solution is a first in many ways. Most importantly, It’s the first to encrypt searchable data without disrupting the speed of business, the users operational flow, or network infrastructure. It’s also the first to change the way we approach securing sensitive data.

All this considered, we came out at the end of the event feeling validated. People are starving for data security solutions that are purpose-built. They want to understand how to effectively implement and leverage searchable encryption within their operations. We had great conversations around data consolidation, third-party collaboration, reducing cybersecurity complexity, and getting more from business operational data without the risk of exposure. It became clear that SAFE is the missing piece for many of these organizations to fully protect and get the most out of their sensitive data.

The Gartner Security & Risk Management Summit is hosted each year in National Harbor, Maryland. The packed agenda includes three days of thought leadership sessions, an open show floor with hundreds of exhibitors, impactful keynote speakers, and networking opportunities galore.

With the event taking place so close to Washington D.C., we encountered many cybersecurity professionals working in the government space. And with CISA (Cybersecurity & Infrastructure Security Agency)—the government entity that guides cybersecurity protocols for government agencies— now recommending searchable encryption, or encryption-in-use, as key requirement within their recently updated Zero Trust Maturity Model, the SAFE story became even more relevant for those groups.

Organizations are focused on the data security layer more than ever before. And while sophisticated organizations are encrypting data-at-rest and data-in-motion, most are just now realizing that their biggest exposure to risk is when the data is queried. Which, for most organizations, is happening every day.

Threat actors have been feeding off our unencrypted sensitive data for far too long. We can keep doing the same thing over and over again and expect a different result, or we can do something different and actually stop runaway data breach costs. Want to see what all the SAFE excitement is about? Schedule a call with our team so we can better understand your data security challenges.