Advanced Security and Usability: Smartcrypt™ from PKWARE Protects Retailers’ Sensitive Data Across Platforms and Devices
3.15.17 Cyber Security

Advanced Security and Usability: Smartcrypt™ from PKWARE Protects Retailers’ Sensitive Data Across Platforms and Devices

By: Jon McDonald

The Crunch: When a high-profile data breach occurs, it causes anxiety about digital security for nearly every business. But breaches can especially impact the retail industry, which deals with a vast amount of sensitive consumer information. With over 30 years of experience, PKWARE stands out in a crowded field of security solutions by encrypting the data itself, not just putting up firewalls around a retailer’s network. PKWARE, the inventor of the .zip file, created the Smartcrypt platform to put businesses in full control of sensitive information — both internal and external. Smartcrypt accomplishes this through technologies like format-preserving encryption, which encodes data while enabling it to be useful across analytics platforms, and Smartkeys, which control user access to data. PKWARE’s advocacy for data security and focus on product development translates to constant feature updates to the Smartcrypt platform.

When a data breach makes the news, it gives security experts and IT professionals in every industry pause. In 2014, it was Sony’s movie studio that was the victim of an extensive hack of its networks, exposing private correspondences, scripts in the works, and even full movies to the world.

The Sony hack showed every industry what a real-life, massive security breach looks like at a large company — and it wasn’t pretty. One firm projected the company’s losses could stretch to $100 million. Even in regulated industries, like retail with its more than 100 data security laws to traverse, information can be vulnerable because cyber criminals tend to move faster than regulations do.

PKWARE has been in the software industry for more than 30 years, beginning its journey in 1986 and solidifying its name in 1989 when it created the .zip compression algorithm. About 15 years ago, the company shifted its focus to encryption and has since seen the evolution of both security technologies and the criminals trying to break through them. PKWARE provides encryption solutions that go beyond regulatory standards for industries like finance, government, manufacturing, and, especially, retail.

“In the retail space, businesses use encryption to protect valuable customer data,” Matt Little, Vice President of Product Development at PKWARE, told us. “And not just the stuff they are hosting, they are looking at solutions to protect big data as it is being analyzed in the cloud.”

Photo of PKWARE Head of Product Development Matt Little

PKWARE VP of Product Development Matt Little spoke with us about the company’s data-level encryption solutions.

PKWARE provides that security by encrypting the data itself — such as emails or files — so that it can remain safe while traveling outside of a company’s digital walls en route to its destination — and even once it gets there. Its intuitive Smartcrypt platform makes it possible to secure that information and even shore up internal protection by easily controlling who has access to company data.

Through Smartcrypt, content can be protected across any platform on any device, so a company doesn’t have to invest in massive infrastructure upgrades in the name of security.

Retailers should be securing their data first rather than rushing to protect their assets with as many firewalls as they can following news of another high-profile cyber attack. PKWARE helps companies gain that focus and is always working proactively to protect valuable information.

Format-Preserving Encryption Helps Push Your Data Safely and Effectively to Analytics Platforms

When talking about data security in retail, the priority that comes to mind is the protection of credit card payment information. Businesses have a mandate to protect that data at every stage, whether it is static, moving between multiple platforms or devices, or stored in an application.

While protecting credit card data is certainly one need for encryption, Matt has seen a rapid rise in other applications recently, like dynamic pricing that changes based on a variety of factors — from who you are to what time of year it is. To adapt those prices, a retailer has to parse through a massive amount of information to glean what the individual consumer might want, and in the process, a lot of customer information is transferred from the database to marketing and analytics platforms.

“If you think about loyalty programs and all of that data — how much you bought, what day and time you purchased it — there is a massive amount of valuable data being collected and retailers want to analyze all of that sensitive information,” Matt said.

But they don’t want that information to be subject to a breach when they send it to an analytics cloud, nor do they want the already massive data sets to take up even more space. PKWARE’s Smartcrypt platform can combat both problems through its use of format-preserving encryption (FPE). Simply put, FPE keeps data in the same format so it can be analyzed without being compromised.

Screenshot of PKWARE format-preserving encryption

Through format-preserving encryption, data, like social security numbers, stay the same length while being secured.

“If you were to encrypt a 16-digit credit card number with a strong encryption algorithm, like AES, the result would be a much longer, random string which could break your application or database constraints,” said Matt. “With FPE, a 16-digit number will always encrypt to a 16-digit result. It isn’t an actual credit card number, but since it looks like one, an analytics provider can still use it to relate data sets while protecting sensitive information.”

In today’s world of personalized marketing for shopper engagement, it is vital for retailers to pull insights from customer data and experiences. Smartcrypt gives them peace of mind as sensitive data is analyzed and moved around. The platform also works with the systems and devices a retailer already has in place because PKWARE understands that many retailers can’t afford to replace their infrastructure just to make it more secure.

“A lot of security vendors will push for that, but it can be expensive,” Matt said. “Smartcrypt will work with the investments you’ve already made.”

But PKWARE also focuses its encryption capabilities to the internal workings of business, because security isn’t just about thwarting malicious attacks. It is often about keeping sensitive information from getting out.

Easily Manage Smartkeys to Control Access to Data Used Internally

No matter what data security measures are implemented, internal access to documents can compromise them. Whether it is a former employee who still has access to company data or an associate leaving sensitive information in an unsecured location — like their own personal computer — shoring up security within a company is imperative.

What makes Smartcrypt stand out is its embedded Smartkey capabilities that give retailers secure control of information. The keys are part of PKWARE’s push to make high-level encryption more usable for companies, so they implement more data protection. Keys have long caused anxiety among businesses because of their complexity.

“The Achilles heel of any encryption system is always its key management,” Matt told us. “One reason why companies are nervous about encryption is complex key management. Our Smartkeys make it very easy for users to create and share a key or encrypt files to exchange, bringing more usability to that security.”

Smartcrypt’s encryption keys make it very easy to create, exchange, and share files with others and facilitate that secure collaboration from anywhere — the cloud, in email or on a file-sharing platform. The Smartkeys allow senders to control access throughout the process, including after data has been sent.

Screenshot of PKWARE Smartkeys

Smartcrypt uses Smartkeys to control access to information, even after it has been sent outside a company.

“Each key has an access control list that can be very broad,” Matt explained. “You can address them to groups or individual email addresses. They are great for working on projects because, once the project is over, you can remove access to the key, which essentially removes all access to the data.”

Another application for Smartkeys is changing access permissions at an employee level. Whether an employee leaves the company or moves to a different department, Smartcrypt can dynamically change their access to the information.

Smartkeys are also efficient for time-based expiration. For instance, if your business can’t keep records longer than seven years, they can be encrypted with a smart key and, after seven years, the key can be thrown away. At that point, the information has essentially been digitally shredded.

Making use of Smartkeys is an efficient way to boost internal security, and Smartcrypt gives retailers an easy way to implement them. Looking to the future, though, PKWARE wants to stay ahead of the data security curve and proactively look for information within a business that may be unsecured.

Focused on Educating Everyone on the Importance of Encryption

It shouldn’t take a high-profile data breach like the one at Sony for businesses to take a closer look at their security processes. Sony is similar to many retailers in that it has a lot of workers with access to sensitive information — if left unprotected, those files can easily be compromised. As Matt told us, the vast majority of important data in the world is unsecured.

“Only 5% of the world’s sensitive information is encrypted, and that is a travesty,” he told us. “That number is way too low, and PKWARE is actively working to make it much higher.”

PKWARE is attacking that problem from multiple angles, including working on the ability to track down sensitive information that should be secured. The company plans to add a discovery capability to its Smartcrypt platform to actively seek out sensitive information on servers — password spreadsheets, HR documents, CRM data — and alert a business so it can encrypt those files.

Another way PKWARE is on the front lines of data security is by sitting on the board of the National Cyber Security Alliance.

Screenshot of National Cyber Security Alliance Website

PKWARE’s Matt Little currently sits on the Board of Directors at the National Cyber Security Alliance.

“We are heavily involved with the NCSA, a non-profit that has made it its mission to get the message out about the human element of security,” Matt said. “They realize that whether you are a home user or a corporate employee, we all need to do a little more together to solve this problem.”

PKWARE is heavily invested in the future of data security and believes that, through encryption, many problems can be solved. By securing information at its source, businesses can maintain full control and stay at least one step ahead of data breaches.