In Misson Impossible, when a message reached its intended recipient it would self-destruct so nobody else could view it. If data could be treated the same way, then when an attacker exfiltrated it to a new server, the copy would self-destruct. Data breaches would be somewhat irrelevant.
The technology created by startup Ionic Security doesn't do that exactly, but it achieves largely the same effect. The company just came out of stealth mode this week, unveiling the Ionic.com data protection platform.
It's an encryption solution that seals the encryption keys onto the data and doesn't let go. It encrypts everything, then grants access based on very specific parameters...very specific.
If necessary, you could use the tool to say that this particular word in this particular file can only be seen by this user, and only when he's using this device, and only when he's in this building, and only on this date.
For organizations dealing with classified data and redacted documents, this makes perfect sense. It could assuage worries about Social Security numbers that might be copied and pasted into document after document after document. It could address the concerns of organizations worried about intellectual property being slurped onto a removable drive and sold to a competitor.
The tool, says Adam Ghetti, Founder and CTO of Ionic Security, makes sure "your data is really, really dumb. If it goes somewhere [Ionic is] not, it doesn't work."
Of course, in order to accomplish this "pixel-level security," as Ghetti describes it, you need a lot of encryption keys; one file might contain dozens of separate pieces of data, each signed with its own unique key. Sounds problematic, since one of the main reasons enterprises eschew encryption is because key management is such a hassle.
Ionic offers "key management management" as a service, and manages literally trillions of keys through a key grid, which customers could either have in the cloud or on-premise.
Ghetti says that making the tool user-friendly was also a priority, so that the IT department could set the umbrella policies, but the individual data encryption keys could be easily managed by the regular staff (or line of business managers) who own the data.
He says the company's goal is to move away from a fear-based approach to security and instead be fearless. Instead of saying you can't, say "You can get the data. But under the way we've negotiated."