New Episode of The Cyber Show: #053 | S6 | In The Chair | Securing Data At Rest with David Stonehill

In this episode of The Cyber Show, David Stonehill from Netlib Security discusses the importance of securing data at rest. Netlib Security, founded in the early 2000s, initially developed programming libraries for software engineers. However, evolving client needs required additional features to protect stored data in their applications. This led Netlib to create encryption libraries to secure databases and ISAM and DBF files, commonly used at the time.

David Stonehill, currently the CTO of Netlib Security, emphasizes the importance of encryption as a fundamental security measure. He explains that encryption must be transparent to applications and users while being separate from the operating system and system administrators. This separation of roles ensures that only the security officer controls encryption, thereby enhancing overall security.

The podcast covers several crucial aspects of encryption, including psychological, educational, and political challenges. David discusses the resistance to encryption, often seen as difficult or complex, and the need to make it accessible and transparent. He also mentions opposing forces to encryption, including governments seeking backdoors to access civilian data, which compromises security.

A key point in the discussion is the importance of trust in health technologies, such as smartwatches and medical devices. David highlights that mistrust in these technologies can have serious consequences, such as discouraging people from seeking medical care. He emphasizes the importance of regulation and audits to ensure that health data remains secure and is not sold to third parties.

Netlib Security offers encryption products that easily integrate into various applications and databases, such as SQL Server, Postgres, MySQL, and MongoDB. Their solution uses a filter driver that encrypts data read and written by secured applications, making the process transparent to the end user. David stresses the importance of key management, including key rotation and the use of one-time keys to enhance security.

The podcast also addresses future challenges posed by quantum computing and artificial intelligence. David explains that Netlib uses symmetric encryption algorithms, like AES256, which are resistant to current and future threats. He highlights the importance of modularity and flexibility to adapt encryption algorithms to new threats.

In conclusion, David Stonehill emphasizes the importance of making encryption accessible and transparent to encourage its adoption. He points out that even "good enough" security is preferable to no security, and that encryption solutions must be performant and easy to use to be effective.

To learn more about Netlib Security's products and approaches, visit their website at the following address: http://cybershow.uk/episodes.php?id=53