CCPA: The 500 Pound Gorilla Sitting on Your Security Strategy | Fornetix
CCPA stands for California Consumer Privacy Act. However, your company doesn’t have to be located in California for this law to affect business. If you’ve collected personal data on at least 50,000 people, or have $25 million or more in annual revenue, CCPA applies to your organization.
Proposition 24, also known as the California Privacy Rights and Enforcement Act of 2020, was passed by California voters in the November 2020 election. Proposition 24 expands the reach and amends some provisions of CCPA, creating additional protections for Californians, and additional work for organizations.
In short, CCPA (and the passage of Proposition 24) was enacted to protect California residents’ data from theft or misuse. It was also created to compel companies collecting or storing Californians’ data to initiate more effective data security practices to curb the increasing number of data breaches negatively impacting Californians.
The Gorilla can Cause Real Damage
GorillaAt the core of CCPA’s initiatives is the new responsibility placed on organizations to encrypt sensitive data. Companies across the globe have quickly complied by increasing their encryption of data at rest, in motion, and in the Cloud. But this move to mass encrypt data has inadvertently created a staggering problem for many organizations – a 500-pound gorilla – that instead of helping protect sensitive data, has quelled efforts by leaving organizations with more encryption key material than can adequately and successfully be managed without a dedicated encryption Key Management System (KMS).
More data encryption means more encryption keys. The more keys that are generated and used, the higher the odds an attacker will find a way to compromise them. Just like passwords on our computers, encryption keys must be rotated as frequently as possible. The rotation of keys increases the complexity and expense of encryption exponentially, but greatly decreases the probability of a successful attack on data.
So How do You Get Rid of the Gorilla?
A proper solution would be to install a highly scalable encryption key management system that fully automates the key lifecycle thereby alleviating the excessive weight additional encryption keys have put on your security strategy.
Enter: Fornetix’s VaultCore™. This patented, next generation key management solution provides a robust, simple to use, and secure “set it and forget it” approach that works actively to protect your data. The VaultCore system allows organizations to put in place a re-keying schedule that matches their desired policy, often saving organizations tens of thousands of dollars by turning a manual process into a simple click of a button, and grossly reducing errors associated with human nature.
How Encryption Key Management is Saving Companies Struggling with CCPA
Delivered as a physical or virtual appliance, VaultCore delivers a unified approach to data security through deploying and enforcing encryption across the entire organization – across all devices. This means an organization has the power to store and control all encryption keys for all data and helps to ensure the organization is meeting CCPA by adequately protecting data through encryption AND key management.
The most scalable KMS available, VaultCore is capable of handling over 100 million keys, more than adequate for any industry as they grow and continue to strive to meet CCPA, GDPR and the myriad of other regulations being put in place.
For a deeper dive into understanding encryption key management and how it works with your current security strategy to meet CCPA to protect sensitive data and relieve your organization’s security strategy struggles, click here to read how Encryption Key Management is Saving Companies Struggling with California Consumer Privacy Act (CCPA).