40% of all SaaS Assets are Unmanaged – BLAKFX: In Math We Trust – Helix22 End-to-End Post Quantum Encryption

New research from DoControl found that 40% of all software-as-a-service assets are unmanaged, which heightens internal, external, and public access to sensitive data.

As a benchmark, the average 1,000 person company stores between 500K and 10M assets in SaaS applications. Companies enabling public sharing may face up to 200,000 of these assets being shared publicly. The research aggregated and analyzed myriad data from its customer base. Below are key findings categorized by external and insider threats:

Insider threats:

Of the companies analyzed, an average of 400 encryption keys are shared internally to anyone with a link.
20% of SaaS assets are shared internally with a link, exposing many employees to data points they are not authorized to consume.
8% of employees share assets from their corporate with their personal accounts, exposing many former employees to ongoing company data.

External threats:

Between 1,000 and 15,000 external collaborators (vendors, contractors, customers, partners, prospects, media, analysts, etc.) have access to company data.
Between 200 and 3,000 external (specifically third-party) companies have access to company assets.
18% of SaaS application assets are shared externally and remain shared externally even after deleting users.

Unmanageable data access poses a significant risk to any organization and increases the likelihood of a data breach. SaaS apps are designed to promote collaboration, this also creates an ever-growing attack surface that requires attention to ongoing data access at scale.

Helix22 SDK was purpose built to protect SaaS data on IT systems, in the cloud and with 3rd party vendors.

By almost any objective criteria — sensitivity of data, importance to business operations, need for data integrity — SaaS applications such as Salesforce and ServiceNow and the data they contain are part of the critical IT infrastructure stack. However, they receive little attention from administrators responsible for managing and securing critical enterprise IT.

SaaS is not typically given the same level of due diligence as IaaS, bare metal, and other elements of the IT infrastructure stack. This leaves organizations vulnerable to leaks and breaches that can compromise the integrity of sensitive information, disrupt operations and damage reputation and market value. We need to treat SaaS as critical infrastructure and invest accordingly to secure it.

Unmanaged SaaS usage means that sensitive corporate data may proliferate to locations that were never envisioned to house that type of data. SaaS applications often integrate with other SaaS applications, and if those integrations are also not managed, then organizations risk granting overly permissive and continuous access to their corporate data through multiple SaaS channels.

To address this challenge, organizations first need visibility into what SaaS applications are being used. Initial visibility can be obtained by allowing SSO authentication through their preferred identity provider. Furthermore, organizations should explicitly review the permission scope of SaaS applications and approve them before they are allowed to authenticate.

While cloud-based applications offer flexibility and increase efficiency and productivity, they also can increase an enterprise’s attack surface, creating significant risk if businesses don’t understand the relationships between those applications, their dependencies, or who can access them.

Proper visualization management of these applications, identities, and data can be the difference-maker when it comes to not only understanding, but mitigating the threat of these unmanaged asset.

Data security obviously does not just exist on your own IT system. As we are all aware, our own data systems are hard enough to keep secure let alone those of your direct suppliers, 3rd party vendors and the Cloud. As the US Federal Government discovered, the SolarWinds failure is an obvious example of a direct supplier providing inferior products. Another recent and notable example is the Apple ransomware attack where Intellectual Property (IP) was stolen through the systems at one of Apple’s premier suppliers, Quanta Computers in Taiwan. Even without these more notable examples, your firm/nation might have the resources to keep up with software updates and patches, but your suppliers may not.

The continued growth of SaaS and cloud computing will inevitably leave humungous gaps in your supply pipeline. On the cloud, your firm is quite simply at the mercy of the Cloud Service Providers (CSP) security system. Further, E2E encryption is limited in it’s capabilities and only protects data during transfer. If you are running AI experiments on the cloud, then none of the data is protected as E2E encryption does not protect data in use or at rest. E2E encryption will be obsolete in the quantum computing era.

Our Motto

“In Math We Trust”

Currently, the only way for organizations to retain full control when transitioning to the Cloud is through Anonymization of data or rendering enough sensitive data fields inaccessible when in the Cloud and only accessible again when coming back on-premise or back within their span of control. This is where the Hold Your Own Key (HYOK) concept becomes essential. Encrypting data prior to sending to it the Cloud and only decrypting once back on-premise is the only way to satisfy any more conservative trust models.

Cloud Service provider encryption solutions, however, cannot strike the required balance. Disk, file, tablespace or even Column level encryption solutions still mean the Cloud Provider controls the keys! This protects against an intruder walking out of the data center with a disk drive but not any normal access channels to the data. Cloud Services provided solutions including Bring Your Own Key (BYOK) designs, are not acceptable to organizations in any highly regulated industries or processing particularly sensitive data.

Another major problem is encrypting all the data. If data is 100% encrypted, then fields and columns cannot be accessed and are therefore are inadequate for use as a data set. It becomes impractical then from a business standpoint, to encrypt all data fields or offer access only on a “need-to-know” basis. The result is that most data is shared on the CSP without encryption at all. Your data is then 100% reliant on the CSP not being breached.

Enter BLAKFX with perfect data security. The Helix22 SDK offers 100% data security on your firms data while it is at rest, in use or in transit. It also works on every CSP and on any device or in any programming language.

Here is how HELIX22 works.

BLAKFX provides Device-2-Device (D2D) Encryption with multi-patented DNA Binding^TM cryptography that embeds with the data itself. The key exchange originates on an encrypted device (not in software or an app) and is augmented with a genuine “zero-knowledge” universal key server. The recipients device must have Helix22 installed in order to exfiltrate the data. Therefore, we offer perfect data security with 100% compliance, in your control, at all times. This of course is the optimal scenario. Your firm controls full control over access to your data sets at all time.

With Helix22, this means that data is protected on your infrastructure, on a CSP and is 100% compliant. Also, it means that no other service provider or 3rd party will be able to access data or have it breached. Compliance is controlled also 100% by your frim as all the keys are in your possession and/or generated by the BLAKFX key serer, which is 100% zero-knowledge.

What we understand better than anyone else is the new era of data security is one that requires new solutions. At BLAKFX, we understand that protection of your data requires that it be protected wherever it is. Whether on the cloud, in transit on a foreign network or on a trusted suppliers system. Data security cannot just be about protecting your own systems. Therefore, we know that the era of perimeter defenses is over as it is proving impossible to keep hackers from breaching the perimeter and accessing data. Also, E2E encryption based on old models of RSA cryptography will be obsolete when quantum computing becomes more widespread.

Helix22 is Quantum Immune – Start Your Integration on our Git

Helix22 delivers perfect security assurance due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. The approach we took was to protect the data itself. Almost all other data security products attempt to build a perimeter or being fanatic on user credentials. However, once the product is breached or a password is stolen, even if it is 2FA or encrypted, your firms data is in the clear.

You see, the Helix22 cryptography is embedded with the data itself through our inventive and multi-patented process of DNA Binding^TM. Therefore, even if credentials are stolen the data cannot be exfiltrated. This means that all data is 100% protected regardless of the type of attack.

Another substantial advantage of Helix22, is that it protects all data whether at rest, in use or in transit. All communication apps for example, only encrypt data while in transit. Therefore, that encryption become useless for internal IT security or Artificial Intelligence or Machine Learning experimentation. All data generated during these massive computing exercises is equally protected in real time. Plus, the latency period for the Helix22 is exponentially less than any other security product, so it actually contributes to faster processing times.

The Helix22 is easy to install and runs on all platforms, programming languages, networks and devices.

In this protocol, we are truly a “zero-knowledge” server so your private communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity ever for any data leak.

The Helix22 data security SDK accomplishes the following:

Protects all your firms data at rest, in use and in transit
Renders ransomware threats obsolete
Eliminates human error
Eliminates all malicious or interior attacks
Verifies original content i.e. minimizes the threat of impersonation attacks and deep fakes
Reduces latency
Installs with 5 lines of code
Runs on any platform, network, device and in any programming language
Provides perfect future/forward secrecy
Delivers “zero-knowledge” encryption
Perfect security when utilizing all SaaS products
Compatible with all cloud, 3rd party and vendor services
Ensures privacy and security for blockchain and all cryptocurrency transactions
Is quantum ready – so there’s no need to upgrade when the time comes
Requires no employee training
Exceeds all gov’t and banking security standards
Meets all international compliance regulations

D2D encryption

We can make this claim as the tech engineers at BLAKFX invented and patented a genuine device2device (D2D) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique device-2-device (D2D) world, there is no opportunity at all for any data leak.

This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.

Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.

One final practical genius of DNA Binding^TM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.

BLAKFX is Based on Success

Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.

Founder – Robert Statica PhD Founder – Kara Coppa Founder – Alex Maslov MS, MBA

Co-Founders of Wickr Katim^TM Ultra Secure Smartphone

Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.

We like to refer to Helix22 as “22nd Century Data Security.”

Helix22 – Zero Risk