By Bob Michaud, Q2 Chief Security Officer
Welcome to our final blog of National Cybersecurity Awareness Month. Because Q2 is a Cybersecurity Awareness Champion, every October I share weekly blog posts on cybersecurity. This year, I’ve been discussing Q2’s implementation of a Zero Trust framework—a multilayered approach that does away with the assumption that bad actors are always outside of the trusted part of your network and that only trustworthy users have accessed it.
This week, we’ll discuss the data itself and Q2’s adoption and development of advanced technologies that protect data. This last line of defense in our Zero Trust framework is a solution called TrustView.
Because our success is dependent on keeping our customers safe, Q2 has always focused on finding new ways to advance our customers’ security. Our most recent security solution, Q2 TrustView, was developed through a partnership with ALTR. It removes the actual data from the application layer, dramatically reducing the risk of security and privacy breaches.
I asked our CIO, Lou Senko, to describe what TrustView means to Q2’s Zero Trust strategy. Lou shared that, while some layers of our security leverage data as the actual security play—using behavioral information as a way to detect suspicious activity—TrustView takes the data completely out of the equation, acting as a failsafe for all the other layers. TrustView transforms the data through a sophisticated use of tokenization, encoding, and blockchain technology. All sensitive data is removed and replaced by tokens within the application surface. After several random encoding and fragmentation events, these pieces are then scattered and stored across multiple blockchains.
When I asked him, “What advantage does this provide our customers?” Lou explained that by using this advanced technology, the raw data is never stored in the database. Instead, the data fragments are rehydrated just in time and on-demand for the application. Even if an attacker or rogue employee were to gain access to the application databases, or a ransomware infection attempted to lock and exfiltrate the data, no real data can be harmed. The data fragments are all meaningless until you run it back through TrustView’s “rehydration” process.
In closing, I’d like to thank Lou Senko for his insights into these National Cybersecurity Awareness Month blogs. I’ve enjoyed our discussions around zero trust and hope you have found them useful. The far-reaching benefits and solutions he’s shared ensure that our security layers are doing more than simply covering issues—and that you’re not just one security layer’s failure away from disaster.
Thanks for reading. I hope you’ve had a great National Cybersecurity Awareness Month.