The rise of ransomware attacks has heightened companies’ concerns about cybersecurity and paralyzed organizations from freely using their kinetic data to gain insights.

The best way to change the ransomware game is to make the data worthless in the wrong hands, according to Rick Farnell (pictured), president and chief executive officer of Protegrity Inc. And this must be done with a continuous policy to protect data at rest and in motion while making it available for artificial intelligence and machine learning purposes.

“If you kind of look at what’s happening in the ransomware kind of attacks, there’s a couple of different things going on, which is, number one, bad actors are getting access to data in the clear and they’re holding that data ransom and threatening to release that data,” he said. “From a Protegrity standpoint, with our protection capabilities, that data would be rendered useless to them in that scenario.”

Farnell spoke with Natalie Erlich, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. They discussed the growing risks cybercriminals pose to businesses, cybersecurity market trends and how Protegrity helps enterprises protect their data. (* Disclosure below.)

Tokenization replaces sensitive data with useless ones

Traditional cybersecurity investment in recent years has been at the network level, building walls to keep bad actors out of the business space. The problem is that once criminals get through some of those fences, if data is not protected at a fine-grained level, criminals have access to it and put organizations at risk.

An effective way to protect data in minutiae is to mask it, according to Farnell. Tokenization substitutes sensitive data elements (information such as Social Security and bank account numbers) with a non-sensitive equivalent called a token. A token has no intrinsic or exploitable value. Instead, it is a substitute that irreversibly de-identifies sensitive data and therefore makes the protected data useless to hackers.

“From a Protegrity perspective, our kind of policy and protection capability follow the individual piece of data no matter where it lives in the architecture,” Farnell said. “So, protecting that data, not just at rest or while it’s in motion, but it’s a continuous protection policy that we can basically preserve the privacy of the data but still keep it unique for use in downstream analytics and machine learning.”

That doesn’t mean replacing traditional security systems with tokenization, but adopting multiple tools to get many layers of protection. Protegrity views cybersecurity as a three-step process approach.

“One is having that fine-grain data protection, so tokenizing your data so that if someone were to get your data, it’s worthless, unless they have the ability to unlock every single individual piece of data,” Farnell said.

The second is having an efficient backup capability, which can bring a new environment up if something fails or happens. And the third is having a type of malware detection in the rest of the cyberworld to make sure that the architecture can be removed from some of these agents.

With this broad approach, the risks of business disruptions due to cyberattacks decrease exponentially.

“Ransomware, they take data, they encrypt your data, so they force you to give them bitcoin, or whatnot, or they’ll release some of your data,” he explained. “And if that data is rendered useless, that’s one huge step in kind of your discussions with these nefarious actors.”

Without the risk of information leakage, the company can focus on using its backup capability to quickly deactivate the infiltrated environment, prove a new environment is safe and get its production up and running again. “You’re back in business,” he said. “You don’t have to notify your customers; you don’t have to deal with the ransomware players.”

Data protection is gaining momentum

Protegrity has been on the road for about 17 years, but it has recently seen an absolute renaissance in the fine-grain data protection it offers.

“Organizations are recognizing that continuing to protect your perimeter, continuing to protect your firewalls, that’s not going to go away anytime soon, but at the same time, recognizing that the data itself needs to be protected, but with that balance of utilizing it downstream for analytic purposes, for machine learning, for artificial intelligence,” Farnell said.

The most regulated sectors are Protegrity’s main targets. These are financial services, insurance, online retail and healthcare or any other industry that has important confidential customer data – such as name, credit card information, national identification number, Social Security number, blood type and the like — that they need to protect.

“In the healthcare space specifically, some of the largest healthcare organizations in the world rely on Protegrity to provide that level of protection but at the same time give them the business flexibility to utilize that data,” Farnell said.

The company also sees plenty of room to grow in the internet of things environment, where a huge amount of data is highly distributed.

“If you think about GPS location or geolocation, if you think about a device and what it does, the intelligence that it has, the decisions that it makes on the fly, protecting data and keeping that safe is not just a personal thing,” he explained. “We’re stepping into intellectual property and some of the most valuable assets that companies have, which is their decision-making on how they use data and how they deliver an experience.”

While there are new entrants to the data protection market, providing security through encryption or anonymization, for example, Protegrity is betting on what it believes to be its differential: protecting information while allowing it to be used in machine learning and AI to generate business value.

“Unless you’re doing fine-grain tokenization, you’re not going to be able to allow that data to participate in the artificial intelligence world,” he said. “Then I would say that probably the biggest competitor [for Protegrity] is customers not doing tokenization.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. (* Disclosure: Protegrity Inc. sponsored this segment of theCUBE. Neither Protegrity nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE