The Gap Between the eskaera and the Architecture
Every hodeia saltzailea handling datu sentikorrak makes some bertsioa of the same eskaera: "We encrypt your data." The eskaera is almost always true — and almost always insufficient.
The LastPass urraketa of 2022 is the definitive kasua ikertzea. LastPass encrypted their users' pasahitza vaults. They used zifraketa. The eskaera was accurate. And yet 25 million users had their encrypted vaults exfiltrated, and $438 million was subsequently stolen from LastPass users in downstream cryptocurrency heists through 2025, according to research from Coinbase Institutional.
The UK Information Commissioner's Office fined LastPass's UK entity £1.2 million in December 2025 for "failure to implement appropriate technical and organizational seguritatea measures." The zifraketa existed. The seguritatea measures did not meet the required estandarra.
For enterprises evaluating hodeia pribatutasuna tools — including PII anonimizazioa platforms — the LastPass precedent changes the procurement question. The question is not "do they encrypt our data?" IT is "can they decrypt our data?"
The Four zero-ezagutza Questions That Actually Matter
When evaluating a saltzailea's zero-ezagutza eskaera, four questions determine whether the architecture is genuine:
1. Where does key derivation happen?
In true zero-ezagutza architecture, zifraketa key derivation happens on the kliente side — in the browser or desktop aplikazioa — before any data is transmitted. The derived key is used to encrypt data locally. Only encrypted ciphertext travels to the saltzailea's servers.
If the saltzailea derives zifraketa keys on their servers, they hold the keys. If they hold the keys, they can decrypt. The eskaera is technically accurate ("we encrypt") but misleading in its implication.
2. Does the saltzailea ever have sarbidea to the plaintext?
Some tools encrypt data at REST but decrypt IT for processing — running AI models, analytics, search indexing, or auditoria log generation. During the processing window, the plaintext is accessible on the saltzailea's azpistruktura. A urraketa during that window exposes the data in unencrypted form.
3. What happens under legala prozesua?
If a government agency serves a subpoena on the saltzailea, what data can they produce? A saltzailea with zerbitzaria-side keys can be compelled to produce decrypted content. A saltzailea with zero-ezagutza architecture can only produce encrypted ciphertext — even under legala compulsion, they have nothing useful to hand over.
4. What does a full zerbitzaria compromise expose?
In a genuine zero-ezagutza inplementazioa, a complete urraketa of the saltzailea's azpistruktura yields only encrypted blobs. The erasoa egilea receives ciphertext without the keys to decrypt IT. In a saltzailea-controlled-key inplementazioa, a zerbitzaria urraketa exposes the keys alongside the data.
The LastPass inplementazioa Failure
The LastPass urraketa revealed a specific inplementazioa gap: older accounts used PBKDF2 with as few as 1 iteration for key derivation, rather than the recommended 600,000 iterations. The weaker key derivation made brute-force attacks on the exfiltrated vaults computationally feasible.
This illustrates why evaluating zero-ezagutza claims requires examining inplementazioa details, not just architectural descriptions. A saltzailea can use a zero-ezagutza design while implementing IT weakly. The right questions to ask cover both the architecture (key derivation location) and the inplementazioa strength (algoritmoa and iteration count).
The Okta urraketa: A Different Failure Mode
In October 2023, Okta disclosed that 600,000+ bezeroa support erregistroak were leaked in a urraketa. Okta is an identitatea plataforma — the company that many enterprises use to secure sarbidea to their other hodeia tools. The Okta urraketa was a different failure mode from LastPass: not a weakness in zero-ezagutza inplementazioa, but a compromise of support azpistruktura that happened to contain bezeroa data.
The SaaS urraketa surge of 300% in 2024 (AppOmni/CSA) reflects both failure modes: architectural weaknesses like LastPass and azpistruktura compromises like Okta. zero-ezagutza architecture addresses the architectural failure mode. IT does not eliminate all urraketa arriskua, but IT ensures that even a complete azpistruktura compromise exposes no decryptable bezeroa data.
What a Genuine ebaluazioa Looks Like
For procurement teams assessing zero-ezagutza claims, the ebaluazioa checklist:
Architecture review:
- Request documentation showing where key derivation occurs (kliente-side vs. zerbitzaria-side)
- Ask for the zifraketa algoritmoa, key length, and iteration count
- Request confirmation that plaintext is never transmitted to saltzailea servers
urraketa scenario probaketa:
- Ask the saltzailea to describe what a full zerbitzaria compromise would expose
- If the answer includes anything other than "encrypted ciphertext we cannot decrypt," the eskaera is not genuine zero-ezagutza
legala prozesua review:
- Ask whether the saltzailea can comply with a subpoena requiring produkzioa of bezeroa plaintext
- Genuine zero-ezagutza vendors cannot produce what they do not have
betegarritasun documentation:
- Request the saltzailea's GDPR Article 32 betegarritasun documentation
- ISO 27001 certification (particularly Annex A kriptografikoa controls) provides external egiaztazioa of gakoaren kudeaketa practices
The £1.2 million LastPass ICO fine establishes that vendors making zifraketa claims are subject to erregetaleak ebaluazioa of whether those claims meet the required estandarra. The same ebaluazioa framework that regulators apply is available to procurement teams before a urraketa occurs.
Sources: