Developing an end-to-end encryption strategy is imperative to the security of confidential company data.
According to data from the Privacy Rights Clearinghouse, more than one third of all U.S. adults will have their personal identity information lost or compromised this year by a company that stores their data electronically. This is an incredibly sobering statistic.
Who is to blame for this? Hackers and lackadaisical employees for sure, but many companies are not doing everything in their power to encrypt confidential customer data. Ultimately, it is the company’s responsibility to protect confidential customer data. In some states, it’s even illegal to leave customer data unencrypted.
Creating a seamless encryption strategy isn’t easy
Operating system and application vendors haven’t made it easy to develop a seamless encryption strategy that works across all applications, throughout an entire organization. Existing guidelines and laws may contradict one another, making companies unsure of how best to implement a sound encryption strategy. This often results in inaction, which is almost the worst possible option when it comes to protecting customer data.
No compromise when it comes to encryption
Any type of data that could be used by an individual, company, group or other entity should be protected against illegitimate access during the creation, operations, transmission, and storage. Confidential data is most vulnerable when it is transmitted over unsecured networks and when stored on portable devices such as USB flash drives, laptops, data backups, and other small computer equipment.
A robust encryption strategy should consider all the various ways that data can be input and output and how it’s stored. Hackers most often favor client-side attacks. They may get an employee to unknowingly install a key logger, virus, or Trojan, which then allows them access to confidential data. Malware can also obtain access to data as it travels through a network. Implementing an end-to-end encryption strategy must also have protections for data that is sent to third parties.
Choosing encryption technology solutions
While some vendors may claim to offer comprehensive solutions, eventually an IT administrator will likely have to combine multiple solutions.
Companies can access standards and guidance from the National Institute of Standards and Technologies (NIST), where IT admins can access their Cryptographic Toolkit.
Encryption solutions are typically broken down in five categories: file or folder level, media level, volume or partition, field level, and communications.
File Level Encryption
File level encryption protects data on a file by file basis. Examples include Pkzip or PGP.
One common weakness of file level encryption products is the fact that while these solutions may encrypt your specific files, it likely will not encrypt temporary versions of these files or documents that are created when a file is copied, opened, or transmitted by an application or operating system.
Volume or Partition Encryption
One way that some vendors get around the issues with file level encryption is by encrypting the entire partition or volume where data is stored. This can typically be done either at the Operating System level or using an application. One popular open source volume encryption product is TrueCrypt.
The main drawback of this type of encryption is that a single volume corruption can make the entire volume unavailable, or a compromise of the volume can allow the entire volume to become available to hackers.
Folder Level Encryption
Folder level encryption encrypts the contents of an entire folder. Keep in mind that folder level encryption products typically don’t encrypt the entire folder as a single object. Instead, they encrypt each file individually and use a master encryption key for the entire folder. Therefore, if the encryption key is compromised, hackers will have access to all of the files within that particular folder.
Field Level Encryption
To protect important database data, field level encryption is often used. With field level encryption, data can be encrypted on a per row or per column basis, but it’s usually preferred to encrypt data on a per element basis. In other words, all data is encrypted before it is stored in the database and decrypted as needed.
Protecting data as it moves
It is absolutely imperative to protect data as it moves across unsecure networks. Data sent via the web is typically protected using SSL/TLS. VPNs and network traffic is often protected using IPSec, SSH, or SSL. Email can be protected using cryptography with S/MIME or PGP. Other forms of network traffic such as IM communications and peer-to-peer traffic also must be encrypted and authenticated.
Is your company doing enough to protect data at rest?
As you can see implementing a comprehensive encryption strategy is extremely complicated and can be fraught with challenges. If you’re not sure where to even start when it comes to protecting confidential data, don’t hesitate to reach out to CloudHesive’s team of encryption experts today at 800-860-2040.
