A Basic Grid for Protecting Your Data


Feb 24, 2016


Sensitive information every business should keep encrypted.

A recent study by Sophos indicates that 87% of the organizations surveyed encrypt their data to some degree. They know it’s crucial to protect proprietary company data. But what other types of data are they encrypting?

If it’s sensitive data, a business should encrypt it. It’s one of those answers you know is right, but you don’t like hearing. The truth is that the type of business you run determines the data you create, use, and store. The best way to approach deciding about encryption it is to ask if the data has the following characteristics. If it does, you should keep it encrypted.

Here’s What’s Sensitive

  • Your confidential business data – It’s likely most of this data falls under no compliance regulations. The irony is that it’s often the target of attacks. It could be worth billions of dollars. Why wouldn’t you want to encrypt this data? It keeps trade secrets, business intelligence, sales data, and research out of the hands of those who want to sell it to your competitors.
  • Accounting data – The Sarbanes-Oxley Act regulates the reporting of financial data by public companies. It requires stringent and auditable data security measures. Encryption is the best way to comply.
  • Government data – All U.S. governmental agencies are required to follow FISMA guidelines to protect data from security breaches. Does your company work with a government agency? You risk more than losing them as a customer if that shared information is compromised. Information about government programs falls under these regulations.
  • Health data – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services to develop regulations protecting the privacy and security of certain health information. The Act was updated in 2013. Health insurance data, medical information, and identifying information such as home addresses or social security numbers must be kept private. It’s a requirement if it’s reasonable and appropriate to encrypt the information. If you’re audited, be prepared to demonstrate why you believe encryption isn’t necessary.
  • Financial data – This is any kind of financial data you store or use to do business with customers. It includes credit card information, bank account numbers and credit-related information. PCI DSS regulations require strict security measures for any company that deals with credit cards. PCI DSS stands for Payment Card Industry Data Security Standard. These are standards merchants must follow which includes encryption requirements.
  • Individual data – If your company collects data that could be used for identity theft, you must comply with U.S. and international laws governing Personally Identifiable Information (PII).

Encryption and the Cloud

Encryption has to be a part of every company’s cloud strategy. The good news is that your cloud service provider is on top of the game.

Cloud encryption services can provide protection of your data wherever it is located in the cloud. The policies for what should be encrypted, though, start with you.

4 Questions about Your Data

You know it needs protection. Encryption is the best solution. To make encryption the foundation of your data protection strategy, you need to know your data’s lifecycle. Ask these four questions. They’ll help you uncover areas of threat.

1. How does data flow into and out of your organization?

2. How do your organization and your people make use of data?

3. Who has access to your data?

4. Where is your data?

Not Just What, but When

U.S. government laws and industry regulations mandate that sensitive data must be protected. Compliances and regulations for data security also apply to the state of data. It must be secure when it’s at rest, during transactions, and when it’s distributed through network connections.

The protection of data in its physical location and state has become even more important because of cloud storage and computing. All governments may not yet demand cloud encryption. Your industry may just be coming around to a strong push for it. You might find that the loudest demand for encryption protection is coming from your customers. This is because most sensitive data companies keep records of transactions with customers.

Related Blogs

  • Duplicate flows across multiple flows by using a CI/CD pipeline that eliminates manual flow replication and associated errors." alt="">
    Manage Contact Flows With Amazon Connect APIs

    Programmatically configure and test Amazon Connect contact flows while reducing effort and errors Key Takeaways: New contact flow APIs are easily deployed from an AWS CloudFormation template Contact...

    Learn More
  • A woman working as a contact center agent and using a desktop computer with access to Amazon Connect and Amazon Connect Tasks" alt="">
    Automate, Track, and Manage Tasks for Amazon Connect Contact Center Agents

    Here’s everything you need to know about Amazon Connect Tasks and how it improves agent productivity while enhancing the customer experience Key Takeaways: Contact center agents often track and...

    Learn More
  • The insights offered by Amazon Connect Contact Lens provide unparalleled customer service training opportunities." alt="">
    Run Real-Time Contact Center Analytics on Amazon Connect

    Amazon Connect Contact Lens lets your call center apply machine learning and natural language processing for speech-to-text analysis and real-time insights Key Takeaways: Amazon Connect Contact Lens...

    Learn More