The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
What organizations need to know when it comes to implementing encryption, the function of encryption, and how failing to encrypt data can lead to compromise.
More data records are being lost and stolen all the time. The increase in compromise of data is seen in an analysis of the second half of 2016 and first half of 2017. The number of breached data records rose 164% during that period to 1.9 billion records, per analysis by Gemalto. Incredibly, the 1.9 billion figure was already higher than the total volume in 2016. While the number of records being lost to data breaches is ascending, so is the related cost. One analysis found that the cost of a single stolen record resulting from a data breach was $225 in 2017, up from $221 in 2016.
In this context, security is paramount – and one of the primary steps toward security is encryption. This article looks at how encryption is useful to business and provides advice as you move forward in implementing it. Note that it does not talk about the types of encryption but instead focuses on managing the process as you encrypt organization-wide.
The function of encryption in business
Encryption is designed to protect data both while it moves and while it is stored in a network storage system or computer. Any entities that gather personally identifiable information (PII) should keep that information secure, and the standard way to secure data is by encrypting it. Through encryption protocols, small and midsize businesses (SMBs) and other organizations are able to protect names, birthdates, social security numbers (SSNs), and other types of critical data. By implementing encryption throughout their systems and to the data flowing through their service providers, businesses are able to protect themselves from various negative outcomes (including lawsuits and regulatory fines) if data is stolen.
Nefarious parties can easily look at any data that is unencrypted if they can access it, as when people steal laptops. Theft of unencrypted laptops is a common issue, as indicated by violations of the Health Insurance Portability and Accountability Act (HIPAA), with large settlements highlighted by the Department of Health and Human Services (HHS). Because lack of encryption is such an open window for abuse, it should not just be used for all your laptops but throughout the rest of your environment as well. After all, if the data is not encrypted, no one would even have to get your sign-on password to get access; they could just use a USB thumb drive to boot the computer and see the files.
Encryption is a huge point of focus for online business security. For example, businesses that accept credit card payments are required to follow PCI compliance requirements which make online transactions secure by encrypting data, among other safeguards. But encryption is not the only defense you need to protect data. A malicious user could get into the computer through a network connection that lacked proper security protections. Infection with malware that steals login data from the device could arise when an unsuspecting staff member clicks on a malicious email link. Other safeguards (such as firewalls, antimalware software, and staff training) would be necessary beyond encryption to prevent those types of attacks and others. Nonetheless, encryption is always a strong idea because you will greatly lower the chance that information is compromised.
What Is Data Encryption? Definition, Best Practices & More
What you need to know when encrypting your organization's data
Here are a few key recommendations when encrypting your data and ensuring a safe IT environment:
1.) Look at data in all scenarios, both in-transit, and at-rest. Encryption is standardly used to protect data in all these scenarios.
2.) Back up all your files and create an image backup prior to encrypting. Create a boot disk on removable media and be sure that you have installation media for the operating system.
3.) Make regular backups at pre-established intervals. Otherwise, you could lose data permanently when an encrypted disk becomes corrupt or crashes. You will be able to get everything back up and running rapidly if you have a recent backup.
4.) Decentralize encryption and decryption. You can set up a distinct encryption server at a central location or encrypt locally, distributed through your organization. When you use a decentralized method, you need an encryption key manager that maintains the security of keys in order to keep things organized. You will want to establish encryption at the application, database, and file levels. By distributing encryption, you can yield many benefits, noted Kaushik Pal, including better availability, stronger performance, higher quality data transmission, and lower network bandwidth.
5.) Use the hub-spoke model for encryption. When you combine distributed execution with central key management, the encryption and decryption node can be anywhere within your network. Your key management spoke can be integrated with encryption software and deployed on more than one node. With all the spokes in place, you are able to encrypt and decrypt at the level of the node. By structuring the task in this way, the data does not have to travel as much. You should also be able to maintain higher uptime that might arise from a failure of the hub. The key manager should be able to create, securely store, and monitor the expiration dates of the keys that the spokes use. Keys will also have to be changed within the nodes whenever they expire.
Encryption to keep your business data confidential
The amount of data that is being lost or stolen by business is on the rise, as is the related cost. Encryption is a standard way to keep the data that is stored and moving within your systems secure. The above advice can get you started with implementation.
Moazzam Adnan Raja has been the Vice President of Marketing at Atlantic.Net for 14 years. During Raja’s tenure, the Orlando-based, privately held hosting company has grown from having a primarily regional presence to garnering and developing attention nationwide and internationally. In collaboration with a skilled and dedicated team, Raja has successfully led a full spectrum of marketing campaigns, as well as handling PR work with major news outlets and the formation of key strategic alliances.