Why is data encryption important and what does a comprehensive data encryption strategy look like?
Data encryption is an important part of today's overall security strategy. The internet by design is out in the open. Anyone with the right knowledge and access can read any data you send or receive.
Similarly any data that is stored in your company is naturally unencrypted (aka plain text) and can be read by anyone with physical or remote access to your computers.
Why Is Encryption Important?
You may have sensitive data that only certain employees should be allowed to see or you may be sending an email to a client with a social security number or other confidential information. Password protecting a file is not enough to prevent it from being read. Hackers will use password cracking tools to access these types of files.There are also tricks to simply circumvent password protection. Encryption adds a layer of security that, when utilized properly, simply cannot be cracked without the proper authorization.
What do you mean by utilized properly?
It is important with encryption to use the right type of encryption. The right type of encryption is an open source encryption standard that has been tested and re-tested by the cryptographic community. All encryption types are only as good as the passwords protecting your data. A strong password is one that contains a combination of upper case letters, lower case letters, numbers, and special characters (like &*!^). The password should be at least 8 characters long. As time goes on, the general consensus tends to recommend more characters. A minimum of 10 characters might be a better recommendation for this day and age and to future proof a bit.
Some examples of strong encryption or cryptographic algorithms are RSA-2048, RSA-3072, ECDH-384, AES-CBC.
Encryption Scenarios:
File and hard drive encryption - whole folders or whole hard drives can be encrypted to protect data at rest. This is great protection against data theft. If, for example, someone steals your laptop and looks at your data they would see a bunch of random characters instead of the contents of your files.
Encryption in-transit - Under most circumstances, when an encrypted file is moved away from its home in an encrypted folder or hard drive, it is no longer encrypted. The same principle applies when data is travelling over a company network or the internet. Data also has to be encrypted while it's moving. When, for example, you use a remote laptop to access company files, a VPN or virtual private network can be used. The VPN creates an encrypted tunnel that shields all data passing through it from the prying eyes of the internet. When sending a sensitive file as an email attachment, special email encryption software can be used. When data is transferred over the internet between say a website and your computer SSL or secure socket layer can be used. These are all different scenarios where data in transit is being protected.
Portable Encryption -
USB keys and external hard drives can be encrypted in case they get stolen. The data is temporarily unencrypted for viewing by using a password.
Password encryption-
Password lockers like LastPass or Roboforms can be used to encrypt all of your passwords with a complex master password. Master passwords are further protected by other cryptographic methods such as salts. A salt defends against such things as dictionary attacks which attempts to guess your password by guessing it thousands or even millions of times.
If you take one thing away from this article, please take away this. In order to fully protect data it must be encrypted while it is at rest and it must be encrypted while in transit. Generally two or more solutions are required to accomplish this task. Software such as ESET Deslock+ are great for protecting data at rest and via email. There are also a lot of different vendors providing networking equipment that contains VPN capability.
Talk to your IT support vendor about a comprehensive strategy for protecting your data.
Talk to your web developer about encrypting sensitive data to and from your web-site.
For data and other IT related question visit our
Denver IT Services website