Things To Consider When Selecting an Encryption Solution
- Category: Security
- Author: Admin
- October 15,2015
With the continual drumbeat of news stories about major companies and governmental institutions suffering huge data breaches after being targeted by hackers, only an oblivious management team would continue operations “as is” without a close examination of their company’s data encryption strategies.
The problem is truly enormous. Studies have shown that more than 250 million personal data records alone have been lost or compromised in the last ten years, and The Ponemon Institute reports that companies lose more than $200, on average, for every stolen or lost record. Most governments now require data encryption strategies for firms handling their sensitive data, and many service organizations face specific encryption demands from clients. A plethora of companies has emerged to provide “comprehensive encryption solutions.” But how do you choose a solution which will meet your needs?
Here are a few suggestions.
Make Sure It Meets Current Standards
The U.S. government’s Federal Information Processing Standard, known as FIPS 140-2, is the generally accepted benchmark for data encryption. It isn’t legally required that companies encrypt their data to this level, but any system which doesn’t meet the standard isn’t allowed to protect government data or sensitive information. The more recent and rigorous Intel AES-NI certification requires algorithms which significantly boost the security speed of encryption, and is highly recommended for any systems dealing with applications like databases, SSL encryption, electronic payment systems.
These aren’t standards your IT manager can implement on his own; you’ll need a company specializing in encryption to provide them. When look at possible solutions, always ask about FIPS and AES certifications.
Make Sure It Encrypts Both Types of Data
In this context, there are two types of data to consider: “data at rest” and “data in motion.” The easy way to think about this is that the files sitting in the hard drive on your desktop or laptop are “data at rest” – they’re not going anywhere at the moment. On the other hand, when you send an email or receive customer information online, that’s “data in motion” because it’s being transmitted. Different approaches are needed for each; for example, software which encrypts your hard drive does nothing to protect data that was on the drive once you attach it to an email and send it. Your solution must deal with that issue by either encrypting the file itself or ensuring that it is transmitted over a secure network.
Make Sure It Has an Easy-To-Use Management Console
Ideally, you will be able to use the same console that is already being used for other security functions on your network, to make things simple for IT personnel who manage security. It should also be highly automated. For example, the encryption solution should interface with the S.M.A.R.T. logic on a drive (which monitors the drive’s overall health) so the system isn’t trying to encrypt a drive that’s about to fail. It should also be able to identify and encrypt new endpoints on the system automatically, and even perhaps install patches on unused endpoints when they’re not being used, so that the software is actually doing the work instead of IT employees.