Data Encryption

In the world of information security are two major types of threats:

• Easy to be seen threats: directly interfering with the ability of doing business, those threats such as viruses, worms, and spam are visible; attack both networks and systems, and clearly disrupt productivity and business operations. So facing annoying attacks, it’s easy to justify investments to lowering their impact. When hundreds of spam messages can be seen the in the inbox, it is very likely to invest in an anti-spam solution.
• Hard to discover threats: which cause huge damage, but don’t necessarily prevent people from doing their jobs, such as data theft can go undetected for years. When (and if) they are discovered, it is possible not be able to calculate the material damage the breach has caused in years. It’s hard to have founds approved when it can’t be directly demonstrate a corresponding drop in profit or an asset loss. In many cases, such as the theft of a credit card, it’s someone else who suffers the loss. That’s why security investments for this type of threats are often forced by regulation or contractual obligation, rather than being voluntary. The lack of perceived threat undermines the recognition of data security issues, and the ability to address it.

Data breach became a well-known term – confidential information, usually personally identifying information, which is lost. Companies aware of the need of protecting data protection are developing programs starting with protection of the sensitive data from external malicious attacks, relying on technical controls that include perimeter security, network/wireless surveillance and monitoring, application and point security management. A very important factor is the education and user awareness.

Protecting your data

For real protection of the critical data, organizations have to plan a more data-centric approach to their security programs. This approach will give the enterprises the possibility to protect against losses that occurs everywhere sensitive data lives. It is important to implement the same controls around data being cut/copy/pasted and e-mailed or sent out of the organization by other means, when so many places data are can easily leak out of an organization and it would be difficult to note them.  A data loss point includes data transferred through any e-mail / web channel, improper or missing access controls to systems containing sensitive data, lost or stolen un-encrypted mobile devices, insecure transmission, improper destruction of information on electronic media and lack of separation of duties and access controls on databases and other shared systems.

Mechanisms for protection can be included into five major categories:

• Classic anti-malware and protections to prevent system infections
• Enforceable access controls
• Encryption
• Filtering for sensitive data types being sent out of the organization
• Education.

As supplementary layers of protection to traditional malware defenses, encryption and access controls are very important in protecting sensitive data from insiders no matter where are data – in rest, in use or in motion. With the same importance count the ability to filter, log, and take action on outbound traffic and downloads. The last but not the least, education have to be implement by the actions of the control systems themselves. An example can be automatic encryption policies on some types of program actions (e-mailing, FTP).

In an information-centric approach to protecting sensitive data, all organizations need to:

• identify and classify their information assets;
• establish consistent policies;
• implement an appropriate portfolio of enabling technologies for encryption and key management;
• establish controls to ensure compliance with both internal policies and external regulations.

What is Data Encryption

Data Encryption is a technology that uses encryption in order to prevent unauthorized access to data. Encryption is the process of transforming information into a form that cannot be read without the possession of special knowledge, referred to as a key. The purpose of encryption is to ensure that the information remains private from anyone not authorized to read it, even from those who may have access to the encrypted data.

File and Folder Encryption is used to protect data on a shared system – including protecting sensitive data from administrators. Groups of users are granted access rights to particular files and folders, and securely share files across the network.