Preventing unauthorized access to your data
KNOW MORE ABOUT Data Encryption
In the world of information security are two major types of threats:
- Easy to be seen threats: directly interfering with the ability of doing business, those threats such as viruses, worms, and spam are visible; attack both networks and systems, and clearly disrupt productivity and business operations. So facing annoying attacks, it’s easy to justify investments to lowering their impact. When hundreds of spam messages can be seen the in the inbox, it is very likely to invest in an anti-spam solution.
- Hard to discover threats: which cause huge damage, but don’t necessarily prevent people from doing their jobs, such as data theft can go undetected for years. When (and if) they are discovered, it is possible not be able to calculate the material damage the breach has caused in years. It’s hard to have founds approved when it can’t be directly demonstrate a corresponding drop in profit or an asset loss. In many cases, such as the theft of a credit card, it’s someone else who suffers the loss. That’s why security investments for this type of threats are often forced by regulation or contractual obligation, rather than being voluntary. The lack of perceived threat undermines the recognition of data security issues, and the ability to address it.
Data breach became a well-known term – confidential information, usually personally identifying information, which is lost. Companies aware of the need of protecting data protection are developing programs starting with protection of the sensitive data from external malicious attacks, relying on technical controls that include perimeter security, network/wireless surveillance and monitoring, application and point security management. A very important factor is the education and user awareness.
Protecting your data
For real protection of the critical data, organizations have to plan a more data-centric approach to their security programs. This approach will give the enterprises the possibility to protect against losses that occurs everywhere sensitive data lives. It is important to implement the same controls around data being cut/copy/pasted and e-mailed or sent out of the organization by other means, when so many places data are can easily leak out of an organization and it would be difficult to note them. A data loss point includes data transferred through any e-mail / web channel, improper or missing access controls to systems containing sensitive data, lost or stolen un-encrypted mobile devices, insecure transmission, improper destruction of information on electronic media and lack of separation of duties and access controls on databases and other shared systems.
Mechanisms for protection can be included into five major categories:
- Classic anti-malware and protections to prevent system infections
- Enforceable access controls
- Filtering for sensitive data types being sent out of the organization
As supplementary layers of protection to traditional malware defenses, encryption and access controls are very important in protecting sensitive data from insiders no matter where are data – in rest, in use or in motion. With the same importance count the ability to filter, log, and take action on outbound traffic and downloads. The last but not the least, education have to be implement by the actions of the control systems themselves. An example can be automatic encryption policies on some types of program actions (e-mailing, FTP).
In an information-centric approach to protecting sensitive data, all organizations need to:
- identify and classify their information assets;
- establish consistent policies;
- implement an appropriate portfolio of enabling technologies for encryption and key management;
- establish controls to ensure compliance with both internal policies and external regulations.
What is Data Encryption
Data Encryption is a technology that uses encryption in order to prevent unauthorized access to data. Encryption is the process of transforming information into a form that cannot be read without the possession of special knowledge, referred to as a key. The purpose of encryption is to ensure that the information remains private from anyone not authorized to read it, even from those who may have access to the encrypted data.
File and Folder Encryption is used to protect data on a shared system – including protecting sensitive data from administrators. Groups of users are granted access rights to particular files and folders, and securely share files across the network.
Many, if not all, desktops and portable devices contain some form of proprietary or confidential information. Employees now carry significant amounts of high-value business, customer, employee, partner, and confidential corporate intellectual property on such hardware. Data encryption technology gives organizations tools to protect of their confidential information and permits avoiding:
- Significant client notification costs
- Irreparable damage to the company’s reputation
- Damage to the company’s brand
- Diminished brand equity
- Loss of customers
- Loss of revenue and reduced profits
- Regulatory fines
- Costly litigation
- Increased customer service and help desk activity
- Reduced shareholder value
- Difficult new customer acquisition
- Loss of investor confidence
In addition to dealing with the preceding issues, the technology assures the companies of achieving compliance with regulations.
Many encryption methods and products are available today. Generally, most are standalone applications that operate on a single data and/or information type at a time while using separate encryption applications. For instance, a user may encrypt data in files, file server documents, or email. A major drawback of these point encryption solutions is that they require a significant amount of additional work by IT and rely on individuals making critical and independent policy decisions and actions such as:
- Maintaining and securing the encryption key(s)
- Deciding what needs to be encrypted
- Deciding if an intended recipient can decrypt a file or an email
- Recovering the information/data when keys are lost or forgotten
- Decrypting and re-encrypting files for editing purposes
Companies must seriously take into account the overall impact on their businesses and users when considering or evaluating the use of point encryption solutions.