We’ve entered an age when the conveniences of widespread connectivity, the cloud, and cheap (almost unlimited) storage have put us at more risk than ever of getting hacked. At the same time, malicious actors have become more sophisticated, resourceful, and persistent. When data does fall into the wrong hands, the consequences can be devastating. From the 3 billion users hacked on Yahoo to the 143 million on Equifax, these infamous examples represent a continuous trend. In 2018 alone, the Identity Theft Resource Center (ITRC) has identified 668 breaches affecting more than 22,408,258 records as of mid-year. And these are just the ones that have been reported!
High-profile data breaches and ransomware attacks have organizations and individuals on alert for the most effective ways to safeguard their data. While good IT security strategies can be very effective in protecting networks—essentially letting the good guys in and keeping the bad guys out—how do you account for all the data that’s increasingly being stored in massive, virtualized data environments that span the enterprise and the cloud?
There’s a time-tested technology that is increasingly becoming a crucial link in the security chain: encryption. As a key element in an enterprise and cloud IT security strategy, encryption supports the three pillars of data protection:
While IT security seeks to protect physical assets like networked computers, databases, and servers, encryption protects the data that lives on and between those assets. It’s one of the most powerful ways to keep your data safe. Even if data does end up being stolen, because it is encrypted it will be unreadable and useless to the thief. Encryption is becoming less of an added option and more of a must-have element in any security strategy because of its ability to deter hackers from stealing sensitive data. If good encryption is capable of baffling FBI experts, consider what it can do for you and your company’s sensitive information.
Encryption—based on the ancient art of cryptography—uses computers and algorithms to turn plain text into an unreadable, jumbled code. To decrypt that ciphertext into plaintext, you need an encryption key, a series of bits that decode the text. The key is something only you or the intended recipient has in their possession. It’s possible that a computer could break an encrypted code by guessing an encryption key, but with highly sophisticated algorithms like Advanced Encryption Standard (AES) 256, this could take a very, very long time. Think years.
Not all your data necessarily needs to be encrypted. Identifying critical data that is subject to regulatory compliance mandates is the first step toward determining what data should be encrypted to ensure confidentiality. These regulations and standards require that sensitive data be encrypted, including Health Insurance Portability and Accountability Act (HIPAA) for healthcare information, Sarbanes-Oxley (SOX) for financial information, Payment Card Industry Data Security Standard (PCI-DSS) for retail payment, and the General Data Protection Regulation (GDPR) that originated in the EU.
Today, data protection must address exponential data growth, reside in shared cloud data warehouses, allow mobile data access, and defend against increasingly sophisticated threats. So, the question is…
Unfortunately, encryption is often perceived as complex, something akin to rocket science. There is the concern that if you lose the encryption keys, you lose the data forever. There are fears that encryption keys are difficult to utilize, update and store securely. And some people worry that encryption will impair high-speed data transactions and system performance.
Organizations that are serious about protecting the integrity of their data, their customers’ data and complying with government regulations no longer seriously dispute the value of encryption. The challenge for many is how to control costs and easily manage this critical asset in today’s scale-out data environments.
The good news is that a carefully architected and well-implemented data encryption solution can provide the foundation of your data protection security policy. Encryption can protect your data and solve many of your data protection challenges. Several advances in encryption, including highly-automated software-based platforms, now make it easier to deploy and take the fear out of encryption.
The latest encryption solutions address the complex demands for encryption of both data-at-rest and in-motion in distributed data systems and the cloud, by providing a distributed policy server, with secure policy replication to prevent unauthorized modifications to encryption policies. Automated mechanisms ensure secure node removal when a server is removed from a cluster no matter where it resides, as well as rapid and secure encryption key rotation that perform efficiently without requiring the re-encryption of any files or downtime during normal operations.
Next-generation solutions simplify encryption installation and operation with a software-defined approach. Deploying software-based key managers and HSMs (hardware security modules) is more cost-effective and less disruptive than traditional hardware approaches in highly elastic cloud environments, offering power users greater operational efficiencies.
Encryption keys are stored away from the encrypted data, and access to keys is automated and tightly controlled. A software-based encryption key management solution built around OASIS industry standards can readily match the elasticity of virtual machines and cloud computing. As virtual machines running the database are provisioned (and de-provisioned) to balance capacity needs, no manual intervention is required at the management console. Automated encryption key back-up and recovery helps minimize the risk of loss or breach of sensitive information. A standardized approach enables the latest generation of software-defined key management life-cycle solutions to efficiently manage, securely store and update encryption keys, as well as interoperate with older legacy key managers.
Next-generation encryption solutions have been designed from the ground up for optimal performance and scalability in distributed systems and elastic cloud environments. The result is an encryption process that introduces close to zero latency to the compute environment, making it ideal for stored data and transactional environments where sub-second response times are essential.
Full-disk encryption software encrypts every bit of data that goes on a disk or disk volume and is used to prevent unauthorized access to data storage. Encrypting all data on a disk not only provides a higher level of protection, but also simplifies IT operations. More advanced full-disk encryption solutions use multiple keys for encrypting different volumes, allowing for different keys for different portions of the disk. With full disk encryption, the decision of which individual files to encrypt is not left up to users’ discretion. This is important for situations in which users might not want or might forget to encrypt sensitive files.
Standardized algorithms provide enterprise strength encryption that are certified by NIST for data protection and secure key exchange such as the Advanced Encryption Standard (AES) and RSA Public Key Encryption. AES is used to protect classified U.S. government information and national security systems, is approved by the National Security Agency (NSA) to protect top-secret information.
So now let’s re-think these questions:
Next-generation, software-defined data encryption platforms providing these advanced capabilities can relieve your fear of encryption. They can provide transparent, automated, high performance, end-to-end protection of data that addresses compliance regulations, and enable you to easily encrypt data everywhere with confidence!
Data encryption does not have to be something your organization tries to solve on its own. While data encryption may seem like a daunting, complicated process, the XCrypt Data Encryption Platform from Zettaset handles it reliably every day by automating complex processes and simplifying your IT security operations.