Data encryption itself is easy to understand, where the complexities lie are in deciding what data needs to be encrypted? Where does that data reside (file servers, databases or cloud)? Who has access to the data? And what levels of access should they have? Admin personnel may need access to files but not to view the content of the files and above all else no changes should be made to applications or workflows.
Any one stop data-at-rest security solution should offer protection layers covering: Key management for cloud services, cloud storage, file systems, application databases and disks.
Securing the cloud
Relying on cloud providers to manage your security makes your organisation vulnerable, if you are looking at cloud for applications such as Office 365 or file storage such as AWS or Azure then you should think about encryption solutions that allow you to ‘Bring your own key’ (BYOK) and offer Gateway Encryption. After all, if you lock the front door, you wouldn’t put your key under the doormat.
File encryption
Most people think of encryption as the encryption of file systems. However, there are several things to consider before implementing file encryption such as privileged user, root users and APIs. Transparent Data Encryption (TDE) is a perfect solution to file systems and use the policy of ‘encrypt everything’. TDE restricts access to keys for encryption so root admin users can see files like excel documents but not see clear data within the documents, but privileged users have seamless access to their documents. Connecting to other technologies via APIs can provide a real problem when using encryption and something that should be taken into consideration before implementing file encryption.
Application Encryption
Any data that is not encrypted is a vulnerability and application and database encryption are no exception. Application workflow should remain unaffected by the introduction of encryption and the users experience unchanged.
Disk encryption
Disk encryption allows you to protect against loss of data of physical media with an effective key management solution. With disk encryption, an organisation can protect against data loss even if the device is stolen.
What data should my organisation encrypt?
So, ask yourself these questions when considering a data encryption solution for your organisation and what data to encrypt:
- Does your organisation face data protection rules or regulations?
- Does your organisation use public cloud? Office 365, Azure, AWS, Salesforce?
- How does your organisation protect sensitive data on premise?
- How will your organisation protect sensitive data in the cloud?
- What initiatives do you have around data security, encryption or key managements?
- How challenging is encryption across different systems and storage platforms across your organisation and in the cloud?
Thales eSecurity Vormetric
If you are looking for a data encryption solution, we distribute technologies such as Thales e-Security through our channel partners. Thales e-Security Vormetric solutions offer a wide range of solutions through their Data Security Manager (DSM) appliance, allowing encryption to Federal Information Processing Standards (FIPS) and Common Criteria for Cloud Gateway, Token Vaults, Application Data, File and Big Data (structured or unstructured) along with full Key management including “Bring your own key” for cloud solutions.
