The Moment
Can you imagine those first couple moments Target realized they had been hacked, losing 40 million credit card numbers? Or for the Yahoo! team to realize that 200 million user credentials were on sale on the dark web? I’m sure it was a shockwave of emotions in both the IT and Business organizations. But, in the wake of security threats, data protection becomes a surprise priority for EVERYBODY, but guess what… According to the Ponemon Institute, 89% of organizations have experienced a breach. So don’t get too comfortable…
There are multiple risks; data can be stolen by hackers, and it can breached due to poor security architecture or not having it implemented at all, but the most likely threat is not from outside parties, it comes from those who are sitting right next to you within the four walls of your organization.
There are multiple ways to prevent data leakage. Segregation of duties, and data obfuscation to name a few, but in order to complete their duties employees needed to have access to sensitive information. So, companies have to find a suitable balance. First, access levels need to be granted as low as possible for employees to perform their duties. But when people are getting privileged access, we have to be aware that we’re opening a door to a security risk. So how do we grant this kind of access while managing the downside risks of a security breach?
Encryption at Rest
Encryption is the process of encoding messages or information in such a way that only authorized parties can access it. Encryption is the most viable way to achieve data security. The principal of encryption is cypher code that uses the key, with that key, data gets encrypted and decrypted. It works like your real keys to your lock at home and who has access to key has access to your house. Those keys are called “private keys”. You can keep your private keys under the door rug but “thief” might check there first. So, you might want to make secured key box that can be accessed by those who have a pin code for that box (which we call a public key). To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
Often when we think of Encryption, we think of it in flight. Like you logging into a website or an application. The transfer of that information between you and that server is encrypted. But what about AFTER that data lands in the database? What form is that data stored in? When data sits in that database we call it “at rest.”
You can actually keep data encrypted while it’s at rest as well. Then when it gets referenced by the user, it gets decrypted on the fly so the end user sees the requested data in its original format. By storing the data in an encrypted format, we mitigate the risk of the “data dump” scenarios. Every major enterprise database vendor has the ability to support encrypted data at rest. However, many organizations simply don’t take this extra step, either because they don’t know how to implement it or they knowingly neglect to do so.
Encrypt at Every Turn
While it takes more effort, and requires organizations to invest more money, it pays to encrypt whenever possible as a practice. Intricity lives in the world of data, and as part of our practice we obsess about data security. We recommend you reach out to Intricity and talk with a specialist. We can help you come up with a security strategy that will help you lower your exposure to massive data breaches.
By
Kirill Studenikin
Experts Articles, Intricity LLC
