Tips for choosing the best encryption solution for your organization
- Published: Wednesday, 03 February 2016 10:54
Encryption can be a response to many data security requirements – but only if you choose the proper solution, implement it thoroughly and don’t overestimate its power.
Regardless of whether you want to protect your data or anything else, remember that security is an ongoing process. If you are faced with the need to choose a proper encryption solution, your job does not end just with getting one. Encryption doesn't make your data secure by itself: there are a variety of other activities and steps that you have to take. For your data to be safe, you should stick with best practices for encryption – but also for information security as a whole. There are plenty of ways in which your data can get compromised, and encryption addresses only some of these.
On the other hand, should something go wrong with the encryption process, you might end up having your data ‘protected’ even from yourself. So don’t forget to have backups of all your important data. Of course, the backup data should also be protected; when choosing the means to do this, be sure that you don’t put those two eggs in the same basket.
When considering data protection, it’s important to distinguish between data at rest and data in motion. Data at rest is data that isn’t being accessed: examples are data burned onto a DVD left on your shelf or written to the hard disk of your turned-off PC. Data in motion is data that are being accessed, or data that is being sent.
Your primary goal is to protect data in motion from anyone who is not their legitimate user. But you must also protect data at rest because it can soon be data in motion. Encryption can solve both issues, but while it’s the key component in your data protection strategy, you should know that other tools are also available. And, more importantly, there are also risks that encryption can’t resolve.
When choosing the proper encryption solution, keep in mind these tips:
1. Set your data protection strategy; don’t rely solely on encryption…
Security experts will tell you that there is nothing like enough encryption. That’s right, but don’t forget that encryption is nothing more than an extra layer of protection between your data and cybercriminals like hackers, eavesdroppers or intellectual property thieves. And yes, encryption protects your data in some cases from your own risky behavior. It’s extremely valuable to have the whole disk encrypted when you leave your USB stick in the laundry or even lose your laptop: which is not a particularly rare occurrence. A study by ESET found that over 22,000 USB sticks were left in the pockets of clothing sent to dry cleaners in Britain during 2015. And according to a Ponemon Institute survey, over 600,000 laptops are lost each year in US airports alone.
When it comes to a lost laptop, keep in mind that just using a password doesn’t protect your data. While a boot-time password and logon windows disable using your computer directly, by transferring your hard disk or SSD to a computer of their own, the crooks can grab all your data and have them at their disposal. In such cases, full-disk encryption is essential to prevent your data being accessed and stolen.
On the other hand, encryption doesn’t help if you lose your credentials and provide hackers with full access to your PC. There are many other risks to your data: consider at least your cloud services and email communication. If you consider your data to be valuable and really care about them, then you should take into account all the risks and address them properly.
2. … but encryption is a good option to start with
Whether you are an individual or a business, your data is valuable. Unfortunately, it is valuable not only to you. If the criminals who steal your data can’t use it themselves, they can sell it on the black market or simply expose it in so-called ‘dumps’ to the whole underground Internet.
The benefits of encryption are many, while its downsides can be mitigated. And some are more of an urban legend than real drawbacks, such as their purported slowing effect on computers. Yes, a few years ago, the difference between having your disk unencrypted and fully encrypted was significant. But nowadays, with computers only rarely run at full capacity, you can hardly spot any slowing during regular work.
So encryption brings significant benefits, with only marginal drawbacks. If you are serious about protecting your data, the easiest and most effective way to start (according to a survey by the Ponemon Institute) is to build your data security around encryption.
3. When choosing the right encryption solution, focus on usability, and require adaptability and scalability
Your processes and requirements are unique – does your encryption solution adapt? And if your needs change, will your encryption cope? If not, you will have to adapt your business or your life according to how someone else designed your encryption solution. Even if you could do this, you definitely don’t need to. There are encryption solutions on the market that are flexible enough to conform to your requirements.
Your encryption solution should also be easy to implement, and simple in everyday use. It should be scalable, so that you can easily add advanced features if necessary. Select a solution that doesn’t require reinstalling for upgrades or renewals. And don’t forget that if an encryption solution is available as a perpetual license with annual maintenance and support, or as subscription license, that can enable you to manage costs and add to your financial flexibility.