[ad_1]
Siamak Nazari, CEO of Nebulon, discusses data encryption lessons businesses can learn from consumer technology.
With data security and compliance regulatory requirements continually reviewed in every country, IT professionals face an increasingly complex challenge to protect data. In parallel, organizations face an increasing number of threats, from phishing and social engineering to network compromise, requiring new procedures and technologies.
One recent headline-grabbing attack was caused by obsolete equipment that was not encrypted. Sensitive personal information, including social security numbers, was compromised in this highly publicized case. A software flaw allegedly left unerased data in an unencrypted form on decommissioned data center servers. The company paid him $60 million to settle a data breach lawsuit.
This kind of data breach is not unusual. In fact, it’s disconcerting that cryptocurrency continues to be a stumbling block for his 2020s enterprise. To explain why, we have to take a step back.
For example, look at your phone. No need to manually encrypt your data, no need to manually manage or think about encryption keys. For Apple and Android users, personal data on your phone is encrypted by default. If you lose your phone, you don’t have to worry about someone accessing your phone’s data. Surprisingly, this is not the case for corporate data. Data, whether stored in central data centers or at the edge, is often consumer-facing and therefore unencrypted by default. This is evident for various sectors, especially those with large-scale edge deployments such as telecommunications, finance, retail, and healthcare, where multiple edge locations increase the number of potential entry points for hackers. Serious problem.
So what can enterprise IT teams learn from this data breach and how consumer devices protect data? Here are two important requests to make when discussing your structural needs:
Automated, always-on data-at-rest encryption
Data-at-rest encryption means that your data is protected wherever it is stored. The aforementioned data breach may have occurred because the organization had never enabled data-at-rest encryption for data on decommissioned servers for which it was responsible.
If Joe Broggs doesn’t have to think about whether the information on his phone is encrypted, why should it be any different for businesses? can you provide
To do this, it is essential to look at the software and hardware layers simultaneously. For software to be secure, security must be built into the hardware. One way he does this is by creating encryption keys at the hardware layer. This provides additional protection against malware entering via backdoors associated with software vulnerabilities. It also provides a solid foundation for secure authentication, cryptographic key management, and secure boot. When hardware-generated keys are kept secure at the hardware layer, users no longer need to manage encryption keys, reducing the risk of human error.
In short, a hardware-based master encryption key works like a smartphone. This means that data is automatically encrypted when it is written to hardware. Encryption is always on and the user or her IT admin don’t have to think about it.
In addition to encryption at rest, IT teams should also consider encryption in flight for protection against man-in-the-middle attacks, as well as employing two-factor authentication and role-based access control (RBAC). Users can access only the data they need.
Unique erasure of boot or local data drives on decommissioned servers
Assuming data is encrypted from day one, destroying encryption keys is the easiest and most effective way to protect customer data after server decommissioning. This takes less than a few seconds. Once the encryption key is destroyed, the encrypted data is permanently inaccessible. This means that if the device is misplaced or stolen, the data cannot be decrypted and accessed, with zero risk of a data breach.
In a world where data is the new oil and data breaches occur with alarming frequency, automated “always-on” data encryption should be the default for all data center infrastructure devices. This is an important area where enterprise technology can learn lessons from consumer technology. Automated encryption leaves no room for human error and provides an important layer of protection for your organization’s data.
Related:
Debunking the Myths About Whole Disk Encryption — Nigel Thorpe, Technical Director of SecureAge, uncovers the facts about whole disk encryption when protecting your data from ransomware attacks.
Best IT Compliance Tools for Your Business — Explore the best IT compliance tools and methods for all types of businesses.
[ad_2]
Source link
