NPC News
3 Fundamental Encryption Principles

October 3rd 2013

The data protection landscape is undoubtedly becoming more complex due to several occurrences, including the general transformations that have been taking place within the business world during the past several years. Unfortunately, the threat landscape is becoming more dangerous, as outsiders are no longer preying on the large enterprises that were the conventional targets in the past. Instead, hackers, hacktivists and general cybercriminals are extending their reach by going after smaller companies that may not necessarily have the resources to defend themselves.

These changes are forcing decision-makers in businesses of all sizes to implement more rigorous security tactics. While there are numerous emerging tools, such as sophisticated real-time monitoring solutions, that can help organizations defend themselves, executives should not neglect using an age-old gem: encryption.

Generally speaking, encryption is the process of breaking down and concealing sensitive information to prevent eavesdroppers and other cybercriminals from acquiring data. By using complex logins and other authentication processes, encryption only allows authorized users to view the confidential resources.

Still, simply implementing "encryption" technologies will not do the trick. Instead, decision-makers should follow three best practices to ensure their information protection endeavors are successful.

1. Use relevant solutions
Most organizations have sensitive information that needs to be protected, either for personal, financial or regulatory reasons. However, not all encryption solutions are equal, as some may be better suited for smaller companies than for larger enterprises that are looking to encrypt massive databases. This means that decision-makers need to assess their encryption requirements and implement the tools that are most appropriate.

In other cases, the strongest encryption technologies are not necessarily applicable. If a firm wants to safeguard a small amount of assets, for example, investing half of their IT budget on a single encryption tool from a well-known vendor is not the most effective strategy.

2. Safeguard keys at all costs
The truth of the matter is that encryption is only as strong as the methods used to protect the access keys. If organizations implement easy-to-crack keys or neglect the safety of login information, it won't matter how renowned the encryption tool is that they deployed; it will be ineffective.

This means that executives need to first establish how keys will be generated, where and how they will be stored, which employees will be provided access to certain resources and how often authorization codes can be replaced or deleted. Additionally, companies need to understand that reusing keys will also reduce the effectiveness of encryption, as cybercriminals that gain access to one area of the network can reuse passwords to get elsewhere.

In some cases, developing a key management task force can be effective. These groups can educate employees on best practices associated with using and distributing keys, which may include storing keys in locations away from the data.

3. Don't neglect the endpoint
The fast-paced business world of today has introduced numerous IT transformations, though none have been more disruptive than the mobile revolution. Now that individuals are using smartphones, tablets and laptops for more activities than ever before, companies need to incorporate encryption into their overall endpoint protection programs.

Wi-Fi is one of the most powerful tools at a hackers disposal, as many people simply assume that sensitive information is safe at all times, which is not the case. Individuals should learn how using endpoint encryption will prevent exposure on networks that are inherently unsafe, like public Wi-Fi.

Encryption can be a powerful data protection tool when it is deployed properly. Working with a managed service security provider and understanding these three basic principles can help decision-makers understand how to effectively safeguard mission-critical information.

NPC Updates

Get informed about all the latest NPC news, events, and promotions.

Sign up now