Story image

Data encryption: Safe even when lost or stolen

27 Feb 2015

Data encryption should be a key component of your client’s ‘defence in depth’ network security solution set, says Chillisoft New Zealand, 
the Oceania distributors for ESET security solutions.

Data encryption is the most effective way to secure data ‘at rest’ (ie on disk and removable media) and as it travels through cyberspace (email). Encryption is based on secret keys - one for encryption and the other for decryption - that are virtually impossible to crack. 

Encryption can help secure sensitive data in cases of unauthorised access to your client’s network or if a laptop or USB thumb drive are lost or stolen.

Data encryption adds another layer of protection for your client’s data so that, even in the event of a security breach, your client’s data remains out of reach. To ensure the best possible protection, it makes sense for resellers to offer at least one ‘pure play’ encryption solution that contains industrial strength protection combined with advanced management and policy controls. Not only does this create another revenue stream but it also provides a safer online environment for your clients.

Not just for spies

To some businesses, encryption may be seen as a ‘black op’ - the preserve of spies and government agencies. 

Potential users may fear being locked-out of important documents because they can't remember an encryption key, but in a properly implemented solution, this doesn't happen. The individual files and the hard disk drive are encrypted with a key issued to each user by an administrator. 

So it is highly unlikely that ‘forgetting the key’ would be a problem.

Files, disks and email: Comprehensive protection

Installed correctly, dedicated encryption solutions run in the background, transparent to users.

Resellers can advise their customers which data should be encrypted based on the sensitivity of the data and the risk of loss. Compared to some other components of a layered security strategy, encryption is relatively easy to install, manage and use. 

Typically, ‘at rest’ encryption is used at both file level, where individual files can be encrypted, and at the disk level where an entire disk is encrypted, such as for laptops holding commercially sensitive or private data. 

Encrypting email or email storage can prevent embarrassing disclosures of private commentary. Leaked emails have become a staple for the tabloid press and could easily be avoided.

It’s the law

If your clients maintain personal information and it is leaked due to inadequate protection, they could be breaking the law. 

Principle five of the New Zealand Privacy Act 1993 mandates that ‘everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of [personal] information’. With its widespread availability, encryption is clearly ‘reasonable’ protection. Indeed, in Europe, where they take data privacy very seriously, there are hefty fines for loss of sensitive data. 

As more and more organisations turn to mobile devices and remote access to corporate systems, the risk of data leakage will only increase. Encryption is simple to install, cost-effective and easy-to-use. It should be a key solution in your security portfolio.   

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”