Tips for choosing the best encryption solution for your organization

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.continuitycentral.com/index.php/news/technology/854-tips-for-choosing-the-best-encryption-solution-for-your-organization

Encryption can be a response to many data security requirements – but only
if you choose the proper solution, implement it thoroughly and don’t
overestimate its power.

Regardless of whether you want to protect your data or anything else,
remember that security is an ongoing process. If you are faced with the
need to choose a proper encryption solution, your job does not end just
with getting one. Encryption doesn't make your data secure by itself: there
are a variety of other activities and steps that you have to take. For your
data to be safe, you should stick with best practices for encryption – but
also for information security as a whole. There are plenty of ways in which
your data can get compromised, and encryption addresses only some of these.

On the other hand, should something go wrong with the encryption process,
you might end up having your data ‘protected’ even from yourself. So don’t
forget to have backups of all your important data. Of course, the backup
data should also be protected; when choosing the means to do this, be sure
that you don’t put those two eggs in the same basket.

When considering data protection, it’s important to distinguish between
data at rest and data in motion. Data at rest is data that isn’t being
accessed: examples are data burned onto a DVD left on your shelf or written
to the hard disk of your turned-off PC. Data in motion is data that are
being accessed, or data that is being sent.

Your primary goal is to protect data in motion from anyone who is not their
legitimate user. But you must also protect data at rest because it can soon
be data in motion. Encryption can solve both issues, but while it’s the key
component in your data protection strategy, you should know that other
tools are also available. And, more importantly, there are also risks that
encryption can’t resolve.

When choosing the proper encryption solution, keep in mind these tips:

1. Set your data protection strategy; don’t rely solely on encryption…

Security experts will tell you that there is nothing like enough
encryption. That’s right, but don’t forget that encryption is nothing more
than an extra layer of protection between your data and cybercriminals like
hackers, eavesdroppers or intellectual property thieves. And yes,
encryption protects your data in some cases from your own risky behavior.
It’s extremely valuable to have the whole disk encrypted when you leave
your USB stick in the laundry or even lose your laptop: which is not a
particularly rare occurrence. A study by ESET found that over 22,000 USB
sticks were left in the pockets of clothing sent to dry cleaners in Britain
during 2015. And according to a Ponemon Institute survey, over 600,000
laptops are lost each year in US airports alone.

When it comes to a lost laptop, keep in mind that just using a password
doesn’t protect your data. While a boot-time password and logon windows
disable using your computer directly, by transferring your hard disk or SSD
to a computer of their own, the crooks can grab all your data and have them
at their disposal. In such cases, full-disk encryption is essential to
prevent your data being accessed and stolen.

On the other hand, encryption doesn’t help if you lose your credentials and
provide hackers with full access to your PC. There are many other risks to
your data: consider at least your cloud services and email communication.
If you consider your data to be valuable and really care about them, then
you should take into account all the risks and address them properly.

2. … but encryption is a good option to start with

Whether you are an individual or a business, your data is valuable.
Unfortunately, it is valuable not only to you. If the criminals who steal
your data can’t use it themselves, they can sell it on the black market or
simply expose it in so-called ‘dumps’ to the whole underground Internet.

The benefits of encryption are many, while its downsides can be mitigated.
And some are more of an urban legend than real drawbacks, such as their
purported slowing effect on computers. Yes, a few years ago, the difference
between having your disk unencrypted and fully encrypted was significant.
But nowadays, with computers only rarely run at full capacity, you can
hardly spot any slowing during regular work.

So encryption brings significant benefits, with only marginal drawbacks. If
you are serious about protecting your data, the easiest and most effective
way to start (according to a survey by the Ponemon Institute) is to build
your data security around encryption.

3. When choosing the right encryption solution, focus on usability, and
require adaptability and scalability

Your processes and requirements are unique – does your encryption solution
adapt? And if your needs change, will your encryption cope? If not, you
will have to adapt your business or your life according to how someone else
designed your encryption solution. Even if you could do this, you
definitely don’t need to. There are encryption solutions on the market that
are flexible enough to conform to your requirements.

Your encryption solution should also be easy to implement, and simple in
everyday use. It should be scalable, so that you can easily add advanced
features if necessary. Select a solution that doesn’t require reinstalling
for upgrades or renewals. And don’t forget that if an encryption solution
is available as a perpetual license with annual maintenance and support, or
as subscription license, that can enable you to manage costs and add to
your financial flexibility.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.