Encryption is the process of converting plaintext into ciphertext and vice versa. It is one of the most robust security controls that can be adopted to ensure the confidentiality and integrity of data. Encryption can be applied to data at rest, in motion or in use. Among other applications, it is also used for digital signatures, ensuring non repudiation. Encryption of data in use is rarely adopted. The most common applications of are:
- Full disk (internal storage or removable drive)
- File and folder (folder level unstructured data)
- Transparent data encryption (structured data in databases)
- Application level (integrated into an application)
- Cloud (securing data off premises stored with third parties)
Encryption policies can be centrally enforced and through a management application. Software agents deployed to servers, endpoints or integrated into applications are configured by the central management application.
With so many possible applications of encryption in an enterprise an essential part that must not be overlooked is key management. This can be split into three main areas:
- Separation (from the data it is used to encrypt/decrypt)
- Security (to protect it from falling into the wrong hands)
- Rotation (to ensure that keys are not used for long periods of time and therefore vulnerable)
These can be extremely complex and time consuming tasks and as such, centralised management through a general purpose Hardware Security Module (HSM) can be invaluable.
Key management through an HSM is also invaluable when it comes to data storage in the cloud. Cloud providers make it clear that data security is the responsibility of the data owner (controller), not that of the service provider. As such, in order to enforce separation of duty, they should hold their own encryption keys, in a separate environment to where the data is stored.
Talk with an Expert
Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.