DATA PROTECTION THROUGH ENCRYPTION

Varun Aggarwal
Express Computer

The encryption story in the India is slowly beginning to unfold, thanks to compliance requirements like PCI DSS, SOX and HIPPA and the global exposure of most Indian companies. Secure data interchange has become a norm now when companies share data and critical information with their partners and customers alike. The physical boundaries that existed in the past between the enterprise and the rest of the world have faded. One of the most efficient and secure ways to control and share information with the right parties is encryption. Though just encryption is not enough for this, it needs to be integrated with policy enforcement mechanisms like Access Control, Segregation of Duties and Log Management.

Amuleek Bijral, Country Manager- India & SAARC for RSA, the Security Division of EMC said, “The Indian customers today are looking at vendors who can fulfill all these requirements and provide a complete, well integrated and consistent solution. The encryption can span from the application, network and storage layers.”

Today it is not just compliance that drives the security solutions, customers have started realizing that security can be a business enabler provided that it is done right. As infrastructure becomes more expensive telecommuting has become a critical requirement for IT and ITES companies. Making the right data available to remote offices and offshore operations is critical to the functioning of any business. All this can be achieved with the right security solution.

Data security is one of the top items on any company’s IT agenda. Almost all organizations backup their data regularly and maintain offsite copies for the purpose of data retention and disaster recovery. In spite of the fact that backup tapes contain confidential data, comparatively few companies have taken steps to ensure that the data that is backed up and transported offsite for storage is secure. In fact, while IT departments go to great lengths to secure their network perimeter against attack, many organizations are lax in the way in which they protect their backup infrastructure and tape media. However, a series of new regulations and a spate of high profile backup tape losses are finally forcing organizations to re-evaluate how effective their data security processes and technology really are.

We found out that software encryption is being widely adopted to protect data. Between software and hardware encryption, the latter will scale better and it offers better granularity and control over data that is being encrypted or decrypted.

Encryption: the hardware story

While data transmissions are commonly encrypted, mostly using the Secure Sockets Layer (SSL) protocol on the Net and increasingly even on VPNs, now companies are encrypting data right on the hard drive or tape where it rests.

That’s where the rub is, these devices mostly lack physical and security access controls to protect the data residing in their memory banks when they are misplaced, lost or stolen. The natural consequence of all this is that data stored on endpoint devices is at greater risk than transmitted data. Even devices that are being disposed off may still host valuable data that can be recovered by those who know how and have the right tools, caution experts.

Shailendra Sahasrabudhe, Country Manager, Aladdin Knowledge Systems said, “Smart-card-based authentication tokens helps to secure storage of all user credentials on-board, with users required only to remember their single token password to gain credential access. A strong authentication solution that offer user self-service token and credential management tools helps organizations to reduce costs further.”

Strengthening security also saves organizations significant costs by preventing the potential security breaches discussed in the section above. This includes the misuse of data and networks by insiders, lost data from stolen notebook PCs, and other security attacks that affect many organizations today.

“Generally speaking, depending on the implementation selected, strong authentication offerings provide varying levels of solution support. The broader the range of security solutions deployed—secure network access, single sign-on, PC security, and secure data transactions—the greater the return on investment (RoI),” added Sahasrabudhe.

Online security

Extended validation (EV is also known as high assurance or HA) SSL is perhaps the most significant development in online security in the past decade. Newer browsers can display identity information contained in a EV or HA SSL certificate, letting consumers figure out if they are truly at the site that they think they are on.

Niraj Kaushik, Country Manager, SAARC, Trend Micro, said, “Encryption provides the most effective way to protect data at rest and is also the first line of defense against loss or theft of the device. Secure Socket Layer (SSL) is a security protocol that ensures data is securely transmitted from the device to the server over a secure Web connection. Alternatively, VPN solutions can be used to secure data in motion. However, VPN solutions can be relatively expensive and may cause increased CPU utilization and drain battery on the mobile device due to processing of additional VPN client software on the device.”