Lock Down Your Sensitive Data With Powerful Data Encryption
If you owned a big, expensive diamond ring, would you leave it on the dashboard in an unlocked car or would you keep it locked in a safe and insure it? If you truly value your valuables, you’ll take the necessary precautions to protect them from theft and loss. This same philosophy must apply to your sensitive content like customer records, financial data, and intellectual property. Unless you keep your digital crown jewels completely secure at all times, you only have yourself to blame when they’re stolen or leaked. The simplest way to protect your PII, PHI, or IP from unauthorized access is to encrypt it in transit and at rest.
Third party workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and exiting your organization. A comprehensive defense entails securing, monitoring, and managing all third party workflows, including secure email, SFTP, and secure file sharing, among others.
In my previous post, I explained why the lure of low-cost cloud storage should be resisted when it comes to storing highly sensitive information where a breach could cost you your business. In this post, I’ll explore the importance of encrypting your sensitive content whenever you store it or share it with trusted third parties.
Your Data May be at Rest, But Attackers Aren’t
If your sensitive data is like an expensive diamond ring, then encryption transforms that precious ring into a simple Ring Pop. Jewel thieves will ignore this worthless piece of candy because they’re unable to monetize it. You, however, can unlock its true value. Until then, you know it’s safe whether you’re storing it or sharing it.
When the cost of decrypting stolen or leaked files exceeds the value of the content they contain, you have powerful data encryption. For data storage, AES-256 encryption is a must. In addition, encryption key ownership is mandatory to prevent government agencies from accessing your data without your knowledge. You retain sole ownership of your encryption keys when you store your PII, PHI, and IP in a private cloud. (This is just one of the benefits of a private cloud deployment. My last blog post explores additional benefits.) You must also protect your encryption keys because they’re just as valuable as the content they safeguard. Security-first organizations store their encryption keys in an isolated, tamper-proof hardened security module (HSM).
Beware: A File’s Journey is Fraught With Danger
Encryption at rest is only half the battle. For most businesses, sending sensitive information outside the organization is unavoidable. At some point, medical staff must share patient records with insurers, in-house counsel must collaborate on contracts with outside counsel, and customers must upload user logs to customer support portals. All of this information is sensitive and all of it is at risk of unauthorized access when it’s shared externally. Confidential information is particularly vulnerable when remote employees share it over an unsecured WiFi network, like the ones found at most coffee shops and airport terminals.
Powerful encryption makes your valuable content worthless to everyone but you. The goal is to make the cost of breaking open a file exceed the black market value of its contents. [source: Accellion enterprise content firewall]
If organizations encrypt their communications (the SSL/TLS 1.2 protocol is the standard), a hacker will only see indecipherable code. To ensure complete protection, all communication channels must be encrypted, including web to server, mobile to server, plugin to server, and server to server. Finally, organizations verify email attachment integrity with a unique digital fingerprint on their email communications.
Encrypting your content in transit and at rest is a critical step in protecting your digital crown jewels. There are, however, additional strategies you can employ to harden the threat surface of your third party workflows. In my next blog post, I’ll explore metadata and the value it provides. This unique intelligence strengthens your organization’s security and governance over the flow of information into and out of your organization.
Don’t want to wait? Download the eBook now!
Ten Best Practices for Protecting Sensitive Content