Subscribe

Encryption as a shared service

All sensitive data should be encrypted, and this should be done as a shared service to the various divisions and departments within the organisation, says Craig Moir, Managing Director of Encryptech.


Johannesburg, 16 Feb 2018

It is quite clear that a perimeter-centric or a "breach prevention" mindset to data security has not been successful in preventing data breaches, and never will be, says Craig Moir, Managing Director of Encryptech.

The sooner organisations realise this and move to a "breach acceptance" mindset, the sooner they can focus on data-centric security solutions. And the only guaranteed and bullet-proof data-centric solution to prevent unauthorised data breaches is to encrypt all sensitive data. After all, you can't steal what you can read. With encryption, organisations may still suffer breaches but it will be a 'Secure Breach' i.e. data might get stolen but the encryption renders the data totally undecipherable and hence it remains secure.

The most effective strategy for implementing encryption within an organisation at an enterprise level is to have a centralised approach to encryption and then offer encryption as a shared service to the various divisions and departments within the organisation.

This model is far better than having each division or department embarking its own isolated encryption strategy, as large organisations can streamline resources to have one centralised solution that is scalable and easily deployable. This will eliminate the duplication of effort and reduce risk.

Most major database vendors already offer transparent data encryption (TDE) integral to the database, but this is still not secure enough as the encryption key is stored in the database or on the database server itself. The encryption key gets backed up with the database as well, because one without the other is totally useless. This is akin to parking your car with the key in the ignition and expecting it not to be stolen. A strong encryption strategy necessitates encryption key management be separated from the database and the database administrator.

Encryption as a shared service with a centralised key management solution enables the enforcement of segregation of duties between database administrators running TDE as well as storage administrators using backup encryption.

Benefits of using encryption as a shared service:

1. Centralised key management.
2. Centralised policy management.
3. Reduces hardware and infrastructure costs.
4. Reduces DR and redundancy costs.
5. Reduces duplicated security monitoring and administration costs.
6. Organisations can leverage off proven, repeatable, and documented processes.
7. Encourages document sharing and data movement throughout an organisation without the risk of leakage.
8. Encourages and facilitates more encryption usage, protecting more sensitive data and reducing breach risk.
9. Greatly facilitates audits and compliance processes by reducing duration and cost.

For more information on our encryption services please contact us on:

info@encryptech.co.za
+27 11 593 2394
www.encryptech.co.za

Share

Editorial contacts