Click to learn more about author Jeff Harrell.
We’ve entered an age where the conveniences of widespread connectivity, the cloud, and cheap, easily accessible storage have put us at more risk than ever of getting breached. At the same time, malicious actors have become more sophisticated, resourceful, and persistent – when data does fall into the wrong hands, the consequences can be devastating. From the 3 billion users whose accounts were exposed on Yahoo to the 143 million on Equifax, these infamous examples represent a continuous threat.
While IT security seeks to protect physical assets like networked computers, databases, and servers, encryption is a must-have element in any security strategy – it protects the data that lives on and between those assets.
Encryption uses computers and algorithms to turn plain text into an unreadable, jumbled code – unless you have the encryption key, a series of bits that can decode the text. Ultimately, even if data does end up being stolen, it will be unreadable and useless to the thief because it is encrypted.
Unfortunately, encryption is often perceived as complex as rocket science. There is the concern that if you lose the encryption keys, you lose the data forever. There are fears that encryption keys are difficult to manage, update and store securely. And some worry that encryption will impair high-speed data transactions and system performance.
In reality, that’s not the case at all. Encryption solutions are becoming more advanced by the day and address many of these perceived barriers to adoption. Below we take a look at a few key examples.
System Performance and Latency
In today’s agile world, no one can afford to adopt a technology or practice that will slow things down. Many people fear that adding encryption functionality will slow down their overall access to files since the decryption process necessary to retrieve those files is known to be computationally expensive.
However, the latest encryption solutions reduce this latency so much that users will not experience any perceptible application delay.
Enforcement of Policy
Having distributed data systems means your centralized policy server needs to push out policies to those systems. That requires secure policy replication to prevent unauthorized modifications. Distributed systems also require automated mechanisms for secure node removal when a server is removed from a cluster.
Encryption supports these requirements for both data-at-rest and in-motion, providing rapid and secure encryption key rotation. With encryption, these functions perform efficiently without downtime during normal operation.
While data environments are migrating into the cloud, many encryption solutions on the market today were not specifically developed with cloud storage and distributed systems in mind. When legacy encryption solutions came on the market, cloud storage simply wasn’t a factor. A decade ago, there was only a fraction of the data that exists today, and almost all of it was stored on-premises.
Next-generation encryption solutions have been designed from the ground up for optimal performance and scalability in distributed systems and elastic cloud environments. The result is an encryption process that has little-to-no impact on performance.
To ensure optimal functionality and unrestricted scalability, choose an encryption solution specifically designed to support a variety of cloud infrastructures and on-premises architectures. Each organization has its own reasons for storing data in the cloud, on-premises, or a combination of the two. When you are “trapped” by your encryption solution, it’s time to choose a new one. Your business is continuously evolving, so you need a solution that will easily adapt and grow with you.
Management of Keys
Key management is a critical component of encryption – and security strategy overall – which is why it is so surprising how many large, sophisticated organizations still manage encryption keys with a spreadsheet. Unfortunately, that method is slow, difficult, and error prone. What’s needed is an automated key management system that can generate, recover, and rotate keys based on set policy.
Encryption keys are stored away from the encrypted data, and access to keys is automated and tightly controlled. As virtual machines running the database are provisioned (and de-provisioned) to balance capacity needs, no manual intervention is required at the management console. Automated encryption key back-up and recovery helps minimize the risk of loss or breach of sensitive information.
Succeed with Strategy
Organizations that are serious about protecting the integrity of their data, customer information and complying with government regulations no longer seriously dispute the value of encryption. The challenge for many is how to control costs and easily manage this critical asset in today’s scale-out data environments.
The good news is that a carefully architected and well-implemented data encryption strategy can provide the foundation of your data protection security policy. Encryption can protect your data and solve many of your data protection challenges, and several advances in encryption now make it easier to deploy – taking the apprehension out of encryption.