Encryption Solution: Protecting your organization from Data Breaches
With the prominent rise in Data Science and a new found appreciation of Big Data many organizations are looking into solutions to encrypt their data. Microsoft made Bit Locker available in January 2007 to Windows Vista and above as they saw the devastating effect on organizations from data leaks. Whilst the computer world was embracing encryption, the mobile world was shunning encryption as the 2007-2009 era saw a drastic shift with BlackBerry, the most secure platform losing its market dominance with businesses adopting BYOD policies where the once insecure Android and iOS platforms where becoming popular. Fast forward to 2016 and BlackBerry have now secured the Android platform and have ditched their own operating system. Apple now offers end to end encryption (BlackBerry have been doing this for years) and are constantly in court with the United States Department of Justice over their encryption.
For an organization, when it comes to encryption there are various routes to take as no infrastructure set up is the same so benefits of one could be useless for another. Installing a new data security solution can potentially be expensive but no matter the cost, losing data will hurt your business more. From reputation to losing customers and suppliers, is it worth the risk? Yahoo is currently potentially facing a lawsuit over a data breach where the data of 500 million people including unencrypted data was stolen.
The process of Encryption involves an algorithm that’s translating normal text (a password) into cipher text. There are three different basic encryption methodologies:
- Hashing – Encrypted by creating a unique, fixed length signature for a message or data set.
- Symmetric methods – Also known as private-key cryptography where the key used to encrypt and decrypt must remain secure.
- Asymmetric methods – Also known as public-key cryptography uses two keys for encryption and decryption. The public key is freely available to everyone and is used to encrypt messages and a different key will be used to decrypt.
Data Security is essential for legal reasons and all the above methodologies can be enough to secure an organizations data. Data Security is covered by the Data Protection Act. New Buckinghamshire University graduate, Saope Soko recently wrote an article which covers how a business has to keep data secure as part of the Data Protection Act 1998.
Software Encryption Solution
With the Yahoo hack this week (24/9/2016) many organizations will be looking at different software encryption solutions. Bantu Tech recommends the Dell Data Protection | Encryption Enterprise Edition. It is the most comprehensive encryption solution which can be scaled down to suit an organization. Dells Encryption Enterprise Edition offers complete end-to-end encryption which also supports and includes system disks and external media. This solution will protect against users bringing malware vs USB. Dells solution can be preinstalled on laptops ordered from Dell for enterprise solutions and with a central console, with flexible encryption, it is possible to set different levels of security for groups.
For end point disk encryption Dell has achieved the highest levels of United States of America Federal Information Processing Standards (FIPS) 140-2 certifications for endpoint disk encryption. For organizations currently running Microsoft BitLocker Drive Encryption, dell offers a management solution called BitLocker manager which will manage any devices in your organization. Through policy-driven protection, Dell offers customization of the data-at-rest protection policy for specific users to remote and conventional office workers.
Dell Data Protection | Encryption package comes with a number of solutions to fit your needs:
Dell Data Protection | Enterprise – Comprehensive encryption solution to help secure data and achieve compliance.
- Dell Data Protection | Hardware Crypto Accelerator – Hardware-based, full-disk encryption solution designed for military-grade, tamper-resistant security. Hardware Crypto Accelerator offers the highest level of Federal Information Processing Standards (FIPS) certification (FIPS 140-2 Level 3) commercially available for a system disk encryption solution.
- Dell Data Protection | Cloud Edition – The solution transparently encrypts and decrypts data stored and shared in public cloud storage services, such as Box, Dropbox and SkyDrive, so employees can use cloud storage as they always have, without disruption.
- Dell Data Protection | Personal Edition – Ideal for smaller organizations or departments, this easily deployed, locally managed solution offers flexible encryption options to help safeguard business and customer data.
Dell Data Protection Encryption packages are available and compatible with Windows and Mac OS infrastructures. For more information visit the Dell Website.
Self-Encrypting Drive Solution
Many organizations are now deploying desktop and laptops with self encrypting drives into their businesses. The end user will typically not notice any difference as companies such as Lenovo, Dell & HP offer Self Encrypting Drives (SED) as part of enterprise contracts. When a locked self-encrypting drive is powered up, the BIOS first sees a shadow disk that is much smaller than the real disk. The shadow disk is usually around 100 megabytes. The software in the shadow disk is read-only, and this software requires the key encryption key (KEK) from the user to unlock the real disk for use and to decrypt the media encryption key (MEK) so the real disk can be read and written to.
The shadow disk software stores a cryptographic hash of the key encryption key so it can recognise if the user gives the right key encryption key. When the user enters the passcode (KEK) the shadow disk creates a hash of that passcode and compares it with the stored hash of the KEK.
If the two match, the MEK is decrypted and put into the encryption/decryption circuit inside the drive, the BIOS is called to start from the disk again, but now this is the much bigger real disk with a capacity in gigabytes rather than megabytes, and the operating system boots normally.
SEDs would solve most data loss and thefts as they are easily configured and managed with minimal impact on system performance and end user quality. Seagate pioneered SED technology and Bantu Tech recommends the Seagate 4TB enterprise edition as the standard disk to be used by an organization.
Bantu Tech recommends users invest in encrypted USBs as well to prevent your data being stolen/used should you ever lose a USB.