How Encryption Works and the Contours of a Successful Encryption Strategy

Anthony Merry, Director of Product Management - Data Protection, Sophos

Data is the new age currency and extremely valuable to organizations. But there is somebody else who also has an eye on this data – the cybercriminal. While you leverage the potential of your organizational data to drive business growth, the cybercriminal sees your data as a money making opportunity. He wants to grab your data, sell it and earn money from it. Encryption is the first line of defense that protects your data. Even if the data falls into the wrong hands, it is useless because it’s encrypted.

So how does encryption work?

Encryption scrambles messages in a form that cannot be read by unauthorized users. Whenever you encrypt data, a series of algorithms come into play and who work their magic to turn readable data into unreadable cipher text. Organizations concerned about data loss need to focus on two main areas of encryption, namely full-disk and file-level encryption.

Full-disk encryption (FDE) encrypts the entire disk, and not individual files, at the sector level below the File System. This means all the content of your physical hard drive will be encrypted. This is the encryption that protects your data at rest and is an integral part of your data protection strategy. It typically comes into play when a device is lost or stolen. FDE automatically protects all data on a disk, but in case the file leaves the disk, the file isn’t protected any more. On a Mobile Device (iPhone, iPad, Android phone or tablet) this can also be called Device Encryption.

File Encryption, as the name suggests encrypts specific files. You can choose the file you wish to encrypt; it does not encrypt all files written on the disk, but follows encryption rules and policies that you’ve set. Unlike FDE, file encryption ensures encrypted files stay encrypted even if they leave the device or disk. Irrespective of whether they are shared through email, copied to removable media or the cloud, these encrypted files will remain encrypted. Your data, essentially is protected in use and transit. File Encryption should be used in conjunction with Full Disk Encryption, as a second layer, to cover the use cases for Data at Rest, Use & Transit.

An Actionable Encryption Strategy

Deploying a next –generation encryption solution is a great idea but this deployment should be backed by a rock-solid strategy. The strategy must take the following points into account:

  • The flow of data in and out of your organization
    Evaluate and analyze the data flow in your organization and how it goes in and out. Evaluate the ways and means used to share data – email, cloud sharing, intranet etc.
  • Data usage
    Make sure you are aware how employees make use of the data in your organization. The questions to ask are – How is data leveraged to improve productivity and make critical business decisions?What devices are commonly used to access that data by your employees? Identify the tools, systems and apps that are used to share and use data.
  • Data Access
    Identify the users/employees who have access to your data. Check whether your employees have access to data that falls within their operational zone or they also have access to data they don’t need.
  • Data Residence
    A good encryption strategy should also keep data location in mind. Does your data reside in a data center or in the cloud? Do you have a BYOD policy in place and do your employees access corporate resources from remote locations? These are just some of the questions you must answer to define a clear encryption strategy.
    An encryption strategy enables you to zero in on an encryption solution that is perfectly placed to cater to your data security needs. This helps you leverage the maximum potential of encryption.

Leave a Reply