SECURITY: encryption

Data encryption used to be something that was limited to larger organizations that handled highly secret or classified information considered dangerous in the wrong hands.

The general idea is still the same, but an explosion of ubiquitous digitally stored and transferred data has extended the need of encryption to companies of all shapes and sizes.

Responsible IT management must always protect data stored on a computer or network storage system, both when it is onsite and carried off premise. Whether the content includes SS#s, credit card numbers or key intellectual property, it should be kept safe.

Exposure of sensitive or confidential records can result in financial losses as well as heavy fines.

A good encryption solution can make sure that data is always only readable by authorized users. This means that the organization is continually protected, even if it falls victim to a massive data breach. The information is also safe in the event physical computer equipment is lost or stolen.

Encryption Types

Full Disk Encryption (FDE) – The entire hard disk is encrypted. Users must authenticate or enter key information when the device is powered on for each session. No user can access the disk content without the needed credentials.

File / Folder Encryption – Conceptually the same as FDE, but the protected object can be limited to specific files or folders. The rest of the data is left unencrypted.

Most organizations are opting for Full Disk Encryption, as it is safer and easier. Users do not have to make any decisions about what information to encrypt or worry about whether sensitive data is put at risk.

File and folder encryption still offers key advantages for organizations that share PCs and other computer devices with users having different levels of access. In this case, the all-or-nothing option will not work.

Key Features
Perhaps the most critical thing to look for in a good encryption solution is a capable Centralized Administration System. The infrastructure must be fully managed and monitored at all times, with an efficient method of removal and redeployment. Lack of sufficient control can be lethal.

Other important items

 

  • Customizable reporting of status and device risks/conditions
  • Remote enforcement of password and security policy
  • Full encryption of all sensitive data on the devices
  • Immediate data access elimination with instant, administrator-enabled remote restoration
  • Complete data wipe capability when devices are stolen
  • Broad range of both administrator-enabled and automatic security responses to threat conditions