Keep Your Data Secured With Encryption – A Step-By-Step Guide

Companies have long been accustomed to the use of Intrusion Detection Systems (IDS), firewalls, and advanced user authentication controls to keep confidential corporate data secured. However, hackers have found new ways around conventional data security methods which leaves companies with only one method to secure and protect their data effectively – encryption. Encryption has been in little use but now is growing due to regulations governments are setting in place.

Why use encryption?

There are many uses of data encryption. Encryption software programs use an obscure algorithm which makes it less likely for hackers to crack it and gain access to the data. There are two primary ways through which encryption is done: the symmetric method and the asymmetric method. In the symmetric method, data is encrypted and decrypted via the use of a single password. In the asymmetric method on the other hand, a private/public key model is used where a pair of keys is used for encryption and decryption.

“Hackers are always going to get in. The data has to be encrypted when it is stolen, so when removed the data will be useless. Or we can continue to treat real cyber security as an afterthought. The choice is ours – I will go with the encryption”
— Richard Blech, CEO, Secure Channels

There are many encryption methods that are available now. One that is fast gaining popularity in the business climate for keeping data secure for cloud applications is ‘data at rest’ encryption.

What is Data at Rest?

As mentioned previously, use of perimeter security alone is not sufficient for protecting an organization from internal and external data security threats. Instead, companies are now required to implement data at rest encryption.

This involves encrypting data while it is at rest, as the name implies, that is, inactive data which is stored physically in any digital form – compared with data in use or in motion, data at rest is not being moved or transmitted to another network or channel. Data at rest can be archival or reference files that are changed rarely or never; it can also be data that is subject to regular but not constant change.

Considering these aspects, companies need to identify where the data is being stored – whether it is in storage networks, file servers, databases, end point services, or in the cloud itself.

Companies that are seeking to implement data at rest encryption need to look out for the following four things:

  • Security – the encryption data must have advanced and secure symmetric encryption standards.
  • Performance – the encryption should be up-to-date and should prevent data from being easily cracked by hackers.
  • Ease of use – the solution must be flexible enough to suit your requirements and preferences.
  • Scalable for larger data volume – the solution must be scalable to adapt to larger data volume usage without compromising on performance.

Step-by-step guide to encrypting data at rest

Data Assessment

When encrypting data at rest residing in the cloud, it is first important to consider the type of data you wish to protect. To determine this, you need to ask the following questions:

  • What information requires protection?
  • What kind of threats does the information require protection against?
  • What kind of infrastructural changes are we willing to change?
  • What are our expectations from the encryption?

Encryption Approaches

Data at rest encryption is best done via the use of the Advanced Encryption Standard or the Data Encryption Standard (DES) as these are algorithms which provide advanced encryption and data security. However, there are various approaches on how you can approach data encryption. These are as follows:

Application-level encryption

In this encryption approach, data within the application is encrypted before it is moved or transmitted to another location. This allows data to be sent and received fully encrypted and leaves little room for data to be misused from insider and outsider access as it can deceive even the Database Administrator (DA).

However, this approach can be a very costly one to implement by companies. It is very computationally intensive and so can take a lot of time to implement, particularly when multiple applications are involved. It further does not cover unstructured data and requires a development team to monitor and maintain its encryption,


In tokenization, the sensitive application data is substituted with unique identification symbols, serving as a proxy for the original data that is kept in an encrypted master file. For a hacker to gain access, he would need to match the unique identification symbols with the original data information, which makes it far difficult for hacking. This approach has applications for protecting credit card and social security numbers.

Cloud Data Encryption

How companies intend to encrypt data in the cloud network will depend on the type of cloud model used. In the case of using Infrastructure-as-a-Service (IaaS), data encryption can take place when stored in the storage volume layer. In other models, the encryption approach will vary according to where the encryption key management infrastructure is located.



5 Million Gmail Usernames, Passwords Hacked! What to Do Now?


Gmail Hacker

The news that five million Gmail usernames and passwords were stolen alarmed many in the industry. If Google’s servers aren’t safe, whose are? But Google quickly followed up the news with an announcement that the information was taken from a website not belonging to Google. The company has searched its own systems for signs of a compromise and have found nothing.

What to Do Now

Since Gmail powers many workplace email accounts, it’s important that businesses first protect any email accounts that might contain company data. Even if one employee is using a Gmail account for work duties, that employee should take measures to ensure his account is protected. To be safe, business leaders should send instructions to all employees on safeguarding their Gmail accounts, even if they don’t use them for work purposes.

Protecting your Gmail account is easy. The first step is to change your password, which can be done by clicking the down arrow next to the gear in the top-right corner. Choose Settings, then Accounts and Import. Change Password is at the top. You’ll be prompted to enter your old password and your new one twice. Try to shoot for a “Strong” password rating. Once you’ve changed your password, you’ll be taken to another settings screen. If 2-Step Verification is disabled, click the link to set it up and go through the steps. You’ll be notified via phone call or text message every time someone tries to access your Gmail through an untrusted device.

User Security

To help their own systems remain secure, businesses should urge employees to use passwords that are difficult to guess. Administrators can set this up as a requirement on all applications and file servers, making each employee have a combination of letters, numbers, and special characters in every password.

Another trap business users fall into is that of using password keepers. This is a solution to the many passwords we’re all required to keep up with, letting users remember one strong password to access all sites and applications. While acknowledging the usefulness of such tools, it’s important that businesses explore the encryption being used by the particular password keeper being used. If your administrator is responsible for keeping up with everyone’s master password through a console, the security on the console should be investigated, as well.

The Gmail breach is yet another reminder of how vulnerable electronic systems are. If your business employs the best industry-standard software for security and encourages safe password polices, your users can stay safe during large-scale hacking attempts.

201 CMR 17 and what it means for your company.

If you haven’t heard of 201 CMR 17 and your company handles personal information for your customers you will have to read up. “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information”. Luckily Massachusetts has postponed the deadline to be 201 CMR 17 compliant from January 1010 until May 2010, but you should still start working towards being compliant as soon as possible. I know The Office of Consumer Affairs and Business Regulation has received a lot of backlash due to this new law, and I for one am for it. I have worked for companies who enforced data protection and who didn’t. The ones who did used encryption, etc. I know the costs to implement such things can make even the mightiest CFO cringe. At the end of the day with the dawn of a new decade hacking means have matured exponentially and the most important thing to the customer is who will be protected most, and I for one welcome anything that will protect my personal information. Below is just a short list of things you will need to do:

– Need to have your email secure and possibly encrypted.
– Audit and detection software so you can audit file access and also detect unwanted access.
– Encrypt all removable media
– Tighten security