Blog

Here’s What You Missed On: “How to Protect Sensitive Data, Even When Hacked” -

Written by Adam Cason, VP, Global and Strategic Alliances | Nov 8, 2019 6:00:00 AM

Did you miss our webinar on application encryption and how to protect sensitive data even when hacked? Well don’t worry, we’ve got you covered. We’ll go over how the landscape for data security looks, discuss some of the common data security pitfalls, and give you an overview of what application encryption is and how it works.

Data breaches occur literally daily across every type of organization, from enterprises to government agencies – and everything in between. These attacks are becoming increasingly sophisticated, as hackers have more funds and resources and stem from organized crime and state-sponsors.

Whether it’s underestimating the prevalence of cyber threats or failing to use data security as a preventative measure, there are several common data security pitfalls and they often involve human error on the side of the organization.

What’s important to focus on is not what to do if your organization’s data is compromised, but rather how to act when it inevitably happens. The key to this is to learn how to devalue data, because once it has no value, it’s worthless to hackers. This is where application encryption comes in.

Application encryption entails identifying and encrypting data to increase security before storing it. There are several key benefits to application encryption. Besides minimizing the impact of a data breach, it also secures data at rest, meaning it’s protected from both internal and external threats. Application encryption works for data in all locations, no matter if on-premises, cloud, or hybrid. It allows for strong key management, which is essential as it sets guidelines for policy-based rotation and removes reliance on manual processes. Other benefits include data security isolation and regulatory compliance.

Application encryption can be accomplished with a hardware security module (HSM). This FIPS 140-2 Level 3 certified device can handle key storage, key wrapping, entropy, and cryptographic processing. However, it’s important to note that an HSM is not always necessary for application encryption. It is possible to do encryption within the application itself, and in that case, the HSM is used only for key management. This is ideal in situations where availability, speed, and size of data are important and HSM-based encryption is not required for regulatory compliance. In other situations when high-assurance security is the primary requirement, it is best to conduct application encryption within the HSM.

When discussing application encryption, we also want to emphasize the role of key management. Without proper key management policies, encryption is essentially useless. Strong key rotation policies ensure that data is encrypted on more than a single key, making it more difficult to hack.

There are a few things to consider for implementation of application encryption, such as what types of encryption are being used, whether dual control for crypto keys is necessary, how user management will be performed, whether granular operational policies are needed, and whether file encryption is needed. These will vary depending on your specific organization’s needs.

We hope you’ve found this brief overview of application encryption to be useful. We want to leave you with the question of what you can do better as an organization when dealing with encryption. If you want a deeper look, you can download our whitepaper for more. If you have questions or concerns, don’t hesitate to reach out to our Solutions Architect team for help.