Enterprises must face up to the fact that data breaches are inevitable. That’s one of the key takeaways from Ovum’s late 2014 report, “Cybersecurity and Encryption: Approaches to Obfuscating Data.” Attempting to prevent breaches outright is no longer a practicable option, given the porous nature of the modern perimeter and the rise of public cloud computing and BYOD in the enterprise. In addition, even for traditional on-premises data environments, “the pace of evolutionary change in threat technology is now so fast that hackers can outstrip the defenders, leaving them permanently in catch-up mode,” Ovum states. Luckily for businesses, data encryption can help keep sensitive information safe even in the event of a breach.
Factors driving the increased need for encryption
A number of factors have combined to drive an increased interest in encryption as a frontline defense against unwanted data disclosures. Some of those factors are:
- The growing number of legal and regulatory compliance requirements mandating data privacy protections, where data encryption is one of the key solutions
- The increasing use of mobile connections for professional use, driven by technology trends like BYOD and mobility
- Concerns about government agencies’ surveillance and interception of private citizens’ and businesses’ electronic communications
- Large numbers of high-profile corporate data breaches, including attacks against Tier 1 service providers like Google, PayPal, and eBay
- The advent of the Internet of Things, which connects an exploding number of devices to IP networks in order to share data
Encryption best practices
Ovum’s recommended data encryption best practices are straightforward.
- Start with data classification. At present, it is simply too complicated, time-consuming, and resource-intensive to attempt to encrypt all your enterprise data. Instead, organizations should focus on data classification in order to identify their data “crown jewels,” where they are held, where they are transmitted, and how they are used. Data classification will help in the development of an effective, economical, and efficient data encryption strategy.
- Consider tokenization where possible. While encryption is useful for a wide variety of data types and regulatory needs, there are some cases where simply obfuscating sensitive data is not enough to meet data residency and or compliance requirements. In these cases, tokenization, in which the data itself is stored securely on-premises and “tokenized” values are substituted for the data when it must leave the perimeter, can be more helpful.
- Require technology providers to support KMIP. The Key Management Interoperability Protocol (KMIP) standard for heterogeneous key management is a must for ensuring uninterrupted usability and interoperability of the encryption keys under your organization’s control. Even if KMIP is not critical to your business now, it can become so in the future, “such as for instance, after any M&A activity where two organizations with different encryption technologies are suddenly forced to coexist under a single corporate umbrella,” as Ovum points out. Requiring KMIP support now future-proofs data encryption initiatives for the foreseeable future.
Data breaches may be inevitable, but unwanted data exposure doesn’t have to be when data protection technologies are implemented in a well-planned and well-executed manner.
Ready learn more about the state of data privacy today and what Ovum recommends enterprises do to keep their sensitive or protected information safe from prying eyes? Read “Cybersecurity and Encryption: Approaches to Obfuscating Data” today.