When it comes to achieving regulatory compliance, encryption and tokenization are two powerful tools in your arsenal. As with any tool, however, having the right tool won’t solve anything if you don’t use it correctly. We’ll focus on encryption of
cloud information in this post. Look for a follow-on post covering tokenization common pitfalls and best practices soon!
Here are some common pitfalls and best practices to follow when securing your data with encryption.
Pitfall: Not using strong enough encryption
Encryption comes in different strengths and flavors, and choosing the appropriate kind for each of your data fields’ needs is vital to a successful cloud information protection strategy. Due to their higher level of sensitivity, customers’ credit card numbers require a higher strength of encryption than, say, customer ZIP codes. Failing to use a strong enough encryption method for protected data can result in compliance violations or data breaches, two costly consequences every enterprise wants to avoid.
Best Practice: Protect your most sensitive data with the strongest encryption possible
“No one ever got fired for having encryption that was too strong,”
a security expert told the BBC’s Paul Rubens. At CipherCloud, we agree. That’s why we offer encryption options like AES 256-bit symmetric encryption, which provides protection as strong as 15,360-bit asymmetric encryption.
Pitfall: Giving someone else control of your encryption keys
Speaking of symmetric and asymmetric encryption, any kind of encryption method that gives a third party——access to your encryption keys leaves you more vulnerable to a breach and puts you out of compliance. It’s not only that a third party could be hacked or fall victim to an insider threat. Should the third party ever receive a government request for data, you may find your data handed over without your consent or participation. The first two possibilities are threats to your regulatory compliance; the last is a threat to your enterprise’s privacy.
Best Practice: Retain exclusive access to your encryption keys
To ensure that your organization alone has the power to unlock your data, CipherCloud advises that you keep exclusive control of your enterprise’s encryption keys. This way, even if your data is leaked or stolen, it will remain illegible to anyone outside your company. Additionally, even if a third party gives your data up to government agencies, they won’t be able to decrypt it, either—not without your help.
Pitfall: Failing to retain functionality
Encryption can lock your data down so that no one but the authorized parties in your organization can read or use it, but if used incorrectly, it can also lock your data down so that your cloud applications can’t use it, either. You might be in compliance, but you’d be out of luck when it comes to maximizing the potential of cloud applications like Salesforce and Microsoft Office 365.
Best Practice: Keep data formats and use encryption methods that preserve functionality
When it comes to encryption, CipherCloud offers methods to preserve your data’s searchability, sortability, reportability, and general functionality in the cloud. When encrypting data, look into CipherCloud’s Searchable Strong Encryption, which combines the protection of AES 256-bit encryption with secure local index and search options so that you can continue using data without losing any protection.
Cloud information protection methods like encryption and tokenization are vital to regulatory compliance and the security and privacy of your enterprise’s sensitive data. Use them correctly to stay safe in the cloud.
- On-Demand webinar – “Cloud Encryption 101: Understanding the Basics“. Listen in and learn about: How cloud encryption technologies work; Case studies on how and why organizations are using these technologies, plus a demo of cloud encryption technologies in action!
- Free eBook/evaluation guide: “What You Need to Know About Cloud Information Protection Solutions” – Let’s face it – many of us are skeptical about the security of our information in the Cloud.
This evaluation guide includes a handy “report card” and 5 critically important business and technical considerations you will want to understand.
- Blog post – “Cloud Information Protection: Asymmetric vs. Symmetric Encryption”
What other encryption pitfalls should enterprises avoid? Let us know your thoughts in the comments and stay tuned for part 2 of “Encryption and Tokenization: Common Pitfalls and Best Practices“: Tokenization.