Encryption and Tokenization: Common Pitfalls and Best Practices (Part1)

Best Practices, Technology 0 Comments

Written by Michael Higashi

When it comes to achieving regulatory compliance, encryption  and tokenization are two powerful tools in your arsenal. As with any tool, however, having the right tool won’t solve anything if you don’t use it correctly. We’ll focus on encryption of
Encryption_and_Tokenization_Pitfalls_and_Best_Pratices_TEXTcloud information in this post. Look for a follow-on post covering tokenization common pitfalls and best practices soon!

Here are some common pitfalls and best practices to follow when securing your data with encryption.

Pitfall: Not using strong enough encryption

Encryption comes in different strengths and flavors, and choosing the appropriate kind for each of your data fields’ needs is vital to a successful cloud information protection strategy. Due to their higher level of sensitivity, customers’ credit card numbers require a higher strength of encryption than, say, customer ZIP codes. Failing to use a strong enough encryption method for protected data can result in compliance violations or data breaches, two costly consequences every enterprise wants to avoid.

Best Practice: Protect your most sensitive data with the strongest encryption possible

“No one ever got fired for having encryption that was too strong,”

a security expert told the BBC’s Paul Rubens. At CipherCloud, we agree. That’s why we offer encryption options like AES 256-bit symmetric encryption, which provides protection as strong as 15,360-bit asymmetric encryption.

Pitfall: Giving someone else control of your encryption keys

Speaking of symmetric and asymmetric encryption, any kind of encryption method that gives a third party——access to your encryption keys leaves you more vulnerable to a breach and puts you out of compliance. It’s not only that a third party could be hacked or fall victim to an insider threat. Should the third party ever receive a government request for data, you may find your data handed over without your consent or participation. The first two possibilities are threats to your regulatory compliance; the last is a threat to your enterprise’s privacy.

Best Practice: Retain exclusive access to your encryption keys

To ensure that your organization alone has the power to unlock your data, CipherCloud advises that you keep exclusive control of your enterprise’s encryption keys. This way, even if your data is leaked or stolen, it will remain illegible to anCTA_10-Minute_Guide_Cloud_Encryptionyone outside your company. Additionally, even if  a third party  gives your data up to government agencies, they won’t be able to decrypt it, either—not without your help.

Pitfall: Failing to retain functionality

Encryption can lock your data down so that no one but the authorized parties in your organization can read or use it, but if used incorrectly, it can also lock your data down so that your cloud applications can’t use it, either. You might be in compliance, but you’d be out of luck when it comes to maximizing the potential of cloud applications like Salesforce and Microsoft Office 365.

Best Practice: Keep data formats and use encryption methods that preserve functionality

When it comes to encryption, CipherCloud offers methods to preserve your data’s searchability, sortability, reportability, and general functionality in the cloud. When encrypting data, look into CipherCloud’s Searchable Strong Encryption, which combines the protection of AES 256-bit encryption with secure local index and search options so that you can continue using data without losing any protection.

Cloud information protection methods like encryption and tokenization are vital to regulatory compliance and the security and privacy of your enterprise’s sensitive data. Use them correctly to stay safe in the cloud.

Next Steps:

What other encryption pitfalls should enterprises avoid? Let us know your thoughts in the comments and stay tuned for part 2 of “Encryption and Tokenization: Common Pitfalls and Best Practices“: Tokenization.

Leave a Reply

Your email address will not be published. Required fields are marked *