Data has become the resource that fuels the new digital economy. As enterprises increasingly harness data to gain insight into markets, customers, and operations, protecting their growing volumes has become an imperative. Data at rest is an attractive target for cybercriminals, and in today’s increasingly distributed environment, data breaches have become an all too familiar headline. In this blog, we will examine the challenges faced by enterprises trying to protect their data resources, while trying to minimize the impact that security measure may have on operational performance.
Compromised data can have severe impact on corporate reputation and brand image. Notification requirements, remediation processes, and liabilities can add significant cost to enterprise operations. Moreover, far-reaching security mandates such as the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standard (PCI DSS), and the Federal Information Security Management Act (FISMA), among others, are becoming stricter. The GDPR in particular imposes severe fines. On the threat front, cybercriminals are constantly upping their game with more sophisticated attacks across distributed environments. As I have highlighted in previous blogs, all this is forcing organizations to rethink their cybersecurity strategies and invest more in data security to manage their risks, secure their data, and protect their reputation.
The challenge
How do you ensure your data is safe in such a heterogeneous and dynamic environment without affecting operations?
Traditionally stored on-premises and now increasingly across cloud-based environments, the volume of data used by organizations to conduct business has been steadily increasing. With huge new sources of data feeding corporate databases through connected ecosystems empowered by the Internet of Things (IoT), protecting this data has become critical. However, with more applications using this data for day-to-day operations, data protection mechanisms must be as transparent as possible so they are effective and not circumvented.
Data security
To protect data from external and internal threats, an enterprise data protection strategy must include the establishment of data policies with associated auditing and compliance mechanisms. Together with threat and risk modeling, as well as, a well-defined remediation and improvement program, the strategy must align with how the business is deploying technology as it transitions from traditional on-premises deployments to cloud-based environments. Implementing a layered security approach that establishes processes that discover, classify, segment, and control access to the data is essential. This is necessary not only ensure the confidentiality and integrity of data, but also to manage the entire data security life cycle.
Encryption of data at rest and access control are a best practice that can facilitate compliance with data security regulations. Designed and implemented correctly, encryption of data can provide robust security with minimal impact on operational efficiency.
Secure and efficient key life cycle management is an essential part of an enterprise data protection strategy. Because cryptographic keys enable encrypted data to be returned to its original clear-text state, protecting and managing keys is critical. Cryptographic key management includes the generation, exchange, storage, use, destruction and replacement of keys. With growing volumes of data used to conduct business, protecting and managing keys across the enterprise becomes a challenging endeavor. Keys must not only be protected but readily available to applications using the protected data to ensure no degradation in performance.
Data security solutions
Data security platforms and hardware security modules provide high assurance cryptographic services for organizations, including key management. Supporting commercial databases that offer native encryption capabilities or integrating through standards such as the Key Management Interoperability Protocol (KMIP), services offered by these platforms and modules harden the security of key vaulting functions and cryptographic application program interfaces (APIs). Extending beyond traditional on-premises environments, data stored in the cloud is also be supported, and to protect from insiders threats, tokenization, file encryption, and application encryption provide for comprehensive security. Enhanced protection delivered by certified data security platforms and hardware security modules provides a root of trust that facilitates auditing and regulatory compliance.
What’s in it for you?
Thales security solutions, including the Vormetric Data Security Platform and the nShield Hardware Security Modules enhance data protection, helping solve data security and privacy challenges faced by enterprises today. Making it easier for auditors to see how data and keys are protected, data security platforms and hardware security modules enable added operational, security, and compliance benefits. For global enterprises needing to protect the privacy of its customers’ data, all this adds up to reduced scope, cost savings, and peace of mind for CISOs, their staffs, and senior management.
Database security solutions from Thales eSecurity and industry leaders like Accenture ensure you can solve your data privacy challenges and comply with regulatory requirements. To learn how to stay fit to meet regulationsm visit our Fit for Compliance Page and sign up for our June 27th SecureWorld web conference, Best Practices for Solving Global Data Security and Privacy Challenges.
