There is perhaps no more basic security mechanism than data encryption. Encryption is used in so many useful security solutions that it has become a staple for ensuring that unauthorized access to data is not possible. From encrypting data that is sitting on a disk to encrypting the data that traverses over the wire from a network perspective, data must be secured using encryption mechanisms to ensure that it is safe during all stages of the process, both in-flight and at-rest.
Recently, it was discovered that Facebook had stored millions of passwords of its users in plain text, going back for years. Without password encryption enabled, It was learned that thousands of Facebook employees had unlimited access to the passwords of millions of its users.
It underscores the risks involved when storing any kind of sensitive information in plain view for others to see, even if these are employees. What exactly is data encryption? What is the importance of data encryption when it comes to data security? What types of data do organizations need to ensure are encrypted, even including what often missed types of data?
Table of Contents
What is Data Encryption?
We often hear about encryption in a “bad light” when it comes to encryption being used as a means the attackers use to extort money from victims, a.k.a, Ransomware. However, when used for a good purpose, data encryption works for the good of businesses to protect their data. What exactly is data encryption and how does it secure your data?
Encryption is a form of technology that allows concealing data from others using advanced algorithms known as ciphers, to turn normal, plain-text data into unreadable data.
Authorized users, systems, and processes possess a cipher key which is the cryptographic specialized key that is able to unlock the unreadable data and turn it back into the plain, readable data that is able to be consumed normally.
We can think of it as the key to your home. Only you and your family members are able to unlock the door to gain entry. Others, without the key, are prevented from entering.
Conceptually, in the same way, those that are unauthorized, whether it be users, systems, or other processes that do not possess the encryption key, are prevented from gaining access to the data. This is a huge benefit to data encryption as it helps to guarantee the safety and security of the data it is protecting. The importance of data encryption cannot be emphasized enough. Let’s see why.
What is the Importance of Data Encryption when it comes to data security?
While this has already been alluded to, let’s think about the importance of data encryption when it comes to data security. Among other things, data encryption helps to ensure that data is secure, regardless of whether or not it resides on sanctioned infrastructure. What does this mean?
An aspect of data security can certainly be ensuring the systems that contain the data themselves are secure and unauthorized users do not have access to these systems.
No security solution can guarantee that a system is impenetrable and unable to be compromised. This is where taking the extra step of encrypting data comes into play. Even though proper security control mechanisms are put in place on the actual sanctioned systems housing the data, additionally using data encryption ensures that even if the data leaves these sanctioned systems, it cannot be read.
One example would be a user who may have access to the storage location where sensitive data may be stored on a server. If the data is not encrypted, the user could potentially simply copy the data to a removable drive, take it to another location, mount the drive, and copy the data to another system for viewing.
However, if the data is encrypted properly, the user may still be able to copy the data from a sanctioned server over to a removable drive, but would only have unreadable data when attempting to view it.
This makes data encryption extremely important when it comes to the security of data in general. Data encryption needs to be considered from two different standpoints – data encryption at-rest, and data encryption in-flight. What is the difference?
Data encryption at-rest is the type of encryption we have already been referring to. This is where data is encrypted using a key so that it is unreadable when accessed on disk. However, data needs to be encrypted also in-flight as it traverses the network wire.
If data is only encrypted when it lands on the disk and not when it crosses over the network, an attacker could potentially sniff the network traffic and gain access to the data as it traverses the network. This could still lead to data compromise. Effective data encryption would mean ensuring that data is encrypted both at-rest and in-flight to cover the entire range of potential compromise.
When thinking about how important it is to encrypt data – it cannot be emphasized enough. Data encryption is a must.
It is crucial. It is imperative – period. Businesses who fail to implement proper encryption of their data are asking for data leak disaster and compromise of sensitive information. The damage to the business if a data leak event happens can be catastrophic to the point that a business can’t survive the economic, brand reputation, and customer confidence effects that may result.
What Types of Data Need to be Encrypted?
Arguably, in today’s world, the safety measure for organizations to take when thinking about specific types of data to be encrypted is to encrypt everything. This may not be feasible to some degree, depending on the applications being used and other internal business challenges. However, there is no question that certain types of data need to be encrypted, as shown by the latest Facebook plain text passwords debacle.
Any type of Personally Identifiable Information being used by organizations needs to be encrypted so that it is not easily readable for all to see. This includes any information regarding the identity of customers – names, addresses, phone numbers, passwords, etc. As is shown in the Facebook plain text passwords storage issue, the passwords of millions of customers were stored for thousands of employees to see.
This included between 200 million and 600 million Facebook users may have had their account passwords stored in plain text access to thousands of Facebook employees.
This type of clear text information visibility leaves nothing but unsettling unrest among customers and questions regarding what other types of information may be stored inappropriately.
There is no doubt that passwords, credit card numbers, social security numbers, and other highly-sensitive types of information need to be encrypted. Are there potentially other types of data that need to be encrypted that may get missed, possibly posing a danger to data? Yes, backups.
Encrypted Backup is Crucial
A type of data that may potentially be forgotten about when it comes to encrypting data is backups. When it comes down to the data stored in backups, it is production data. Without encrypted backups, the door can be opened to data being accessed by unauthorized users, especially if components of the production data landscape are not encrypted.
When it comes to encryption of backups, it needs to include encryption of backup data both on disk, and across the network. This is encryption at-rest and in-flight. This will protect the backup data stored on disk and when it is being transmitted across the network.
Organizations using backup solutions on-premises need to make sure backups of business-critical systems are encrypted. Additionally, this need also extends to the cloud. Ensuring that cloud backups are encrypted can be more challenging since the infrastructure exists elsewhere.
This makes it imperative to use solutions that have the capability to utilize encryption effectively to encrypt data in-flight and at-rest.
As more organizations are moving such services as email and cloud storage to various public cloud providers, backups of these Software-as-a-Service environments are becoming an integral component of disaster recovery planning. Since there are no true native “backup solutions” found in today’s public cloud vendors such as Google G Suite and Microsoft Office 365 environments, organizations must choose capable solutions that allow performing proper backups along with the needed encryption security mechanisms.
Secure Backups of Public Cloud SaaS Using Spinbackup
Spinbackup provides the ability for businesses today to not only effectively perform automated backups of G Suite and Office 365 environment, but also ensure these are properly secured. Spinbackup focuses its efforts on creating and maintaining a state of the art security measures based on current market and technology standards.
Technology standards include the following security initiatives and capabilities:
- Industry Technology Expertise – Spinbackup maintains partnerships with the major public cloud vendors
- Assurance Programs – SOC1, SOC2, SOC3, ISO 9001, ISO 27001, HIPAA, MPAA, FISMA, FERPA, CJIS, CSA, DIACAP, FedRAMP, ITAR, FIPS 140-2, G-Cloud, PCI DSS Level 1 compliance
- Secure Cloud Ecosystem – Spinbackup is partnered with today’s most secure cloud ecosystems, including Amazon AWS, Google GCP, and Microsoft Azure.
- Data Encryption – Spinbackup uses the highest levels of encryption standards when transferring data in-flight and in storing it in the cloud. The standards used are the same standards used by Amazon EC2 and Amazon S3. During transmission, user data is encrypted using 256-bit AES algorithms.
- Data Deletion Policy – Data is only deleted from Spinbackup servers if an account is cancelled.
- Data Access Policy – Spinbackup never requires user credentials. Passwords are never stored on Spinbackup servers.
- Service Level Agreement – Spinbackup maintains 99.9% SLA and 99.9% success for backups
Spinbackup provides the ultimate, secure platform for backing up business-critical data in the public cloud. By providing an efficient, powerful, and secure backup solution for public cloud Software-as-a-Service environments such as G Suite and Office 365, Spinbackup allows organizations to effectively migrate their data to the cloud, confidence in the effectiveness and security of the backups captured.