Unlocking Encryption – A Method of Data Security
Encryption is an increasingly important set of technologies that enable customers to protect the personal data on computers, through public or private network, or in other machine-readable form.
For small and medium markets, the ideal approach to data encryption will be both affordable and easily integrated into a comprehensive data backup and business continuity systems solutions. This will include a powerful, standards-based encryption, and offers a powerful key management functions.
Imagine a bank with 20,000 customers, most with multiple accounts and bank cards. Every night, the bank makes a complete tape backup of the server core information.
Each of these practices can cause the tape to be mislaid or stolen from the loading dock, accidentally dropped off at the wrong location, or a lost or stolen from delivery van, among others. Once the tapes are in the wrong hands unencrypted data easily compromised.
Fortunately, the encryption function can be easily integrated into the organization’s backup process, protect all data on corporate servers and backup devices, and all the data taken from the site for archiving.
Keys and key management
A key is a piece of information, or parameters, which controls the operation of a cryptographic algorithm. Modern encryption algorithms typically use either symmetric keys or asymmetric.
Symmetric key method uses the same key for encryption and decryption. Symmetric keys are excellent for use with devices and equipment that need to share key is very limited. This usually happens with the backup data set, which one does not need to specifically allow access to many key parties.
If you lose your house keys, locksmith can choose a mechanical lock and help you regain access. If you lock your keys in the car, there are special tools that can help you open the door. But any method of encryption that allows this kind of “alternative access” in the event of lost keys will be fatal safe. These days, most of the encrypted data unreadable to thieves and basically totally lost to the owner in the absence of the necessary keys for decryption.
Implementation method
Data encryption can be incorporated into your workflow in a variety of different ways, each with advantages and disadvantages. When implementing data encryption on the network, there are four basic ways to approach the process:
File system encryption on a server. Encrypting file system is probably the easiest to implement. But this type of encryption where the CPU is very heavy demand on the server, which often makes it impractical for Exchange or SQL server is busy due to the computing power needed.
In addition, the file server encryption system does not allow for centralized management – rather, it should be implemented on a per-server, and managed only with respect to that system. And in a multi-OS environment, the type of encryption-based file systems may not be available for every OS that is used.
In-line encryption. In-line encryption is usually performed by specialized hardware “tool,” and quite simple to implement. These tools usually have two network connections, with the plain text comes through the network, and the cipher (encrypted) text out of the device.
But this encryption methodology is a bad choice for some companies. In-line devices require lightning speed of the hardware to operate, pushing up the typical cost.
Backup encryption devices. The main difference between the encryption device backup and backup media encryption is the location where the encryption is done. Encryption on the backup device provides many powerful data security as a whole. This is true because the data can be encrypted once (on devices), and remain encrypted regardless of the location of each point in the future.
If the data is encrypted because it arrives at the device, the data stored on a backup device for rapid recovery of local as well protected from attacks inside. This approach avoids the performance degradation associated with the encryption file system, and also eliminates the complexity of the application of encryption tools in the operating system.
Planning a successful implementation
There are six key encryption capabilities to implement in your overall data protection and disaster recovery strategies. It represents the “critical success factors.” Get the correct six right and you will have a very high probability of success.
1. Maintain universal data recovery. Wherever the data is encrypted (local device backup, remote data centers, offline media, or media files), you should be able to reverse the process and generate reliable data is not encrypted.
2. Select a single approach to all your sensitive data. Be sure to choose the approach that allows you to implement encryption at all, and protects all your sensitive data via an integrated capability.
3. Minimizing the impact of resources. Encryption can come at a price. Make sure you are accepted kecil.f.
4. Prevent unauthorized access to data. Data should be encrypted so that the “clear text” copy can be reproduced only after proper authentication has been provided.
5. Has a key management strategy. You must choose the solution with robust key management capabilities, making it easy to change the key frequently, restore old files that may have lost the original key, and vice versa balance between security and accessibility.
6. Tests in advance. You must prove that the solution you can both encrypt (and storing encrypted data at all locations) and managed to make a clear text of encrypted source
