Encrypting data is going to include the actual, physical data that is stored, an encryption and decryption process, and some form of a key management process, which is the process of unlocking that data or locking it up within any data encryption rest process.
“This is the front line defense … so when everything else fails – when that laptop is stolen or when that server is accessed – this is the last piece when it comes to trying to keep that data protected and safe,” said Matt Corney, CTO of Nuspire Networks.
Corney said utilizing this data encryption at rest is truly critical and something that should be utilized, however it is important to be cautious to avoid possible mistakes and issues. One example would be full disk encryption.
“When a server or a system boots up, it’s asking for a password to unlock or a key to unlock that data and allow the boot process to continue,” said Corney. “This information can be held within the hard drives themselves so it’s completely blind to the operating systems and to the users as a whole and it allows it.”
Corney said this particular process of encryption is great as it is very fast and efficient, and works well – when that disk is stolen.
“It doesn’t work well when say an attacker gets database credentials and is able to get into the database,” Corney said. “That is totally different – that data would still be accessible there.”
Corney explained that understanding the type of date you have and where that data rests is a large part of this process.
“If you do utilize data encryption or you’re considering it, make sure you’re utilizing some industry standard – something like AES 256 would be the appropriate level of encryption to utilize,” said Corney.
Corney said the process of key management is very important as well, and that it is essential to ensure the data is truly encrypted.
“If you encrypt all this data and you literally left the key inside of the log-in script … an attacker can easily grab that decryption key and be able to utilize that data altogether,” said Corney.
Corney further stressed the importance of implementing data encryption.
“It’s something that we all need to do, we need to get better, there’s not enough use, still today, in utilizing data encryption in some form or fashion,” Corney said.
To learn more about encrypting data at rest and how to better protect your network, view Nuspire’s webinar here.