Enterprise Data Protection: A Security Strategy for Improving Business Processes and Reducing Data Losses - Page 2
With data breaches on the rise, financial institutions must constantly develop new strategies and security architectures to safeguard their assets. Failure to stay in front of data threats will inevitably result in further breaches, financial losses, and tarnished reputations.
When considering a data privacy solution, there are clear choices regarding the modes of implementation. All of these options vary in terms of security model, yet each provides a level of protection aligned with the potential requirements of an enterprise.
� Secure Key Management—At the heart of any data privacy solution are the secret cryptographic keys used for encrypting and decrypting sensitive data. The data privacy solution must include the ability to securely generate and manage keys. This can be achieved by centralising and automating key management tasks on a single platform, leading to both operational efficiency and reduced cost.
� Cryptographic Operations—Enterprises should fully understand the capabilities of cryptographic operations, including when to use certain algorithms to secure data, and hashing functions and keyed hashes for data elements, such as passwords and digital signatures, to ensure non-repudiation.
� Authentication and Authorisation—Authentication allows the enterprise to restrict which users are allowed to access data in the clear. Coupled with an authorisation component, this can provide a strong layer of security with granular access controls.
� Logging, Auditing, and Management—When encrypting data, one has to consider the fact that data, keys, and logs will be accessed, encrypted, managed, and generated on multiple devices and in multiple locations. When contemplating an enterprise-wide solution, it is essential to consider one with a centralised interface to view information as attacks occur, and that ensures compliance with logging and auditing requirements.
� Backup and Recovery—Backing up all cryptographic keys and configuration information is essential so all information can be restored from a secure device after an unplanned outage. As the enterprise considers key rotation as part of a proper security strategy, they must also design a mechanism with which to associate cryptographic keys to periods of time during which the keys were used.
� Hardware—Today's complex and performance-sensitive environments require the use of specialised cryptographic chipsets built around handling high volume cryptographic operations. Doing so will help keep application, database, and storage systems at optimal performance levels.
Leveraging Existing Technology Standards
In addition to reducing IT expenses, it is important to leverage existing technology standards that will help ensure security, performance, scalability, interoperability, and supportability of the overall solution. Furthermore, by leveraging existing technology where appropriate, enterprises can more quickly and effectively deploy a complete data privacy solution.
� Leverage Secure Transport Standards—Existing standards, such as SSL and IPsec, are widely used for securing data transport over IP networks, and are easily leveraged for deploying a data privacy solution.
� Authentication, Authorisation, and Auditing Technologies—Leverage all of the AAA services within an organisation to augment a data privacy solution. This includes users and processes that have access to different resources, as well as an audit trail that can provide detailed logs for each access event.
� Specialised Hardware—Dedicated hardware platforms can perform cryptographic operations at a much faster rate than a software-based solution running on standard hardware. Some hardware solutions even provide an additional level of security by never allowing private keys to leave the device and performing all cryptographic operations internally.
� Cryptographic Algorithms—Use of standard and proven cryptographic algorithms, such as AES and RSA, are critical to ensuring a high level of security and managing risk associated with evolving to future data privacy solutions.
� Software Interfaces—Use of standard software interfaces is important for managing the risk of future enhancements to data privacy solutions.
An effective data privacy solution must follow the data from the core, where key data repositories exist, to the edge, where the data is used. When selecting a data privacy solution—especially in times of transition or consolidation—you should know the fundamental elements of the solution, be sure to leverage standards-based technologies, and insist that proper planning and cooperation occur. Doing so will ensure an effective security solution that reduces the complexity, management, and maintenance costs of the organisation's IT infrastructure, as well as provide a foundation for addressing future data protection needs, business processes, and regulatory compliance mandates.