If you’re running a mainframe that stores and processes sensitive data, you already know about the importance of encryption to data security. However, even though data encryption is a proven way to keep data private, there are still many companies that are not using encryption at all or not encrypting everything they should.
Encryption provides additional security for data stored and processed on mainframes and other IT hardware. Data stored offsite or in a cloud service should typically be encrypted before being transmitted. Data encryption as well as storage of the encryption keys separate from the data they decrypt, renders that data useless to thieves, even if the third-party storage site has a security breach.
Data encryption has been a hot topic in the news recently amid revelations that the NSA was working behind the scenes with many large technology companies to create back-door access to individuals’ private data. This news created a virtual arms race, as tech companies look to strengthen their encryption and reassure users that their data is still both secure and private.
Many major tech firms have already taken serious steps to protect their users’ data. The Electronic Frontier Foundation (EFF) recently polled a number of large Internet companies to ask them “what they are doing to bolster encryption“. The EFF stated they were pleased to discover that many of the polled companies have already adopted or are in the process of implementing many of the best practices for encryption.
Encryption can help protect organizations against illegal surveillance and data theft. The EFF stated that every step towards stronger data encryption helps, and that “by enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process.”
So, which of the major consumer tech companies are already using encryption? Here is the EFF chart of major tech company’s use of encryption:
This chart shows that roughly half the companies are employing roughly half of the EFF best practices for data security. Already, the three biggest search providers, Google, Yahoo, and Bing, have taken steps to begin encrypting search traffic, working to not only encrypt data as it moves from the user to the data center, but also encrypting the data as it moves between networks within their systems.
Many of the companies surveyed by the EFF are consumer tech companies, and several of these are social network sites. Here, there is little expectation of privacy, and much data is either already available to the public, or easily sharable by someone within the user’s friend network. This isn’t to say that encryption is not important in these types of companies. However, it is less important than in industries like healthcare, where patient privacy and HIPPA compliance is critical. It is also less important than in a government setting, which houses sensitive data about the citizens it serves. In addition, educational institutions, which store private data about student performance, teacher compensation, and information about many other sensitive subjects, need strong data encryption to keep their data safe.
Many large companies are still trailing in their use of encryption, leaving millions of users at risk of having their data breached or snooped upon. Even smaller or medium-sized companies are not immune or exempt from having to implement data encryption. If your mainframe is lacking data encryption in any of the key places where data is at risk (at rest, in process, or in transit), check out ASPG’s full suite of mainframe data security products. And after you’ve done that, sign up for a free trial to start down the path of fuller data encryption and safety.