Data encryption is an important component of any security strategy, whether on a mainframe or any other computing system. It obfuscates data from people and machines alike, and provides an incredible level of protection against hackers and data thieves.
Are you doing encryption right? Here are four mistakes that people commonly make with their encryption strategies.
Encryption is very common on most mainframe systems. Still, many companies are using outdated encryption strategies, are failing to encrypt data that ought be protected, or are not securing encryption keys as they should.
If your company is using encryption on your mainframe, you could be doing everything right, following all the best practices, and ensuring your data is as secure as possible. Your data could be secure in a well-protected safe. Or, if you’re missing any important piece of a good encryption strategy, you could be putting padlocks on a screen door.
Hopefully, none of these common encryption mistakes apply to your company, but if they do, the list below can serve as a helpful to-do list for updating your mainframe encryption strategy.
RELATED: Have you read our free white paper Big Data, Big Security: Best Practices for Enterprise Data Encryption? Download it here.
Mistake one: Using your own encryption algorithms
If you’re using a cryptographic algorithm developed in-house, it probably seemed like a really good idea at the time. How could anyone break a proprietary algorithm? However, the most compelling reason to use industry standard algorithms like IDEA 128-bit and ARC4 128-bit is that they are much harder to break. That’s why they become industry standards. Cryptography is both a difficult scientific and an advanced mathematical pursuit. While it may seem like an in-house algorithm would be more secure, it is in fact far more likely to be hacked. Furthermore, if the person or persons who wrote your proprietary algorithm were to leave the company, would there be anyone remaining who was capable of maintaining, improving or patching that algorithm? Using industry-standard open source algorithms, these problems don’t exist.
Mistake two: Hard coding passwords into programs
The quality of a cryptographic algorithm is moot if the encryption keys and passwords are left accessible to a hacker. Embedding the passwords in binaries or hidden files with the encrypted data leaves it as vulnerable as plain text to a motivated attacker.
Mistake three: Storing encryption keys with the data they decrypt
Database encryption is a powerful way to secure the data flowing through your systems. However, by leaving the keys in the same system or database as the data they decrypt, your system is left far more vulnerable than if the keys were stored in a separate system.
Mistake four: Forgetting to test data recovery
What happens to your data if the encryption keys are lost? What happens if the person responsible for the encryption keys gets hit by a bus? How would you get your data back then? One risk of data encryption is that it can be so effective that it keeps even those who should have access out if they are not able to provide the right password. If the security is implemented correctly, there will be no way to bypass it. This means it is critical that keys are not lost, and that there is a strategy in place to recover data.
Now, you may think you don’t have to worry about any of these mistakes. Or you may be breathing a sigh of relief because these issues don’t apply to you because you don’t encrypt your data. But not encrypting your data is the biggest mistake of all!
Encryption is not a silver bullet to protecting data if it is not accompanied by strong encryption algorithms, passwords kept separate from the data they protect, and an effective data recovery process. Encryption will play an important role in data security on your mainframe. Make sure you’re not making any mistakes in your encryption management that will leave you vulnerable — and that your organization’s encryption software is up-to-date and proven reliable.
