Big Data can be a high-stakes game. Here’s how to minimize your chances of losing.
The revelations of the reach of the NSA’s PRISM program revealed to the world just how critical privacy, security, and encryption are. Many users discovered that data and communication which they had assumed to be private had been intercepted and stored on government servers. The stakes are higher now than ever, as the value of data increases and as the challenge of keeping data safe grows harder. The concerns around privacy will only deepen as people put more and more of their information online and entrust more of their private data to other companies.
This is the year big data has taken its place on the national stage. It has become less of a concept that only mega corporations and extremely large enterprises encounter and has instead become a more mainstream concept. Dealing with data and privacy concerns is becoming much more common among medium-size businesses as well. This means that far more businesses have to pay attention to more kinds of security concerns, and have to have a fundamental understanding of the encryption practices that will help keep their business and customers’ data safe.
Big data is here to stay. Therefore, companies and organizations that collect and use customers’ data have the responsibility to protect it. Encryption is still the gold standard for keeping data safe and secure. Although TV action dramas like 24 and Homeland show characters breaking encryption in a short period of time, it is a non-trivial task, one that can almost never be accomplished through brute force hacks alone.
Recent reports revealed that several large technology companies provided backdoor access to the NSA. It appears these companies were under legal pressure to comply. Companies can be strong-armed into handing over private data to government organizations that present proper legal authorization. In Apple’s commitment to customer privacy released earlier this year, the company stated that one of the most effective ways to prevent unwanted access of private information is not to collect or store it in the first place. There are many conveniences and benefits that come from having a company store your information, but all those benefits come at a cost.
Companies running mainframes typically deal with vast amounts of data every day. They have to be especially aware of their level of security and maintain good practices to keep their customers’ and business data safe and secure. Mainframes are by their nature very secure, but to ensure the level of data security necessary, data should be encrypted while in motion, at rest, and when processed. This is especially true when the mainframe is connected to web services or through outside portals.
There are five key elements that you should look for when evaluating a mainframe encryption program:
Full control over encryption keys
Storing and managing keys is one of the most challenging parts of encryption. However, just because it is challenging does not mean that it would be better to offload the key management duties onto a vendor or third party. Only the data owner should have control over the keys. They should not be in the possession of administrators or any other personnel. Only the people with permission to access the data should have access to the encryption keys.
Tested and proven technology
Rarely in business and more rarely still in mainframe computing do you want to rely on an untested and non-vetted piece of technology that is to be responsible for securing your data. Large organizations typically operate in complex environments with a number of different applications running concurrently on the system. Verify ahead of time that your potential encryption system has been tested across the various databases you will use, and get references from customers in similar situations.
Supports separation of duties
Separation of duties is an incredibly important part of security. Administrators and other staff should not have access to data they do not own. Encrypted data which anyone with administrator privileges can access is no more secure than unencrypted data. The keys should not be on the same system as the data they decrypt.
Strong and validated encryption algorithms
There are many cryptographic algorithms on the market. It is important to find a vendor that uses an algorithm that has been fully vetted and approved by a securities systems governing body. Open-source encryption algorithms that have withstood the tests of time and many thousands of expert eyeballs are smart choices. OpenPGP is a great example here.
Works across multiple platforms and systems
Mainframes typically run multiple operating systems and databases. Data flows in and out of these systems daily. It is important to find a system that works well across all of those platforms. The encryption program has to be able to run smoothly across z/OS, Windows, and Linux, as well as across the various databases running on those systems. And it has to work not only on your systems, but any clients you have that need to read your data will also need to be able to decrypt it.
Encrypts data wherever you store it
We commonly refer to data as being in one of three states: In process, in transit (or in flight), and at rest. In process refers to the points in time, brief though they are, that the data is being created or otherwise in memory. Data at rest means it is on a storage medium of some kind, whether that’s backup tapes, disk drives, or what have you, and data in transit refers to points at which data is being transmitted from one point to another. It’s critical that your data be protected no matter which of those states it’s in.
At ASPG, we’ve been handling Big Data for much longer than the buzzwords around it have existed — and for years we’ve been providing world-class protection to enterprises large and small through our MegaCryption line of encryption products. MegaCryption meets all six of the above criteria — and we’re so sure you’ll love it you can try it out for free. Check out MegaCryption and get a Big Jump on Protecting your Big Data.
