Companies put encryption in place to protect their most valuable data. Properly implemented encryption adds a crucial layer of security to a database. In addition to strong access controls and multi-factor authentication, encryption can protect data from misuse, even if someone steals the hardware. In case of stolen hardware (which would be pretty challenging to do with a mainframe or a server locked down in a data center), the data is inaccessible without the corresponding encryption keys.
However, poor encryption implementations can actually increase the risk of losing critical information. What follows are some of the worst mistakes you can make in implementing a data encryption strategy. Avoiding these mistakes will keep your data safe from hackers while still accessible to the right people. The first mistake is…
1. Picking a poor place to store encryption keys
The worst place to keep your encryption keys is with the data they decrypt. It’s like leaving a car’s keys in the ignition. There’s little point to locking up data if unlocking is as simple as opening up the database. Encrypting data does keep it secure, but keeping the keys in the same system negates that layer of security. To keep encrypted data safe, the keys should be stored separately from the data they decrypt. Storing encryption keys with the data they decrypt is not the only bad place to keep them. A second mistake is…
2. Decentralizing encryption key management
Keys scattered across various parts of an organization are impossible to secure. You can never know if your encrypted data is truly safe if you can’t account for the keys. Without a strong system in place, keeping track of encryption keys can be an overwhelming task. The large number of encryption keys in use within an organization requires centralized software to keep it all in check. Encryption itself only solves the first half of the security problem. It keeps people out, but encryption also has to be able to let the right people in. Companies with a decentralized key management system also tend to be…
3. Using a DIY encryption strategy
Many mainframe managers are also developers, and see opportunities to save money by reprogramming their own in-house encryption and key management system. However, this opens the door to many potential risks (for example, what then happens when that developer leaves the company?), and is thus less secure than implementing an industry-standard encryption system. One of the bad things that can come from writing your own encryption program involves…
4. Relying on outdated encryption algorithms
Like many fields of technology, cryptography is constantly evolving. As computers become more powerful, older encryption algorithms become more susceptible to hackers. New encryption methods and algorithms help to keep data safe. However strong your encryption algorithms and key management system are, nothing can help if you are…
5. Failing to backup and secure encryption keys
You don’t want to make it easy for hackers to break into your system. You also don’t want to lock yourself out. Keeping secure backups of encryption keys is a crucial part of data management. Just like you might have a spare key hidden under a pot behind your house, keep a safe backup of all your encryption keys, so that if the main key database gets deleted or corrupted, you will still be able to access your data.
Avoiding all the pitfalls encryption opens up is incredibly challenging, but leaving mission critical or private customer data unprotected is irresponsible or (in many cases) non-compliant. You can avoid many of the challenges and pitfalls of encryption by implementing a comprehensive data encryption program. To find out how easy it is to deploy and implement, sign up for a free 30-day trial.
Photo Credit: Chris Potter via: imager.io, cc
