A century ago, oil was the most valuable commodity. But in this age of digital transformation, inarguably, data has become the most important commodity with its limitless uses and potential for a huge impact on our society. Companies that have control over their data have a distinct market advantage over their competitors and are able to become leaders of the world, just as the oil barons did 100 years ago.
The big difference between oil and data, however, is that theft of oil was never as easy as the theft of data is today. That is why chief information, chief information security, and data protection officers (CIOs/CISOs/DPOs), along with other top technology leaders, readily admit that data protection and security is a top concern for them, especially as they move their data to the cloud. Numbers support this claim, as global security spending is expected to exceed US$124 billion in 2019.
We know data is power. With great power comes great responsibility! A huge part of this responsibility is to protect the data and prevent data breaches. A company moving its data to the cloud can’t shirk its responsibilities around data protection. In fact, I recently wrote about the shared responsibility model in the cloud, where enterprises are still fully responsible for protecting their data in the cloud. The obvious next question is, of course: What is the perfect way to protect your data?
Is there a perfect defense from cybercriminals and cyber attacks? The answer, unfortunately – as you already may realize – is NO.
Having said that, while identity management, firewalls, and access control are essential to all data-security initiatives, encryption of data is one of the most important, as well as the “last line of defense,” against cyber threats.
What is encryption?
In the most simplistic terms, encryption is a process of protecting data by using a “secret code” to scramble it in a way that only people with an authorized key can read the data. In other words, encryption prevents people from reading what they should not. Even if someone intercepts your messages, the encrypted data is meaningless without a key or a password. While encryption cannot protect against all cyber attacks, the technology makes data theft a much more difficult task.
Why is encryption the last line of defense?
Encryption not only protects your data; it protects your reputation and helps you avoid big fines. Many laws that require reporting a breach to consumers often make an exception for stolen data that is encrypted because it has been rendered useless for an unauthorized reader.
While the treatment of encryption under various rules and regulations would require its own blog, to get you started, I do want you to understand what type of data can and needs to be encrypted.
What data needs to be encrypted?
With cloud solutions, data needs to be protected in two states: data in motion (when being transferred) and data at rest (storage).
Data in motion: This is data actively moving from one location to another, such as across the Internet or from on-premises storage to the cloud. One recent study suggests that 81.8% of cloud service providers encrypt data in motion when it is transferred between the user and the cloud service. This means that a significant amount of data is still being transferred without adequate protection. If your data falls in that unprotected category, you should immediately start looking for solutions to rectify this problem.
Data at rest: This is essentially data that collects or is stored in one place, such as databases, files, storage infrastructure, and so on. Only 9.4% of cloud providers encrypt data once it’s stored in the cloud. If yours is one of those companies that has never thought about encrypting your data at rest in the cloud, you should start thinking about it because of the following categories of threats:
- Threats from attackers
- Threats from rogue insiders
- Threats from government use of subpoena or warrant to get access to your data without your knowledge
For protecting data at rest, you can either encrypt sensitive files prior to storing them, or you can choose to encrypt the storage drive itself. Besides encrypting the data, you also have to identify an appropriate key-management strategy. Because keys are used to decrypt the data, the decision as to whether you, the cloud provider, or a third party manages the keys can have significant implications for your overall security posture.
Best practices for your encryption strategy
Now that you’re prepared to protect your data like oil barons protected their oil, you should take the following steps to ensure that your encryption strategy is foolproof:
- Understand all the data you have and what data you will be moving to the cloud.
- Outline your security and data-protection goals. This means that you have to decide whether you need to encrypt all the data or only sensitive data. (This decision will be guided by not only your business needs, but also legal and regulatory needs.)
- Make a plan for encrypting both your data in motion and data at rest.
- Identify a key-management strategy.
- Implement the appropriate solution to meet your complete encryption strategy.
Every minute, you’re facing millions of cyber threats. Every minute, you’re closer to a breach that may ruin your reputation forever or rob you of the most valuable resource you have in this digital economy. To protect your data empire, you should be aware of and prepared with your last line of defense: encryption.
Understanding encryption and key-management services available will ensure that you are on your way to prevent data breaches and unauthorized data access. Be on the lookout for the next article that discusses the issue around key management in detail.
Want to hear more how finance leaders are harnessing the power of technology innovations to transform their operations? Register today to attend the first-ever, complimentary online SAP Finance and Risk Management Virtual Event for an insightful experience of customers, experts, partners, and SAP executives discussing today’s pressing challenges and opportunities.
This article originally appeared on the SAP Analytics blog and is republished by permission.