Enterprise data breaches are occurring all-too-often. Many enterprises overestimate the ability of their firewalls and current data access policies to keep their confidential data safe from prying eyes. We strongly recommend identifying sensitive data, determining who should have access, and applying effective strategies to protect access to the data. Encryption is one important strategy in protecting unauthorized access to data.
Encryption makes data unusable in the wrong hands. It reduces the risk that sensitive data can be read by the wrong individuals. Thieves steal devices such as laptops and smartphones. People leave iPads in pockets on the back of airplane seats and USB drives in taxis. Employees snoop in file shares they shouldn’t really see.
Driven by the rise of mobile devices, data is finding its way onto third-party cloud storage by the gigabyte – with or without company approval. But the speed of business today dictates that IT doesn’t get in the way of data portability. This leaves IT in a difficult position. Data must be allowed to freely move from device to device so users can access that data anywhere, anytime. At the same time, if mistakes are made, the business must not be severely affected by unencrypted data compromises.
What is the best approach to encrypting sensitive data files ?
Ultimately, encryption technology should be easy to integrate into a centralized IT workflow and easy to work in sync with corporate policies. More importantly, correctly deployed encryption should be seamless for the end user, no matter what type of file, device or storage the user needs to access.
Here are five key features to look for when evaluating encryption tools for your enterprise:
Is the solution seamless for users and does it perform well on all the devices where we store data?
Centralized Management of Keys and Policies
Do you have a centralized solution to manage all necessary encryption keys and policies? Can you manage all encrypted devices – both file-based or full-disk?
Role Based Management and Segregation of Duties
Administrator roles should provide only the privileges they need for their areas of responsibility. Can you separate duties from AD administrators, allowing specific security officers to be created and then restrict their area of control?
Reporting and Change Management
Does your solution record who, for example, changed a policy, assigned keys to users, created security officers and provided recovery passwords? Does your system provide a mechanism to report on all devices protected by the solution?
Does the solution provide a reliable and secure communication method that does not require users to be connected to the corporate network, either directly or by VPN, without loss of functionality?