Are you secure?
Its ok we encrypt our data, its safe.
A common question with a common answer from both organisations and developers who provide the solutions that drive your business.
Data theft and breaches are common place in the modern world. These threats are not just from external sources but in some case internal as well. Stronger guidelines and better understanding of threats to an organisation have lead to software becoming more secure, but how secure is it? Is encrypting the sensitive data enough?
when implementing your data encryption strategy did you consider?
1. how to store your encryption keys
When encrypting your data you need an encryption key, when designing and developing software a great amount of time is taken to decide the algorithm to use to encrypt the data.
But... How much time is spent considering how to store the encryption key used to encrypt and decrypt the data?
If your systems are compromised and the encryption keys are accessible the encryption is useless and you have achieved nothing in securing your data.
2. using a Single key for all your data
Another common mistake.
Encrypting all your data with a single encryption key.
Brute force cracking of encryption keys is very expensive, statistically impossible but not impossible. If your data was breached and with enough computing power it may be possible to calculate the encryption key and decrypt all of your secured data, this makes your efforts redundant.
Also, certain data may be more sensitive than others, if all data is encrypted with the same key, and with access to the key all data is accessible with no possibility of restriction, limiting your options of segregation.
3. how to respond to a data breach
As with all questions that should be asked when deciding your encryption strategy, it should also be assumed that there will be a breach and what actions you can take to minimise the risk to your business and to your clients.
If a data thief has your data and has your encryption key(s) the data is theirs and there is nothing you can do about it.
Without a proper key management strategy the data is only as secure as the weakest link.
Without a method to render the data useless even when it is no longer under you control, the encryption is useless.
cronus encryption the solution to you encryption strategry
key management
We manage your encyption keys so you do not have to.
Cronus Encryption is an external key storage and management platform.
automatic key rotation
We manage automatic policy based key rotation strategies.
Minimising the data you encrypt with a single encryption key, allowing organisations to comply with aspects of the PCI-DSS guidelines for data encryption.
entity level keys
Simplifing the use of multiple encryption keys for your data.
Allowing you to effectively segregate and encrypt different data sets with different encryption keys depending on your requirements.
one click breach response
If the worst should happen a single click is all it takes.
From disabling access to the key storage whilst investigating the issue completely or creating a new master key to simultaneously revoke previous access keys whilst creating new to allow your business to continue to run.