Protecting Data … in Use, in Transit and at Rest

Advanced Security and Encryption

An organisation’s data is often described as its ‘crown jewels’ … the intelligence, information and knowledge that underpins a successful business operation, and by its very nature, sensitive commercial, and personal information is an obvious target for cybercrime.

For all companies, business data exists in three operational states … data in use, data in transit, and data at rest - and the risks vary in each case.

Encryption translates data from its basic (unencrypted) state into an encrypted ciphertext state that’s essentially a secret code. Through specialised encryption algorithms and authentication methods, companies make data indecipherable to anyone but the intended recipients, where successful delivery encryption algorithms decode the information upon receipt. Advanced data encryption is now highly recommended, and often a regulatory requirement depending on the data.

Data in use is in a highly vulnerable state, as that information is susceptible to attack, misuse and human error. Protecting data in use is essential through advanced encryption, authentication and access level permissions. Protection should of course be in place prior to anyone accessing corporate information, and with identity theft an increasingly common cyber tactic - workforce identity management solutions should be deployed to verify that users are who they say they are, before access to information is granted.

A ‘right of access’ to information should be applied to systems along with an auditable constraint on the actions some employees can take once they have gained access to it. Sensitive data can have protections applied to it, such as read only access and restrictions on download, editing and sharing capabilities.

Data in transit is moving data from one location to another. It’s vulnerable due to its travel exposure across the internet or corporate networks, and it’s a prime cybercrime target. Protecting data in transit requires robust network security tools like firewalls, authentication and encryption services to guard against malicious attacks and attempted intrusions.

Advanced data protection technologies include automated blocking of malicious files, prompting users when they are at risk and automatically encrypting data throughout transit. Additional data loss prevention (DLP) measures help companies avoid the loss of sensitive information by scannng emails and attachments, identifying potential leaks by analysing keywords, file hashes, pattern matching and dictionaries. Suspicious emails can be blocked, quarantined for review or routed via a secure messaging portal.

Data at rest is information in storage, archived, or simply not use at that moment, and as such it is considered to be in a less vulnerable state. However, it will often contain valuable information, and hackers will take time scouring the detail if a security breach occurs.

Lost or stolen devices are a major security threat and full disk encryption will ensure malicious users cannot access data or systems without the necessary access credentials. DLP solutions allow businesses to search for and locate sensitive data on their networks and prevent data loss which may be caused by malicious or accidental activities. Data loss prevention can be extended to information stored in cloud services including back-end systems like Microsoft Office 365, and Cloud access security brokers (CASBs) can be implemented to apply DLP style policies to information and workloads in the cloud.

With mobile phones and tablets accessing sensitive workplace data, mobile device management (MDM) services are increasingly required to manage risks with these devices. MDM tools are used to protect and limit access to certain business applications, blocking and nullifying lost or stolen devices and encrypting any locally held data, so that it’s indecipherable and unusable.

The Right Security Partner
Ensuring adequate security across the growing enterprise attack surface area is an on-going challenge for IT teams, and due to the serious consequences of a security breach, it’s most definitely a boardroom issue. Fines, legal fees and revenue losses from incidents can rapidly bring a company to its knees, but with the right solutions in place, such outcomes can be avoided.

Sure’s team of security experts work with customers to identify and deploy the right levels of protection and security throughout the organisation, and our portfolio of global leading solutions and partnerships ensures we provide the very best levels of security available.

For more information about our cyber security practice and how we help customers protect their entire corporate infrastructures, please email us on contactus@sure.com