With the arrival of GDPR, never mind the recent Facebook / Cambridge Analytica story hitting the news, it’s fair to say that we’re all thinking about our data and what needs protecting and to what level. But are you up to speed with data encryption and how it matters to your business? Here is our quick guide to the different types of Data Encryption available:
Control where your data is and how it’s stored, shared and accessed
It’s an understatement to say that it’s probably now the case that all data needs some level of security; from just ‘good practice’ data security policies for non-critical information to advanced safeguards for sensitive information such as personal or mission-critical data.
If your company is currently using cloud storage, or is considering moving files into the cloud, then you need to be familiar with the different types of data encryption levels offered and what’s appropriate for different data sensitivity levels.
Making good informed choices will help prevent potentially devastating data loss or data breaches and all that ensues – fines, loss of business, loss of reputation – especially with GDPR.
When you are working with your technologies providers they will discuss encryption methods or algorithms.
One such robust encryption stands is the Advanced Encryption Standard (AES). For the vast majority of businesses AES as an encryption algorithm meets many data encryption needs and is globally accepted. This encryption method is often incorporated into the various security layers that your technology stack will require to remain safe.
As well as using AES, you also have to consider where on your technology stack or layer is your data is being encrypted:
- Transport Layer – when it’s being transmitted to and from storage or is being shared
- At Rest – when its sitting in storage.
- Client Side Encryption – using advanced encrypted data vaults or end to end encryption of data between your desktop and your servers and the actual individual data containers.
1. Transport Layer
In transit is the minimum standard. It refers to the encryption of data when travelling from your computer browser to a file server. This is provided when a provider applies Transport Layer Security (TLS) to their service, usually through the purchase of a certificate from a recognised Certificate Authority (CA). The TLS protocol aims primarily to provide privacy and data integrity between two communicating computer applications. This ensures your connection is private between your browser on your computer and whatever service you are signing into.
It also helps with the identification of the end points through the use of public-key cryptography. The connection can also ensure integrity because each message sent includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission, also known as a ‘Man in the middle attack’.
It provides the minimum-level of security for the transmission of access to non-sensitive information and should be considered the minimum amount of encryption that any company should consider.
Recommended Reading: Do You Have Command and Control Over Your Data
At Rest encryption keeps the data stored on servers in an encrypted format. This means in the event of any data breach that your data on the servers itself is also encrypted and therefore cannot be easily understood or interpreted by the intruders.
When combined with TLS (discussed previously), this should be secure enough for many companies that are not handling sensitive data.
Client-side encryption or sometimes called “zero knowledge” encryption refers to encrypting data on a user’s computer, before it’s uploaded to the cloud. The data is encrypted using a digital key that the storage server doesn’t know. This means that once the files are uploaded to the server, the storage company has no way of seeing what’s inside them, or of decrypting them. This kind of security is often referred to zero-knowledge storage, since the company has no knowledge of what a user is backing up or storing.
Client-side encryption is an additional level of security for your data and the safest option for companies that transfer sensitive files (solicitors handling client documents, insurance brokers handling life assurance proposals, healthcare companies with patient files, tech companies protecting IPR, unions or lobby groups creating negotiating documents, schools handling pupil data, the list is endless).
If your files are high-value and sensitive
You’ll want to make sure the company you’re working with offers client-side encryption if you require the sending of such information between parties, and allows you to upload already encrypted files to their servers.
If you want to be cautious
If your company isn’t involved with such information, but you still want to err on the cautious side, choose a provider that offers in transit and at-rest encryption to ensure your data will remain safe.
If you aren’t worried about security at all…
Finally, if you need a cheaper storage option and aren’t as worried about security, and you’re OK with your data being accessed, probed and profiled to allow the service provider sell advertising, then you should be OK with the ‘ubiquitous’ cloud storage providers.
Ready to give Rinodrive a go? Signing up for a free trial is just
We hope this practical guide to the different types of data encryption has been helpful. What’s your experience of preparing for GDPR so far? Share your thoughts below.
Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).