• Enterprise Data Encryption Best Practices

    Your corporate data assets are being stored, processed, and shared more than ever before. To meet business-critical demands, such as migrating to the cloud or enabling big data analysis, your colleagues will need access to this high-value information. However, it's important to put the proper security and controls in place to ensure sensitive data, including personally identifiable information, company financials, and intellectual property, remains on lock down – especially in the event of a malicious attack or data breach. We call this unsharing your data and it can be done in today’s shared environments. Follow the data encryption best practices below to learn how to use encryption to unshare your enterprise's data and keep it protected whereever it resides.


    • Locate Sensitive Data

      Sensitive data is everywhere. Take inventory of where high-value data is located at every layer of your enterprise data stack, and as it travels across your network and between data centers.


      more
    • Encrypt It

      In today's landscape, breaches are inevitable and perimeter security is no longer an adequate solution. Once you have located sensitive data, you need to apply security to the data itself.


      more
    • Manage Encryption Keys

      Strong key management is a critical component of any data protection strategy. Manage and store your keys centrally, yet separate from the data, to maintain ownership and control.


      more

    You'll need to prioritize your most sensitive assets and repositories to evaluate the best strategy for protecting your data at rest and data in motion.

    Data at Rest

    Start by identifying where your most sensitive data assets reside in your on-premises data center and then move to your extended data center, which includes cloud and virtual infrastructure. Search your files, folders, network storage, application and web servers, as well as your databases for high-value data. Whether structured or unstructured, data residing in any of these environments can be encrypted.

    Data in Motion

    Don't overlook the traffic flowing across your network and between data centers that should also be encrypted. Once this data leaves the confines of your organization, you no longer have control over it. Cyber criminals are standing by to easily and cheaply "tap" your fiber optic cables. Not only can they hack into unencrypted data as it streams across the network in tens of gigabits per second, but they can even inject controls to override your systems completely. Aside from malicious attempts, human error can result in data being transmitted to wrong locations, especially in multi-tenant environments.

    Encryption enables you to apply protection directly to the data. Even if the perimeter is breached, you can be sure that your information remains secure - wherever it resides.

    Your data protection solution should be capable of encrypting data at scale across your data center and extended data center, and in a centralized way that does not disrupt the flow of business. This enables you to address your immediate data protection needs, while investing in a solution that provides the robust security, growing ecosystem, and flexibility necessary to build a trusted framework for the future.

    How to Address This Encryption Best Practice:

    Gemalto offers a full suite of products that enable you to encrypt sensitive data at rest in files and folders, network attached storage, web and application servers, and databases in on-premises, virtual, public cloud, and hybrid environments. To protect data as it moves across your network, between data centers to disaster recovery sites and into the cloud, Gemalto offers high speed encryptors (HSEs) that encrypt your data in motion.

    Remember, encryption is only as strong as its key management counter-part. The volume and variety of data that needs to be encrypted across your enterprise could potentially require millions of encryption keys. With isolated, disconnected key management, it becomes nearly impossible for you to adequately protect the keys as they are stored in a variety of places - even on the same systems that contain your encrypted data. This leaves them vulnerable to theft and misuse.

    Working together with our extensive encryption portfolio, Gemalto provides the most secure enterprise key management solutions available on the market. These solutions provide a centralized platform to manage and perform all key-related tasks, while adhering to the industry's most stringent certification requirements, such as hardware-based key management.

    How to Address This Encryption Best Practice:

    Gemalto's SafeNet KeySecure is the industry's leading platform for the centralized management and security of encryption keys. It supports a broad ecosystem of both Gemalto and third-party products to protect sensitive data in databases, file servers, network attached storage, and applications across on-premises, virtual, public cloud, and hybrid environments.

    To further strengthen security, you can also consider safeguarding the key storage container. Software key wrappers do not protect the encryption keys as well as hardware-based options; therefore vaulting your keys in a hardware security module (HSM) will give you an added layer of protection.