Data Encryption: Secure Your Sensitive Information
It seems that for as long as people have been passing along sensitive information, they have also used various methods of encryption to ensure privacy. The first data encryption tool dates as far back as 700 BC, when Spartan military used scytales to send sensitive messages during battle. Move forward a few thousand years, and we are still trying to protect our information, only with more advanced methods of data encryption.
The basics of data encryption
If you’re wondering “What does data encryption actually mean?” Read our Encryption 101 blog post to familiarize yourself with the topic, learn best practices to follow when encrypting your data and which tools are available for data encryption.
But really, data encryption is just one part of your full data security strategy. For a more holistic look at how it fits into the broader security picture for IBM i, check out our eBook: Encryption, Tokenization, and Anonymization for IBM i
Why businesses need to encrypt their data
Companies always have to weigh cost to risk when making business decisions about security, but there are three main factors that should make encryption an obvious need.
1. Data breaches represent a huge business risk
Besides the risk to the data itself, businesses should also consider the cost of damage to their reputation that a data breach could cause. In our recent interview with security expert Patrick Townsend, he gave examples of the impact of a data breach due to unencrypted data. “If you look at companies that have suffered the most embarrassing breaches in recent years, like Anthem, Equifax, and Adobe, you’ll notice that they were not encrypting their data at rest. That’s what made their breaches so bad. When other breaches occurred with companies whose data was encrypted, they were basically non-stories. So, you want to be sure you are encrypting data.”
For more information, read “Data Breaches Due to Unencrypted Information Represent a Huge Business Risk.”
2. Hackers are highly motivated
Hackers are often looking for easy targets to make some quick cash. Your unencrypted data could be their next goldmine. See our post “What Do Hackers Really Want to Do With Your Data?” to learn more.
3. Mandatory compliance requirements
Due to the reasons above, encryption is standard security requirement under various compliance regulations. Some of these regulations are specific to the types of data, such as healthcare information protected under HIPAA and credit card information protected by PCI compliance standards. There are also a newer mandates to protect an individual’s personal information. A ton has been written this year about the GDPR regulations for companies who do business in Europe. And, according to Patrick Townsend, there are similar regulations coming to other countries and parts of the U.S.
Types of encryption
It’s important to know that not all methods of data encryption are the same. Some companies try data scrambling by creating their own algorithms, but this approach is not as secure as actual encryption and will not meet most compliance regulations.
Here are some encryption methods that you will likely hear about:
- Data Encryption Standard (DES): Once the gold standard choice of the National Institute of Standards and Technology (NIST), DES was replaced by the Advanced Encryption Standard (AES) in 2000.
- Triple DES (3DES): Also known as Triple Data Encryption Algorithm (TDEA), this method uses DES encryption three times. But even Triple DES was proven ineffective against brute force attacks (in addition to slowing down the process substantially).
- Advanced Encryption Standard (AES): The current NIST-approved standard for encrypting data at rest. AES is a symmetric key encryption algorithm, which essentially means that the same key is used to encrypt and decrypt the data.
- Pretty Good Protection (PGP): To encrypt data, PGP generates a symmetric key to encrypt data which is protected by the asymmetric key, which allows for authentication. PGP is ideal for encrypting data being shared outside of your network and should play a core part of your secure file transfer strategy.
Avoiding potential problems of encryption on the IBM i
IBM’s security implementation on the IBM i platform is good, but that doesn’t mean that it’s immune from data breaches. All PCs and servers on the same network as your IBM i server are potential attack points for a data breach. There’s no doubt that hackers know that the IBM i server is a rich target.
Implementing encryption in IBM i Db2 is an essential part of an in-depth defense strategy. But there are lots of pitfalls to avoid.
For more information, check out Syncsort’s IBM i security solutions