Data Encryption
Information is the one of the most valuable asset that organizations have. Critical information is being accessed, moved and shared everyday over internet and devices. In todays business environment people enjoy to travel and work from anywhere.
Whether you are a large enterprise or small business, you have to be more careful than ever when it comes to protecting your corporate data. Today’s threats continues to grow and puts your confidential data at risk.
Data breaches are increasing day by day. Confidential data can be breached by;
-
Physical Theft / Device Loss
-
Employeee Mistakes / Errors
-
Insider Misuse
-
Corporate Espionage
-
Malware
Unfortunately, many organizations’ first response for stolen devices are the cost of replacing the hardware. In case of loss of a device containing confidential data can put your company’s and your customer’s reputation and privacy at risk. Many people believe that a standard username and password for the login process will keep their devices and data safe. Unfortunately, this is not applicable anymore, login passwords can be cracked within 5 minutes with special techniques.
In the US an estimated 12.000 laptops are lost or stolen each week. According to the Ponemon institute, a latpop is stolen every 53 seconds. More than half of organizations had experienced data loss as a direct result of insecure mobile device use between 2011 – 2012.
With Data Encryption solutions you can secure your confidential data from unauthorized access by encrypting the information stored on the media. Encryption is the process of encoding information in such a way that only authorized users can read it. In an encryption scheme, information (‘plaintext’) is encrypted using an encryption algorithm – turning the information into unreadable ‘ciphertext’. This is usually done using an encryption key, which specifies how the data is to be encoded.
We use Microsoft BitLocker and Kaspersky’s Encryption technologies to protect our customers’ sensitive data from unauthorized access.
Full disk encryption (FDE) technology is one of the most effective ways any organization can protect its data from theft or loss. Regardless of what happens to the device, FDE allows organizations to ensure that all sensitive data on the machine is completely unreadable and useless to criminals or prying eyes.
FDE encrypts ‘data at rest’, i.e., all the data on the hard drive and the module which authorizes software installation at the boot up. Essentially, the operating system loads safely in an encrypted environment, with every single file (including temporary files) on every single sector on the disk being encrypted. Only authenticated users can access the system, using a password, token or combination of these. FDE can also be applied to removable media, such as USB drives. FDE supports a variety of setups and can be managed and monitored via central management.
FDE software works by redirecting a computer’s master boot record (MBR – a reserved area or space that determines which software will be executed when a computer boots) to a special pre-boot environment (PBE) that controls the computer. Before FDE software is installed, the MBR usually points to the computer’s primary OS. The PBE prompts the user to authenticate using an ID and password, before decrypting and booting into the OS. This is known as pre-boot authentication (PBA).
File Level Encryption enables the encryption of data in specific files and folders on any given device. This makes selected information unreadable to unauthorized viewers, regardless of where it’s stored.
FLE allows system administrators to encrypt files automatically, based on attributes such as location and file type.
FLE, individual files or directories are encrypted by the file system itself. This is in contrast to Full Disk Encryption (FDE) – where the entire partition or disk, in which the file system resides, is encrypted. Unlike FDE, FLE doesn’t encrypt all the information on the hard drive or portable media device. It does, however, allow administrators to choose exactly what data should be encrypted.
File Level Encryption is implemented via a driver-based solution, with a special crypto module that intercepts all file access operations. When any user attempts to access an encrypted file (or a file located in an encrypted folder), FLE software checks that the user has been authenticated or, in the case of a self-extracted encrypted archive, the software will open a password dialog box. After the user has been authenticated, the software automatically decrypts the chosen file.