Being in IT field and never coming across the data breaches is simply next to impossible. Every new day we hear of stealing of customers’ data or credentials, compromised data causing issues within the organization and installation of malwares or viruses in to the system. Data is like the backbone of any organization. Each and every small action is dependent on the data. Whenever we check our mails, we give some data in the form of credentials and receive data in form of e-mails and attachments. This data is then stored somewhere for further use or transformation.
Smartphones have brought a revolution in our ways of doing business. Gone are the days when an office was must to handle all the work, with mobile in hand it has become very easier for employees to work from anywhere they are and also communicate with anyone they want. Cloud and VPN has also supported the concept of business mobility. But as the Internet has grown with the leaps and bounds so has the internet threats. Date breaches, Malware, Identity Theft, DDoS attack, mobile threats are to name a few. All of the above threats are directly or indirectly connected to data breaches which results into loss of important assets and also money; also stealing of laptops, mobile phones, USBs and disk drives results into data breaches.
Which Method Should Be Implemented To Secure The Data?
The answer is very easy. Since years we are using encryption at the bottle neck for security purposes. Encryption is a method of securing data using the algorithm by encrypting the data into cipher text so that it becomes non-interceptable by the hackers. Long used by military and government bodies, encryption is now able to protect files and folders, disk drives and USB drives.
Encrypted data can only be viewed by the designated person after decrypting it using a decryption key. A special key generation algorithm is used for the purpose of creating keys.
Based on the type of security provided by the encryption there are two types of encryption: Full Disk Encryption (FDE) and File Level Encryption (FLE).
Full Disk Encryption (FDE)
Full Disk Encryption, as the name suggests, encrypts the disk drive and helps prevent stealing or modifying the data, even if the disk drive is installed into another machine. Only the holder of the correspondent key of the encryption can decrypt the disk drive. It can be integrated into the system at the time of the purchase or it can be externally added with the help of the software driver.
FDE is not only limited to disk drives but it can also be implemented on the USB drives.
The best part of the FDE is that it works independently. There is no need of paying a specific attention to it. Once installed in the system it handles the encryption and decryption processes automatically on its own. As soon as something new is written to the disk it gets encrypted and as soon as the reading task completes, FDE decrypts the file again. Each and every bit residing on the drive is encrypted be it an OS, software, file, folder and even media.
Several benefits of FDE are as listed below:
- Robust security for important data: End-user will not need worry from the security front as the FDE will be pre-installed in the system. Automatically all the files and the data along with the temporary files will be encrypted and a password would be required to decrypt it.
- Full proof protection: Chances of hackers breaking into the system are zero because the drive will be password protected. Once the password/key is provided only then the drive will be decrypted and user will be able to access the files.
- Passwords managed centrally: All the passwords would be stored in a central Security storage under the observation of the Security Administrator.
- Centrally controlled encryption: FDE supports the central management of all the functions like: decryption management, access to mobile devices, reports and password recovery.
- Super flexible: End-user can see the running encryption process hence providing full transparency and other functionalities.
- Data recovery managed from the Security centre: As all the operations are controlled centrally in case of emergency data can be recovered.
Limitations of FDE
FDE does helps out being an ultimate security solution by protecting devices to be exploited even when stolen but it does not secure the data stored as in the transit, on other media devices and in those where they are being shared via e-mails.
To overcome the drawback of the FDE, a new mechanism called File Level Encryption (FLE) is implemented.
File Level Encryption (FLE)
Securing the files and the folders residing on any device can be referred as File Level Encryption (FLE). Regardless of the media wherever it is stored, it makes impossible to read and modify the data for the unauthorized persons. Encryption of the files in FLE is carried out inside the file system itself.
The greatest advantage of FLE is that one can encrypt desired files/folders in a fully customizable way. There exist two types of methods to do so: manually and automatically. Based on the needs one can decide what method will be applicable for encrypting the files.
FLE security can be performed on the files in various ways as follows:
- Local hard drive files: Based on the directory, file extensions and file names one can create the list of the files to be encrypted.
- Files stored on the portable media: One can impose the rules encryption on the portable media devices in order to secure the files.
- Application files: Securing those files which are created due to the changes in any of the applications.
File and Folder Encryption
Encrypting each and every file of any devices such that a key is required to view/read or write those files is File Encryption where as securing a folder consisting of many files rather than single files is Folder Encryption. File/Folder encryption provides full transparency to the end-users such as they can view the name of the files which are encrypted.
FLE does not hinder the system performance as it encrypts at a time one file only. Salient features of the FLE are as follows:
- Flexibility: Set the rules as per your requirements and encrypt the files/folders whenever and wherever you want.
- Supports all type of portable media: You can impose rules for every portable media devices connected to one of your Computers or Laptops. Also you can define same as well as different rules for the different devices.
- Viewable software encryption: Supports the encryption of the data either changed or created by the running of the software.
- Supports central management: From a single Centre one can manage all the functionalities of FLE such as rules to be implemented, access privileges and key management.
Howsoever strong the FLE may sound it cannot protect the OS execution or hibernation files.
FDE and FLE are no doubt the best measures one can take to secure their data from threats from this will not be all if you want to secure your business thoroughly. Installing SSL certificates, using anti-malware, antivirus tools and mobile device protection management are the techniques which are must in order to stay away from cyber threats.