Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Why, What and How to Encrypt: Security Expert Insights
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Best Practices > Why, What and How to Encrypt: Security Expert Insights
Best PracticesBig DataData ManagementITPrivacySecurity

Why, What and How to Encrypt: Security Expert Insights

onlinetech
onlinetech
7 Min Read
data encryption for security
SHARE

data encryption for securityNot sure if your organization’s sensitive data is properly encrypted? It’s time to be sure. Chris Heuman, Practice Leader for RISC Management and Consulting, broke down the reasons why (and how) in the latest webinar hosted by Online Tech.

data encryption for securityNot sure if your organization’s sensitive data is properly encrypted? It’s time to be sure. Chris Heuman, Practice Leader for RISC Management and Consulting, broke down the reasons why (and how) in the latest webinar hosted by Online Tech.

Heuman cites that unencrypted data is being breached regularly, and those breaches come at a staggering cost. On average, security breaches affect 42,659 individuals and cost organizations $8,275,865 (yes, that’s nearly $8.3 million) to respond.

That price tag includes the cost of fines, penalties, legal counsel and distribution of settlements to harmed individuals, but does not include the financial equivalent of the damage made to an organization’s reputation, the resources needed to respond to unannounced audits in the future or myriad other related costs.

More Read

big data
Big Data Is Changing the Whole Equation for Business
Creating Unbiased, Meaningful Data During the Big Data Revolution
Standardizing the Cloud
Google+ and the Numerati
5 Ways to Minimize the Risks of Data Breaches in the Office

“When you think of these numbers and compare it to the cost of implementing an encryption program, you’ll find the expense of the program isn’t quite as high as you thought it was,” he said.

In his 48-minute presentation, titled Encryption: Perspective on Privacy, Security & Compliance, Heuman discussed why to bother encrypting, what data to encrypt, how to encrypt it, how to document that encryption and how to test it. A brief summary of his presentation follows.

Why Bother to Encrypt

If the figures above weren’t motivation enough, there are a myriad of reasons to encrypt data, including the government regulations (HIPAA, PCI and SOX compliance), frameworks and industry requirements that any organization that stores sensitive information has to deal with.

“Privacy and security is a life cycle, not a one-time event,” Heuman said. “Encryption is a control mechanism that is implemented after proper analysis has been completed and policies stating the intent have been put into place.

“Don’t jump the gun and start implementing encryption without attending to all the analysis and preparatory steps. It’s important to walk through this in a logical manner and to make well thought-out decisions rather than to jump head first into technical implementation.”

What to Encrypt
The first key step to proper encryption of data is to perfectly understand all of the places that data is stored.

“If you don’t know where your data is located or how sensitive it is, you can’t protect it,” Heuman said. “This is not just for encryption, but any information security control. If you don’t have a good understanding you either have to protect everything, which can be very expensive, or risk being paralyzed at the analysis phase and not accomplish anything at all.”

Heuman presented an encryption project management plan that all organizations should follow:

  • Inventory all the data repositories where encryption should be implemented
  • Analyze which technique is appropriate
  • Determine supported and appropriate implementation
  • Develop and follow a project plan

How to Encrypt
Citing recommendations from the National Institute of Standards and Technology (NIST) and the four levels of certification from the Federal Information Processing Standards, Heuman stated encryption success and the compliance organizations are hoping to achieve – the safe harbor they’re looking for – rely on two factors: the algorithm that’s chosen, and the key.

“You really have to understand the algorithm that you’re required to implement and you really need to select an appropriate key length and complexity,” Heuman said. “After those decisions are made, you have to ensure that what was planned was what actually got implemented.”

Organizations must be sure the algorithm is approved by the industry or regulation they are required to adhere to, and then ensure that a key that is sufficient, reasonable and can be secured and maintained is chosen and placed onto the devices.

How to Document

Heuman discussed the importance of knowing what and how to properly document as part of any encryption project management plan and how to be ready for an audit by extracting documentation from analysis determinations and project plans.

He urged management to “trust but verify” the encryption standards of their organization and to maintain all responses from vendors/manufacturers that claim encryption is not supported.

“Executive oversight and interest is key,” Heuman said. “If executives are plugged in, people will understand it’s a priority for the organization.”

How to Test
The time to find out encryption was not effective or did not provide safe harbor is not after a breach has occurred. Heuman suggests organizations conduct data breach drills and disaster recovery drills. Also perform random tests on portable USB drives from members of the workforce.

“There are many different ways to do it,” Heuman said. “Most of them are cost-effective and time effective, and it can really save you a lot of headaches later on.

What kind of headaches? Let’s go back to those numbers:

  • The Alaska Medicaid program was fined $1.7 million after a breach resulting from an unencrypted USB device that contained just 501 patient records was stolen.
  • Massachusetts Eye and Ear Associates was fined $1.5 million after a breach resulting from the theft of an unencrypted laptop containing about 3,600 of its patients and research subjects.
  • Alere Home Monitoring discovered an unencrypted laptop containing patient records was stolen from an employee’s vehicle.
  • Tricare Management had unencrypted backup tapes stolen, affecting 4.9 million individuals, the largest security breach to date.

We thank Chris Heuman for his time and expertise. And we thank him for saying the following during his presentation:

“Online Tech is one of the very few providers in this space that takes privacy, security and compliance seriously and has really implemented and tested their controls.”

(data encryption / shutterstock)

TAGGED:data encryption
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing
AI Document Verification for Legal Firms: Importance & Top Tools
AI Document Verification for Legal Firms: Importance & Top Tools
Artificial Intelligence Exclusive
AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

4 Million Patient Records Stolen in Second Largest HIPAA Data Breach

3 Min Read
data center encryption
Security

Strategies for Ensuring Security in Hyperconverged Infrastructure

8 Min Read
data encryption and security
Data Management

Why You Must Leverage Encryption for Data Protection in the Digital Transformation Era

7 Min Read

Should the Entire Internet Be Encrypted?

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai chatbot
The Art of Conversation: Enhancing Chatbots with Advanced AI Prompts
Chatbots
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?