By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    Promising Benefits of Predictive Analytics in Asset Management
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Why, What and How to Encrypt: Security Expert Insights
Share
Notification Show More
Latest News
ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing
become a data scientist
Boosting Your Chances for Landing a Job as a Data Scientist
Jobs
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Best Practices > Why, What and How to Encrypt: Security Expert Insights
Best PracticesBig DataData ManagementITPrivacySecurity

Why, What and How to Encrypt: Security Expert Insights

onlinetech
Last updated: 2013/06/15 at 8:04 AM
onlinetech
7 Min Read
data encryption for security
SHARE

data encryption for securityNot sure if your organization’s sensitive data is properly encrypted? It’s time to be sure. Chris Heuman, Practice Leader for RISC Management and Consulting, broke down the reasons why (and how) in the latest webinar hosted by Online Tech.

data encryption for securityNot sure if your organization’s sensitive data is properly encrypted? It’s time to be sure. Chris Heuman, Practice Leader for RISC Management and Consulting, broke down the reasons why (and how) in the latest webinar hosted by Online Tech.

Heuman cites that unencrypted data is being breached regularly, and those breaches come at a staggering cost. On average, security breaches affect 42,659 individuals and cost organizations $8,275,865 (yes, that’s nearly $8.3 million) to respond.

That price tag includes the cost of fines, penalties, legal counsel and distribution of settlements to harmed individuals, but does not include the financial equivalent of the damage made to an organization’s reputation, the resources needed to respond to unannounced audits in the future or myriad other related costs.

More Read

data encryption importance

Encryption Importance in the Age of Data Breaches

Why You Must Leverage Encryption for Data Protection in the Digital Transformation Era
Contrasting the Different Data Encryption Techniques for Optimal Security
Should the Entire Internet Be Encrypted?
CEOs Discuss Encryption for Healthcare [VIDEO]

“When you think of these numbers and compare it to the cost of implementing an encryption program, you’ll find the expense of the program isn’t quite as high as you thought it was,” he said.

In his 48-minute presentation, titled Encryption: Perspective on Privacy, Security & Compliance, Heuman discussed why to bother encrypting, what data to encrypt, how to encrypt it, how to document that encryption and how to test it. A brief summary of his presentation follows.

Why Bother to Encrypt

If the figures above weren’t motivation enough, there are a myriad of reasons to encrypt data, including the government regulations (HIPAA, PCI and SOX compliance), frameworks and industry requirements that any organization that stores sensitive information has to deal with.

“Privacy and security is a life cycle, not a one-time event,” Heuman said. “Encryption is a control mechanism that is implemented after proper analysis has been completed and policies stating the intent have been put into place.

“Don’t jump the gun and start implementing encryption without attending to all the analysis and preparatory steps. It’s important to walk through this in a logical manner and to make well thought-out decisions rather than to jump head first into technical implementation.”

What to Encrypt
The first key step to proper encryption of data is to perfectly understand all of the places that data is stored.

“If you don’t know where your data is located or how sensitive it is, you can’t protect it,” Heuman said. “This is not just for encryption, but any information security control. If you don’t have a good understanding you either have to protect everything, which can be very expensive, or risk being paralyzed at the analysis phase and not accomplish anything at all.”

Heuman presented an encryption project management plan that all organizations should follow:

  • Inventory all the data repositories where encryption should be implemented
  • Analyze which technique is appropriate
  • Determine supported and appropriate implementation
  • Develop and follow a project plan

How to Encrypt
Citing recommendations from the National Institute of Standards and Technology (NIST) and the four levels of certification from the Federal Information Processing Standards, Heuman stated encryption success and the compliance organizations are hoping to achieve – the safe harbor they’re looking for – rely on two factors: the algorithm that’s chosen, and the key.

“You really have to understand the algorithm that you’re required to implement and you really need to select an appropriate key length and complexity,” Heuman said. “After those decisions are made, you have to ensure that what was planned was what actually got implemented.”

Organizations must be sure the algorithm is approved by the industry or regulation they are required to adhere to, and then ensure that a key that is sufficient, reasonable and can be secured and maintained is chosen and placed onto the devices.

How to Document

Heuman discussed the importance of knowing what and how to properly document as part of any encryption project management plan and how to be ready for an audit by extracting documentation from analysis determinations and project plans.

He urged management to “trust but verify” the encryption standards of their organization and to maintain all responses from vendors/manufacturers that claim encryption is not supported.

“Executive oversight and interest is key,” Heuman said. “If executives are plugged in, people will understand it’s a priority for the organization.”

How to Test
The time to find out encryption was not effective or did not provide safe harbor is not after a breach has occurred. Heuman suggests organizations conduct data breach drills and disaster recovery drills. Also perform random tests on portable USB drives from members of the workforce.

“There are many different ways to do it,” Heuman said. “Most of them are cost-effective and time effective, and it can really save you a lot of headaches later on.

What kind of headaches? Let’s go back to those numbers:

  • The Alaska Medicaid program was fined $1.7 million after a breach resulting from an unencrypted USB device that contained just 501 patient records was stolen.
  • Massachusetts Eye and Ear Associates was fined $1.5 million after a breach resulting from the theft of an unencrypted laptop containing about 3,600 of its patients and research subjects.
  • Alere Home Monitoring discovered an unencrypted laptop containing patient records was stolen from an employee’s vehicle.
  • Tricare Management had unencrypted backup tapes stolen, affecting 4.9 million individuals, the largest security breach to date.

We thank Chris Heuman for his time and expertise. And we thank him for saying the following during his presentation:

“Online Tech is one of the very few providers in this space that takes privacy, security and compliance seriously and has really implemented and tested their controls.”

(data encryption / shutterstock)

TAGGED: data encryption
onlinetech June 15, 2013
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id=”1616″]

You Might also Like

data encryption importance
Risk Management

Encryption Importance in the Age of Data Breaches

6 Min Read
data encryption and security
Data Management

Why You Must Leverage Encryption for Data Protection in the Digital Transformation Era

7 Min Read
data encryption for data security
Security

Contrasting the Different Data Encryption Techniques for Optimal Security

7 Min Read

Should the Entire Internet Be Encrypted?

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?