Join the God Side, Jesus is Coming…….

Source: HelpNetSec

Here’s a sobering statistic: according to the 2009 Verizon Data Breach report, 285 million records were compromised in the 90 cases that Verizon investigated in 2008. That is close to one exposed record for each of the roughly 305 million citizens in the USA.

Data security in today’s business world is a classic Catch-22. We need to protect both data and the business processes that rely on that data. To do so we need to move from a reactive fear (or compliance) driven mode to a proactive risk-adjusted data security plan, centered on an analysis of an organization’s unique data risk factors and the use of a risk-adjusted methodology to determine the appropriate data-protection processes, policies and solutions for that organization.

End-to-end encryption

There are different definitions of end-to-end encryption. To some people it means encrypting data throughout its entire lifecycle, from capture to disposal. This sort of end-to-end encryption (or tokenization) does provide the strongest protection of individual data fields.

Another way to think about end-to-end, and a very practical approach to data protection, is to provide end-to-end encryption between specific parts of a solution that are in high risk areas. This approach can be applied within an enterprise or between organizations. In the latter case a supporting infrastructure that includes functions to establish trust and key management can take a long time to implement. Encryption can only provide confidentiality and integrity and must always be combined with other aspects of security, including authentication, authorization and monitoring to provide a secure overall solution. While I am a strong proponent of end-to-end encryption, not every bit of data needs to be encrypted throughout its lifecycle. The sensible approach to adopt is a risk-adjusted methodology that protects data according to its value with the appropriate layers of security.

The risk level of the data collected, used and stored in the enterprise

Malware trends

Enterprise data protection

Businesses can look at enterprise-class end-to-end encryption solutions along with newer approaches — such as tokenization, Format Controlling Encryption, and Database Activity Monitoring.


Read the full post


Comments on: "Everything enterprises need to know about end-to-end encryption" (1)

  1. […] See original here:  Everything enterprises need to know about end-to-end encryption … […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud

%d bloggers like this: