The author, Altron Systems Integration’s Caryn Vos

In today’s increasingly digital world, more businesses than ever are trying to transform digitally and integrate cutting-edge technologies into their processes. Technologies including the internet of things, cloud computing, edge computing, virtual reality and artificial intelligence have the ability to drastically improve the service and operations of any business.

However, their integration raises new challenges around security, privacy and the reliability of underlying systems that a business utilises, which, in turn, requires the support of strong cybersecurity solutions to safeguard data in motion and at rest. In the past two decades, a staggering number of records (numbering in the billions) have been stolen or compromised, with barely a week going by without news of a major data breach.

Breaches on the rise

Only a few weeks ago, MOVEit, a popular file transfer tool, was compromised, leading to the sensitive data of many companies which use the software being compromised. Affected companies include payroll provider Zellis, British Airways, the BBC and the province of Nova Scotia. In May, it was alleged that vehicle manufacturer Suzuki had to stop operations at one of its plants in India after a cyberattack, incurring a production of loss of more than 20 000 vehicles during this time.

These are only two among hundreds, and what has emerged as a leading cause of data loss or compromise is data stored on mobile or removable devices, as well as internal breaches that happen as a result of unauthorised employee access to private data. The theft of devices has also been revealed as a major factor in data breaches, and the loss of confidential information is not limited to theft of the device alone, as malware attacks increasingly go after proprietary business information and customer data.

A list of dire consequences

Furthermore, the consequences of a data breach go way beyond the direct financial costs alone, including the loss of customer confidence and irreparable damage to an organisation’s reputation. Add to this the fact that data security and privacy have become legally mandated in many major markets as the environment grows more stringent, with regulations such as PoPIA and GDPR working to safeguard sensitive information.

So what can be done to mitigate the damage of stolen devices or malware that exfiltrates company information? The answer is encryption, which has emerged as a critical defence mechanism. By making use of encryption, organisations render their most confidential data useless to nefarious actors or viewers who are not authorised, guaranteeing its protection and ensuring the confidence of their stakeholders.

What is data encryption?

Data encryption refers to the process of converting data from its original form into an unreadable format called ciphertext, meaning it becomes useless to unauthorised parties. To turn the data back into its original state, a specific encryption key or cipher is needed.

Although data varies greatly in nature, encryption can be applied to practically every type of data. Encryption can be employed when data is “at rest,” which means it is stored in a fixed location such as a disk. It can also be employed when data is “in motion,” being transmitted over a network. Data encryption is also compatible with a host of operating systems, file systems, block data, bare-metal servers, virtual machines and virtual disks.

Certain data, such as the information stored in the proc directory on a Linux server, may not necessarily need to be encrypted and in these cases, alternative security measures such as file-level access control should be implemented to safeguard the data. The effectiveness of different encryption algorithms varies depending on the types of data being encrypted. Additionally, the performance of these algorithms can be influenced by the underlying infrastructure on which they are implemented.

Some algorithms may demonstrate superior performance in environments with abundant memory but limited CPU power, while others may excel in CPU-intensive environments. It is therefore recommended to experiment with different encryption algorithms to identify the ones that align best with the business’s specific requirements.

Best practices

These are some of the best practices businesses should follow when embarking on an encryption journey.

Firstly, safeguarding the encryption keys is crucial. Mistakes can happen, and if the encryption key is compromised, unauthorised access to company data becomes a real danger. Avoid storing the key in an unencrypted file on your computer. Instead, adopt measures such as separating the keys from the data, implementing user access restrictions and responsibilities, and regularly rotating encryption keys based on a predetermined schedule.

Next, encrypt all sensitive data, irrespective of its storage location or perceived risk. Breaches are seen as an inevitability now, so by encrypting sensitive data, the business significantly increases the barriers to unauthorised actors attempting to breach the systems.

Finally, effective data encryption involves making data unreadable to unauthorised parties while maintaining efficiency and utilising resources optimally. If the encryption process is overly time-consuming or consumes excessive CPU time and memory, consider switching to a different algorithm or experimenting with encryption tool settings to strike a balance between security and performance.

About the author, Caryn Vos
Caryn Vos, senior manager: crypto at Altron Systems Integration, has specialised in information security for more than 20 years, during which time she has dealt with all facets of the industry. This has given her a deep and broad understanding of information security as a whole. While she has focused on the financial services sector for many years, she has also worked with most industries during the course of her career. She has built an extensive network throughout the channel and end-user customer base and has extensive experience in dealing with end users as well as through partners. For more information, contact Vos via LinkedIn.