Not All Encryption Is Equal

It’s vital to understand that not all encryption solutions are created alike.

Let’s think about the suits of armour worn by they knights of old. Each plate needs to be able to deflect a cut, but effectiveness of the armour relies on all the pieces working together.

Encryption systems are no different. Each element of your encryption protection needs to fit for purpose and your entire encryption solutions needs to cover all of your data breach vulnerabilities.

Lets talk about some common types of computer system encryption to highlight the role they can play, but also to flag where the gaps exist:

Volume encryption is useful stopping a thief reading data on stolen disk. However, once a user has authenticated themselves, volume encryption plays no further role and for instance would not prevent another user on the same system reading sensitive materials. For example a system administrator user has privileged access allowing them free reign to all files.

Database Transparent Data Encryption. We term the built-in or optional encryption features offered by database vendors as “native encryption”, since this protection feature is built-in to the database itself it can protect things that are not under the direct control of the database. Examples include folders containing log files, journals, database encryption keys – materials that may contain traces of the sensitive information stored in the data base or may be of interest to a hacker covering their tracks.

Silo encryption. Whilst organisations encrypt one or two systems, few organizations ensure that all databases, servers and laptops have comprehensive encryption protection. Many high profile data breaches can occured as result of data stolen from test systems or materials found on a web-server, or laptop.

Comprehensive Encryption. Our mantra is “Encrypt All Systems.” Our products are designed around the simple premise that effective data protection occurs when data is encrypted on all systems AND controls are in place to prevent privileged system users side-stepping data controls. The job of our Data Privacy Manager suite is to help simplify the exercise of achieving comprehensive encryption