Need-to-Know Only: Use Encryption to Make Data Meaningless to Prying Eyes

Organizations continue to be plagued by data breaches, and data is leaking from our enterprises in large quantities. However, data leakage is not the only issue. The problems — namely, regulatory fines, brand damage and lost revenue — begin when sensitive data that is readable and accessible falls into the wrong hands. Despite these concerns, security professionals can rest assured that there is a way to immediately stop the madness: Use data encryption.

Data encryption has existed for thousands of years. During all those centuries, the use of encryption has adapted and grown to meet various needs. Back in the day, simple substitution ciphers or scytales worked great, but today’s environment demands methods more rigorous than block encryption.

Stocking Your Data Encryption Toolbox

Just as wizards of technology do not rest on their laurels with a single spell or potion, is it not a good idea to only have one type of encryption in your tool set. Those wizards excel by having a rich set of technologies to choose from, and the skills to use them in a dynamic and challenging world.

There is no doubt that encryption and key management algorithms must be publicly vetted to ensure their strength. However, the application of those algorithms must also be flexible enough to meet organizations’ needs. For example, we all know what a Social Security number (SSN) looks like: It consists of three numeric digits, followed by two digits, and then another four (i.e., 111-22-3333). If we were to encrypt that data, we might end up with a string of numbers, letters and special characters that would prevent an intruder from recovering the SSN, but it could break many applications and databases that process data without maintaining the well-defined format of an SSN. This principle also applies to encrypting names, phone numbers and email addresses.

Fundamental Encryption Techniques

If we cannot encrypt this data, how can we keep it secure? With the right set of capabilities, you can protect specific types of data using the same cryptographic principles in a way that does not interfere with business applications. This enables you to employ one of the following three fundamental encryption techniques.

  • Format-preserving encryption allows data to be truly encrypted but maintain the same format as the original data set. The process takes a little longer because the enciphered data needs to retain formats.
  • Tokenization has no relationship at all to the original data. The token is a replacement for the original data, but is not derived from it. The only way to reverse tokenized data is to look up what the original data was using the token.
  • Redaction is a method in which many characters are replaced with the same letter. For example, a credit card number may by represented by an asterisk, save for the last four digits. You cannot recover the credit card number from a figure such as “**** **** **** 1234,” but you can have high level of confidence that you are comparing the correct card number by cross-referencing the last four digits.

Encryption, tokenization and redaction are just three options for obfuscating data. Remember that any good encipherment or encoding approach must follow the basic tenants of cryptography. That means knowing the algorithm should offer no advantage in decoding or deciphering data. The only way you should be able to decipher the data is by having access to the decryption key.

An Easy and Effective Data Protection Strategy

While it’s crucial for data in new sources and technology platforms to be protected and encrypted, legacy systems frequently contain large quantities of important, valuable data that still need protection. Using cryptographic tools, including file and database encryption, tokenization and Teradata encryption, allows organizations to protect data flexibly while supporting the full technology environment.

Think of data encryption as an easy way to protect data from misuse. By using it, you can get terrific results without having to work as hard as those technology wizards.

IBM Announces New Guardium Data Encryption v3.0 Portfolio

Share this Article:
Rick Robinson

Product Manager, Encryption and Key Management

Rick Robinson comes from a diverse background of architecture, development, and deployment of new products and services that employ cryptography in one form or another. He has numerous patents in the area of cryptography and computer security and helped customers in the financial, health, retail, manufacturing, and government sectors. Rick has been an active proponent of cryptography for business – applying standards-based cryptography, key management, PKI, and secure protocols to help business stay competitive in the ever-changing world of data security.