April 24, 2015 By JeongGahk Kim 3 min read

Encrypting your data is an important step for keeping it secure. If you’re worried or stressed out about an upcoming data encryption project, you’ll want to read further.

About three years ago, I was engaged as a project manager in a data encryption and database access control solution implementation project for one of South Korea’s financial accounts. My project was successfully completed, but I had to overcome various types of issues I had not experienced before. I’d like to share what I learned from that project and recommend an effective approach to developing a successful data encryption strategy for your own data encryption project.

Types of Data Encryption Projects

Generally, data encryption solutions are categorized into three groups of solutions: kernel encryption (transparent data encryption), application programming interface encryption and plugin encryption. Kernel encryption solutions can be further divided into operating system (OS) and database management system (DBMS) solutions. My project environment was using an OS kernel (transparent data encryption) encryption solution with a DBMS access control solution. The encryption solution included Vormetric Data Security and IBM InfoSphere Guardium Data Activity Monitor.

If you are managing a similar data encryption project, follow these steps to ensure success:

Step 1: Environmental Information Gathering

Thoroughly validate and gather the following pieces of information, which are critical inputs for setting up a strategic encryption schedule:

  • Target Systems: The identified systems inventory should be confirmed by the client in the earlier phases of the project.
  • Core Business Process Batch Job Schedule, Available Shutdown Schedule and System Dependency: These schedules and dependencies are needed to create an implementation timeline — otherwise, the project schedule should be provided by the client. Having the support of the client’s IT infrastructure team is a critical success factor.
  • As-Is System Performance Data: This data will be used to compare system performance before and after encryption.

Step 2: Set Up a Pilot Test Environment for Functional and Performance Testing

Before the solution is implemented, a test environment representing the production environment should be prepared to test how functionality and performance will be affected by the implementation of the encryption solution. This pilot test environment should be maintained throughout the project period in case of technical issue handling.

During the test, kernel agent compatibility with other products within the system should be validated. You must also measure system performance degradation to predict the estimated data migration time. This information is crucial to developing a realistic project schedule.

Step 3: Develop an Encryption Schedule Down to the System and Data Level

Based on the information from Step 1 and Step 2, the project team should be able to set up an encryption schedule. When you schedule agent installation and initial data encryption, the tasks should be separately considered according to the target system. For all target systems, the three following points should be considered when setting up the schedule:

  1. Compliance and Regulatory Requirements: A good first target system for your project is a system that has been mandated for encryption by regulation. Picking such a system makes it easier to persuade the system administrator to start things ahead of schedule.
  2. Data Size: As the data size increases, so does the initial data encryption time. I recommend placing a small data system in the earlier phase of the entire schedule. This will optimize the project schedule. If any technical issues arise, the project team will have more time to fix the problem in an earlier phase of the project.
  3. Business Impact: A redundant (dual configuration) system has more options for encryption scheduling. Development and test systems can be placed earlier in the schedule than production systems. If some systems have limited time frames for allowed system shutdown (such as batch or external organization gateway systems), then early communication with the clients is required to set up the priority on the change schedule.

The bigger the scope of your encryption, the greater the risk associated with your project. In a project field, there are even more variable situations that must be handled with care. The best way for you to be prepared is to spare enough time to set up an encryption strategy based on complete and detailed environmental information.

I hope these tips help you with your project. Connect with me on Twitter at @dvd703.

Image Source: iStock

More from Data Protection

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today