August 29, 2017 By Rick Robinson 3 min read

Organizations continue to be plagued by data breaches, and data is leaking from our enterprises in large quantities. However, data leakage is not the only issue. The problems — namely, regulatory fines, brand damage and lost revenue — begin when sensitive data that is readable and accessible falls into the wrong hands. Despite these concerns, security professionals can rest assured that there is a way to immediately stop the madness: Use data encryption.

Data encryption has existed for thousands of years. During all those centuries, the use of encryption has adapted and grown to meet various needs. Back in the day, simple substitution ciphers or scytales worked great, but today’s environment demands methods more rigorous than block encryption.

Stocking Your Data Encryption Toolbox

Just as wizards of technology do not rest on their laurels with a single spell or potion, is it not a good idea to only have one type of encryption in your tool set. Those wizards excel by having a rich set of technologies to choose from, and the skills to use them in a dynamic and challenging world.

There is no doubt that encryption and key management algorithms must be publicly vetted to ensure their strength. However, the application of those algorithms must also be flexible enough to meet organizations’ needs. For example, we all know what a Social Security number (SSN) looks like: It consists of three numeric digits, followed by two digits, and then another four (i.e., 111-22-3333). If we were to encrypt that data, we might end up with a string of numbers, letters and special characters that would prevent an intruder from recovering the SSN, but it could break many applications and databases that process data without maintaining the well-defined format of an SSN. This principle also applies to encrypting names, phone numbers and email addresses.

Fundamental Encryption Techniques

If we cannot encrypt this data, how can we keep it secure? With the right set of capabilities, you can protect specific types of data using the same cryptographic principles in a way that does not interfere with business applications. This enables you to employ one of the following three fundamental encryption techniques.

  • Format-preserving encryption allows data to be truly encrypted but maintain the same format as the original data set. The process takes a little longer because the enciphered data needs to retain formats.
  • Tokenization has no relationship at all to the original data. The token is a replacement for the original data, but is not derived from it. The only way to reverse tokenized data is to look up what the original data was using the token.
  • Redaction is a method in which many characters are replaced with the same letter. For example, a credit card number may by represented by an asterisk, save for the last four digits. You cannot recover the credit card number from a figure such as “**** **** **** 1234,” but you can have high level of confidence that you are comparing the correct card number by cross-referencing the last four digits.

Encryption, tokenization and redaction are just three options for obfuscating data. Remember that any good encipherment or encoding approach must follow the basic tenants of cryptography. That means knowing the algorithm should offer no advantage in decoding or deciphering data. The only way you should be able to decipher the data is by having access to the decryption key.

An Easy and Effective Data Protection Strategy

While it’s crucial for data in new sources and technology platforms to be protected and encrypted, legacy systems frequently contain large quantities of important, valuable data that still need protection. Using cryptographic tools, including file and database encryption, tokenization and Teradata encryption, allows organizations to protect data flexibly while supporting the full technology environment.

Think of data encryption as an easy way to protect data from misuse. By using it, you can get terrific results without having to work as hard as those technology wizards.

IBM Announces New Guardium Data Encryption v3.0 Portfolio

More from Data Protection

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today