August 29, 2017 By Rick Robinson 3 min read

Organizations continue to be plagued by data breaches, and data is leaking from our enterprises in large quantities. However, data leakage is not the only issue. The problems — namely, regulatory fines, brand damage and lost revenue — begin when sensitive data that is readable and accessible falls into the wrong hands. Despite these concerns, security professionals can rest assured that there is a way to immediately stop the madness: Use data encryption.

Data encryption has existed for thousands of years. During all those centuries, the use of encryption has adapted and grown to meet various needs. Back in the day, simple substitution ciphers or scytales worked great, but today’s environment demands methods more rigorous than block encryption.

Stocking Your Data Encryption Toolbox

Just as wizards of technology do not rest on their laurels with a single spell or potion, is it not a good idea to only have one type of encryption in your tool set. Those wizards excel by having a rich set of technologies to choose from, and the skills to use them in a dynamic and challenging world.

There is no doubt that encryption and key management algorithms must be publicly vetted to ensure their strength. However, the application of those algorithms must also be flexible enough to meet organizations’ needs. For example, we all know what a Social Security number (SSN) looks like: It consists of three numeric digits, followed by two digits, and then another four (i.e., 111-22-3333). If we were to encrypt that data, we might end up with a string of numbers, letters and special characters that would prevent an intruder from recovering the SSN, but it could break many applications and databases that process data without maintaining the well-defined format of an SSN. This principle also applies to encrypting names, phone numbers and email addresses.

Fundamental Encryption Techniques

If we cannot encrypt this data, how can we keep it secure? With the right set of capabilities, you can protect specific types of data using the same cryptographic principles in a way that does not interfere with business applications. This enables you to employ one of the following three fundamental encryption techniques.

  • Format-preserving encryption allows data to be truly encrypted but maintain the same format as the original data set. The process takes a little longer because the enciphered data needs to retain formats.
  • Tokenization has no relationship at all to the original data. The token is a replacement for the original data, but is not derived from it. The only way to reverse tokenized data is to look up what the original data was using the token.
  • Redaction is a method in which many characters are replaced with the same letter. For example, a credit card number may by represented by an asterisk, save for the last four digits. You cannot recover the credit card number from a figure such as “**** **** **** 1234,” but you can have high level of confidence that you are comparing the correct card number by cross-referencing the last four digits.

Encryption, tokenization and redaction are just three options for obfuscating data. Remember that any good encipherment or encoding approach must follow the basic tenants of cryptography. That means knowing the algorithm should offer no advantage in decoding or deciphering data. The only way you should be able to decipher the data is by having access to the decryption key.

An Easy and Effective Data Protection Strategy

While it’s crucial for data in new sources and technology platforms to be protected and encrypted, legacy systems frequently contain large quantities of important, valuable data that still need protection. Using cryptographic tools, including file and database encryption, tokenization and Teradata encryption, allows organizations to protect data flexibly while supporting the full technology environment.

Think of data encryption as an easy way to protect data from misuse. By using it, you can get terrific results without having to work as hard as those technology wizards.

IBM Announces New Guardium Data Encryption v3.0 Portfolio

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today