Data volume storage needs are growing exponentially across hybrid multicloud environments. Meanwhile, companies are being faced with a greater number of regulations to follow, as well as increased exposure to data ransomware, theft and misuse.

Many regulations, such as the General Data Protection Regulation, highlight encryption as an example of appropriate technical and organizational measures. While not required, encryption comes highly recommended. According to The Data Security And Privacy Playbook by Forrester Research, many breach notification laws excuse an organization from fines and notification requirements when compromised data was encrypted. 

A well-thought-out data encryption strategy can go a long way to address a swath of data protection issues. Data encryption helps keep your business data safe and compliant and provides extra security against unforeseen mishaps. A good data encryption strategy identifies data needed to manage encryption keys and block unauthorized access to company data. 

Here are five key areas of consideration for implementing a successful data encryption program.

Explore the eBook: “Data encryption: what you need to know.”

1. Develop and Communicate a Data Encryption Plan

Any successful deployment begins with strong collaboration across teams to define a plan for moving forward. Involve relevant executives to get their support in securing a budget and driving plans from the top.

It’s also important to involve database administrators and team members who work with data systems, storage, your network or data security in your data encryption strategy. These stakeholders can help minimize impact to performance and critical timelines during data encryption implementation.

Next, start building a consensus on how encryption aligns with your business goals and priorities to level-set everyone’s understanding and expectations. Look at the teams and systems you have in place. If needed, define any new groups and leaders. Separation of duties is key to proper encryption and key lifecycle management and needs to be defined from the beginning of the process.

2. Identify High Value Data for Encryption Prioritization

It becomes imperative to build a complete view into what data you have, how sensitive it is and where it resides when numerous data sources are deployed on-premises and in the cloud. This stage in the process can be complex and time intensive, but through a data identification and a data mapping process, you will embark on a path to success.

A good understanding of existing policies and access controls will be necessary to understand how your encryption strategy needs to work with established routines and adjacent technologies. If you have a data discovery and classification solution in place, then much of this work can be automated and properly categorized for encryption prioritization. You will want to protect your high value enterprise assets first due to their sensitive nature and for quick wins that can be leveraged for momentum and to build a case around return on investment.

Your definition of critical data depends on your business and industry. According to the International Data Corporation 2020 Data Security Survey, many IT and security professionals view business-critical information and sensitive, regulated data as most in need of protection.

Business-critical information includes information that makes up or exposes an organization’s competitive advantage, such as intellectual property, trade secrets and business plans. Sensitive, regulated data includes customer and employee information, such as personally identifiable information, social security numbers and health records. Encrypting sensitive data often forms a key provision of many regulations.

3. Explore Encryption Techniques

Once you have formulated a strategy and have a good understanding of your organization’s most critical data, you will need to think about what encryption techniques will be required to protect your data at rest and in transit. Data encryption approaches can be categorized by where they’re employed in the technology stack, which consists of four levels in which data encryption is typically implemented: full-disk or media, file system, database and application.

For many companies, file encryption is an optimal approach due to its broad protections that support most use cases. File encryption is also easy to deploy and operate. The higher in the stack that data encryption is employed, the more complicated the implementation will be. This will have a greater potential impact on performance. In exchange, you will have a greater level of data protection. The goal is to strike a balanced approach.

You also should consider how you want to manage your encryption keys. According to industry experts, the best practice is that your business takes control of all encryption keys, even ones used to encrypt cloud data. This proper separation in duties and storage is enforced so the encrypted data is distanced from their encryption keys until access is securely granted.

4. Choose an Encryption Provider

By now, you may have an idea of which encryption providers are available in the market. Now, it’s time to choose the best vendor for your data encryption needs. Be mindful of the criteria you have for product features and functionality and the kind of relationship you want when selecting a vendor. Chances are your interactions with a chosen provider will not stop at the point of purchase. A solution provider with a broad product and services portfolio is better positioned to advise, support and provide integrated solutions as your business grows.

As for the encryption product, choose a vendor who can provide centralized key and policy management, which will simplify operations around data encryption and key lifecycle management and allow you to easily scale in the future.

5. Think Past Deployment

Once you have your solution implemented and running, you will need to continue to monitor for any outliers or violations. You will also need to continue to prove alignment to business and strategic goals and keep an eye on business growth and shifts in order to adapt your encryption strategy as needed.

You should plan on your organization moving more data to the cloud. Check in with your end-users, developers and application owners, who are growing more influential over how companies operate. A strong encryption strategy must be able to adapt to business needs, so develop an approach that considers changes in technology and the requirements of key stakeholders.

These are just a handful of key considerations to have in mind as you start or revive a data encryption strategy. To learn more about the latest in industry practices on data encryption and security, watch IBM leaders explore challenges and potential solutions in the webinar “Next-Generation Data Security Strategies: Exploring Emerging Trends & Best Practices.”

More from Cloud Security

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today