Light Dark
April 24, 2015 By JeongGahk Kim 3 min read
Data Protection

Encrypting your data is an important step for keeping it secure. If you’re worried or stressed out about an upcoming data encryption project, you’ll want to read further.

About three years ago, I was engaged as a project manager in a data encryption and database access control solution implementation project for one of South Korea’s financial accounts. My project was successfully completed, but I had to overcome various types of issues I had not experienced before. I’d like to share what I learned from that project and recommend an effective approach to developing a successful data encryption strategy for your own data encryption project.

Types of Data Encryption Projects

Generally, data encryption solutions are categorized into three groups of solutions: kernel encryption (transparent data encryption), application programming interface encryption and plugin encryption. Kernel encryption solutions can be further divided into operating system (OS) and database management system (DBMS) solutions. My project environment was using an OS kernel (transparent data encryption) encryption solution with a DBMS access control solution. The encryption solution included Vormetric Data Security and IBM InfoSphere Guardium Data Activity Monitor.

If you are managing a similar data encryption project, follow these steps to ensure success:

Step 1: Environmental Information Gathering

Thoroughly validate and gather the following pieces of information, which are critical inputs for setting up a strategic encryption schedule:

  • Target Systems: The identified systems inventory should be confirmed by the client in the earlier phases of the project.
  • Core Business Process Batch Job Schedule, Available Shutdown Schedule and System Dependency: These schedules and dependencies are needed to create an implementation timeline — otherwise, the project schedule should be provided by the client. Having the support of the client’s IT infrastructure team is a critical success factor.
  • As-Is System Performance Data: This data will be used to compare system performance before and after encryption.

Step 2: Set Up a Pilot Test Environment for Functional and Performance Testing

Before the solution is implemented, a test environment representing the production environment should be prepared to test how functionality and performance will be affected by the implementation of the encryption solution. This pilot test environment should be maintained throughout the project period in case of technical issue handling.

During the test, kernel agent compatibility with other products within the system should be validated. You must also measure system performance degradation to predict the estimated data migration time. This information is crucial to developing a realistic project schedule.

Step 3: Develop an Encryption Schedule Down to the System and Data Level

Based on the information from Step 1 and Step 2, the project team should be able to set up an encryption schedule. When you schedule agent installation and initial data encryption, the tasks should be separately considered according to the target system. For all target systems, the three following points should be considered when setting up the schedule:

  1. Compliance and Regulatory Requirements: A good first target system for your project is a system that has been mandated for encryption by regulation. Picking such a system makes it easier to persuade the system administrator to start things ahead of schedule.
  2. Data Size: As the data size increases, so does the initial data encryption time. I recommend placing a small data system in the earlier phase of the entire schedule. This will optimize the project schedule. If any technical issues arise, the project team will have more time to fix the problem in an earlier phase of the project.
  3. Business Impact: A redundant (dual configuration) system has more options for encryption scheduling. Development and test systems can be placed earlier in the schedule than production systems. If some systems have limited time frames for allowed system shutdown (such as batch or external organization gateway systems), then early communication with the clients is required to set up the priority on the change schedule.

The bigger the scope of your encryption, the greater the risk associated with your project. In a project field, there are even more variable situations that must be handled with care. The best way for you to be prepared is to spare enough time to set up an encryption strategy based on complete and detailed environmental information.

I hope these tips help you with your project. Connect with me on Twitter at @dvd703.

Image Source: iStock

 |  |  |  | 
JeongGahk Kim
Manager of SD Security Risk Management, GTS Korea, IBM

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature