Data Protection April 24, 2015
By JeongGahk Kim 3 min read

Encrypting your data is an important step for keeping it secure. If you’re worried or stressed out about an upcoming data encryption project, you’ll want to read further.

About three years ago, I was engaged as a project manager in a data encryption and database access control solution implementation project for one of South Korea’s financial accounts. My project was successfully completed, but I had to overcome various types of issues I had not experienced before. I’d like to share what I learned from that project and recommend an effective approach to developing a successful data encryption strategy for your own data encryption project.

Types of Data Encryption Projects

Generally, data encryption solutions are categorized into three groups of solutions: kernel encryption (transparent data encryption), application programming interface encryption and plugin encryption. Kernel encryption solutions can be further divided into operating system (OS) and database management system (DBMS) solutions. My project environment was using an OS kernel (transparent data encryption) encryption solution with a DBMS access control solution. The encryption solution included Vormetric Data Security and IBM InfoSphere Guardium Data Activity Monitor.

If you are managing a similar data encryption project, follow these steps to ensure success:

Step 1: Environmental Information Gathering

Thoroughly validate and gather the following pieces of information, which are critical inputs for setting up a strategic encryption schedule:

  • Target Systems: The identified systems inventory should be confirmed by the client in the earlier phases of the project.
  • Core Business Process Batch Job Schedule, Available Shutdown Schedule and System Dependency: These schedules and dependencies are needed to create an implementation timeline — otherwise, the project schedule should be provided by the client. Having the support of the client’s IT infrastructure team is a critical success factor.
  • As-Is System Performance Data: This data will be used to compare system performance before and after encryption.

Step 2: Set Up a Pilot Test Environment for Functional and Performance Testing

Before the solution is implemented, a test environment representing the production environment should be prepared to test how functionality and performance will be affected by the implementation of the encryption solution. This pilot test environment should be maintained throughout the project period in case of technical issue handling.

During the test, kernel agent compatibility with other products within the system should be validated. You must also measure system performance degradation to predict the estimated data migration time. This information is crucial to developing a realistic project schedule.

Step 3: Develop an Encryption Schedule Down to the System and Data Level

Based on the information from Step 1 and Step 2, the project team should be able to set up an encryption schedule. When you schedule agent installation and initial data encryption, the tasks should be separately considered according to the target system. For all target systems, the three following points should be considered when setting up the schedule:

  1. Compliance and Regulatory Requirements: A good first target system for your project is a system that has been mandated for encryption by regulation. Picking such a system makes it easier to persuade the system administrator to start things ahead of schedule.
  2. Data Size: As the data size increases, so does the initial data encryption time. I recommend placing a small data system in the earlier phase of the entire schedule. This will optimize the project schedule. If any technical issues arise, the project team will have more time to fix the problem in an earlier phase of the project.
  3. Business Impact: A redundant (dual configuration) system has more options for encryption scheduling. Development and test systems can be placed earlier in the schedule than production systems. If some systems have limited time frames for allowed system shutdown (such as batch or external organization gateway systems), then early communication with the clients is required to set up the priority on the change schedule.

The bigger the scope of your encryption, the greater the risk associated with your project. In a project field, there are even more variable situations that must be handled with care. The best way for you to be prepared is to spare enough time to set up an encryption strategy based on complete and detailed environmental information.

I hope these tips help you with your project. Connect with me on Twitter at @dvd703.

Image Source: iStock

 |  |  |  | 
JeongGahk Kim
Manager of SD Security Risk Management, GTS Korea, IBM

More from Data Protection
September 13, 2023

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…

August 30, 2023

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

August 28, 2023

Advanced analytics can help detect insider threats rapidly

2 min read - While external cyber threats capture headlines, the rise of insider threats from within an organization is a growing concern. In 2023, the average cost of a data breach caused by an insider reached $4.90 million, 9.6% higher than the global average data breach cost of $4.45 million. To effectively combat this danger, integrating advanced analytics into data security software has become a critical and proactive defense strategy. Understanding insider threats Insider threats come from users who abuse authorized access to…

August 22, 2023

One simple way to cut ransomware recovery costs in half

4 min read - Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom. The median recovery cost for those that use backups is half the cost incurred by those that paid the ransom, according to a recent study. Similarly, the mean recovery cost is almost $1 million lower for those that used backups. Despite this fact, the use of backups is actually falling. This was one of the…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature