Encryption at Rest: Best Practices for Data Protection

Mar 08, 2022

Share this:

Posted in:


Data protection is top of mind for businesses of all sizes. Attackers are looking for every opportunity to access unsecured data whether it be in a large Fortune 500 company, mid-market, or small business. Sensitive company data and personal data is at risk. When a data breach happens, IT teams scramble to determine what was lost, how to recover, and how quickly they can maintain business continuity. Learning about how your data is secured is critical for building and maintaining a Cybersecurity resiliency plan. We’re here to help! Let’s break down how hardware encryption is evolving, highlight the new standards for data protection, and provide some helpful best practices for becoming cyber resilient.

Back to Basics: What is Encryption? Data encryption is the process of translating one form of data into another form of data that unauthorized users can’t decrypt. For example, you saved a copy of your customers’ credit card information on your server. You do not want that to fall into the wrong hands. By encrypting data at rest, you’re essentially converting your customer’s sensitive data into another form of data. Only authorized personnel will have access to these files, thus ensuring that your data stays secure. Encryption at rest is designed to prevent an attacker from accessing unencrypted data by ensuring the data is encrypted. Once the attacker obtains a hard drive with encrypted data, but not encrypted keys, the attacker must defeat the encryption to read the data. This creates a more complex attack and requires other resources. Encryption at rest should be a high priority for all organizations and is required for data governance and compliance. Organizations adhering to industry and government regulations such as HIPAA, PCI and FedRAMP are required to enforce safeguards for data protection and follow encryption requirements.

Evolving Encryption: Then vs Now Much like everything in our digital world, encryption practices are evolving to meet the security measures necessary to avoid a data breach. The Data Encryption Standard (DES), created in 1977, is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for applications, it has been highly influential in the advancement of cryptography. The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. AES is implemented in software and hardware throughout the world to encrypt sensitive data. It is essential for government computer security, cybersecurity, and electronic data protection. The National Institute of Standards and Technology (NIST) started development of AES in 1997 when it announced the need for an alternative to the Data Encryption Standard (DES), which was starting to become vulnerable to attacks.

AES: The New Standard AES includes three block ciphers: Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128, 192 and 256 bits, respectively. Symmetric, also known as secret key, ciphers use the same key for encrypting and decrypting. The sender and the receiver must both know — and use — the same secret key. The government classifies information into three categories: Confidential, Secret or Top Secret. All key lengths can be used to protect the Confidential and Secret level. Top Secret information requires either 192- or 256-bit key lengths. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. A round consists of several processing steps that include substitution, transposition and mixing of the input plaintext to transform it into the final output of ciphertext.

Are you prepared? Work with Clear Technologies and IBM to determine your cybersecurity resilience strategy. Start with a Cyber-Incident Response Storage Assessment (CIRSA) using the NIST Framework to evaluate the vulnerability of your storage environment. By developing a cyber resilience strategy, you can ensure you will prevail in the event of a security breach. Clear Technologies is your trusted partner for improving storage performance and cyber resilience with IBM FlashSystem. Schedule a meeting with us today!