How to Secure Data with End-to-End Encryption

 
 
By Paul Meadowcroft  |  Posted 2010-01-13 Email Print this article Print
 
 
 
 
 
 
 

With the alarming increase in the number of reported data breaches in recent years, enterprises must seek measures beyond regulation that will help them protect their company reputation, and avoid financial and brand damage. Here, Knowledge Center contributor Paul Meadowcroft discusses how end-to-end encryption and good key management can be the panacea to securing sensitive data, regardless of whether encryption is explicitly mandated by a piece of regulation or simply recommended.

To date, it has largely been banks and governments that have taken advantage of encryption to secure information. However, almost every organization in every industry handles information that someone somewhere regards as being private or valuable. There is an implicit, and increasingly explicit, obligation to protect it.

Some of the advantages of encrypting data include minimizing the risk of card fraud, complying with regulations such as the Payment Card Industry Data Security Standard (PCI DSS), and implementing industry best practices. Let's take a closer look at each of these advantages:

1. Minimizing the risk of card fraud

It has been estimated that the cost of a data breach for a large organization is approximately $200 per compromised record. As such, the financial implications of the recent data breach at Web hosting firm Network Solutions-which compromised approximately 574,000 individuals' credit card information-stands at around $100 million. It is easy to understand how costs can add up so quickly if elements such as forensic investigations, managing relations with affected customers, reducing the impact on the media, and legal costs (just to name a few) are taken into consideration.

Retailers store customer data, for example, in order to be able to refund payments. However, in doing so, they must also keep this data secure. Strong cryptography is the most sophisticated and successful approach for protecting stored cardholder data. It ensures that the information remains safe, even if the other layers are breached. Encryption also allows data to be stored for as long as necessary and as flexibly as possible.

With strong cryptography, a secret "key" value is used in an encryption algorithm to protect the cardholder data. As long as this key remains secret, the encrypted data is safe. Consequently, the best way to store the secret key is to use a cryptographic Hardware Security Module (HSM) that performs all of the encryption and decryption of data-and never allows users or applications to see the key.




 
 
 
 
Paul Meadowcroft is Enterprise and Government Business Unit Director for the Information Systems security activities at Thales. Paul has more than 15 years experience in information security. Paul is an expert on a wide range of information security topics, including the use of cryptography, key management, public key infrastructures and payment systems. He can be reached at paul.meadowcroft@thales-esecurity.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel