How to Secure Data with End-to-End Encryption

With the alarming increase in the number of reported data breaches in recent years, enterprises must seek measures beyond regulation that will help them protect their company reputation, and avoid financial and brand damage. Here, Knowledge Center contributor Paul Meadowcroft discusses how end-to-end encryption and good key management can be the panacea to securing sensitive data, regardless of whether encryption is explicitly mandated by a piece of regulation or simply recommended.


To date, it has largely been banks and governments that have taken advantage of encryption to secure information. However, almost every organization in every industry handles information that someone somewhere regards as being private or valuable. There is an implicit, and increasingly explicit, obligation to protect it.

Some of the advantages of encrypting data include minimizing the risk of card fraud, complying with regulations such as the Payment Card Industry Data Security Standard (PCI DSS), and implementing industry best practices. Let's take a closer look at each of these advantages:

1. Minimizing the risk of card fraud

It has been estimated that the cost of a data breach for a large organization is approximately $200 per compromised record. As such, the financial implications of the recent data breach at Web hosting firm Network Solutions-which compromised approximately 574,000 individuals' credit card information-stands at around $100 million. It is easy to understand how costs can add up so quickly if elements such as forensic investigations, managing relations with affected customers, reducing the impact on the media, and legal costs (just to name a few) are taken into consideration.

Retailers store customer data, for example, in order to be able to refund payments. However, in doing so, they must also keep this data secure. Strong cryptography is the most sophisticated and successful approach for protecting stored cardholder data. It ensures that the information remains safe, even if the other layers are breached. Encryption also allows data to be stored for as long as necessary and as flexibly as possible.

With strong cryptography, a secret "key" value is used in an encryption algorithm to protect the cardholder data. As long as this key remains secret, the encrypted data is safe. Consequently, the best way to store the secret key is to use a cryptographic Hardware Security Module (HSM) that performs all of the encryption and decryption of data-and never allows users or applications to see the key.