How to Use Data Encryption to Secure Mobile Business Data - Page 2

Rethink your strategy

To combat the rising cost of data breaches, organizations must rethink their strategy in regards to protecting data. No longer is a firewall the means to this end. While firewalls protect traditional computing methods, they do not protect data from theft via mobile devices. A stronger method of protecting data in transit on mobile devices is through the use of encryption software.

Encryption is the process in which an algorithm is used to transform information into a senseless jumble of characters and symbols, and it is the future of data security. Only authorized personnel have a "key" that is used to decrypt the information so that it can be readable again.

The rise in the mobile work force has changed the conversation on security methods from device-centric protection to data-centric security. When discussing data encryption, there are a number of solutions.

The whole truth and nothing but

Whole-disk encryption is designed primarily for desktops, laptops, notebooks and devices with hard drives. Whole-disk encryption is a comprehensive and transparent means to securing data. Through this method, data is encrypted and decrypted on the fly, as users perform their normal tasks. All the data on the hard drive is encrypted. Unlike firewall-only perimeter defenses, data encryption protects data wherever it goes and, therefore, is ideal in the ever-expanding world of business mobility.

No hard drive? No problem

File and folder encryption protects specific files on a device and requires an encryption key to gain access to the data. Because some mobile devices do not have hard drives, the whole disk cannot be encrypted. However, file/folder encryption is designed in such a manner that it allows encryption of the data on the device. This way, if an employee loses a flash drive or a CD/DVD, the data is not accessible if it falls into the wrong hands.

Regulations and mandates galore

Protecting data has become so critical that federal and state regulatory mandates have emerged requiring immediate action to properly protect Personally Identifiable Information (PII). In the United States, 45 out of 50 states have passed data protection and reporting laws. Most industries have regulatory requirements to protect data. The healthcare industry has the Health Insurance Portability and Accountability Act (HIPAA), the financial industry has the Sarbanes-Oxley Act (SarbOx), retail and manufacturing has the Payment Card Industry Data Security Standard (PCI DSS), and state and local government and institutions have the Family Educational Rights and Privacy Act (FERPA). And this is just to name a few.