Security is almost always a tradeoff: Increased security means less convenience. So security is balanced against the need to keep systems user-friendly and the resources available. This can be a particularly difficult balancing act in the case of enterprise data. It is a high-value target requiring high security, but to realize its value to the enterprise, it must be readily available to those who need it.
The answer to this challenge is a solution that provides security through the complete lifecycle of the information, without interfering with its use.
Making it Secure
Your data requires end-to-end protection, but most solutions fall short.
Disk-level encryption and database encryption provides physical protection for data while it is at rest. Strong encryption available today – such as the U.S. government standard Advanced Encryption Standard (AES) – provides strong security, protecting it against theft and leakage when disks or database files are exploited. But it does not protect it while it is in transit from storage to user. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encrypt data in transit to protect it from interception.
Each of these strategies has gaps in protection from an end-to-end perspective, and do not protect the data while it is in use. Disks decrypt at runtime, data in an encrypted database must be decrypted in responding to an SQL request, and SSL-protected data is decrypted when it reaches the end user creating gaps in data protection.
Your enterprise needs a way to secure your data end-to-end – at rest, in transit and in use – while maintaining its value as an enterprise resource. This requires protecting it throughout its lifecycle, from the time it is gathered through its final use, and making it available only to those who need it when it is actually needed.