Corporate data encryption: instructions

Corporate data encryption: instructions

Faced with the risk of data theft or leaks, one simple and effective way to protect your business is encryption. A technique that nevertheless requires following a few simple rules.

All companies either have sensitive data or process data of a personal nature. However, leaks and cyberattacks are occurring more and more often, causing increasingly costly data losses. In 2017, the financial cost for French companies increased by 50% in one year, reaching an average amount of 2.25 million euros (PwC's "The Global State of Information Security Survey 2018").

Faced with this threat, data encryption is an essential protection tool. This technique makes it possible to transform a "classic" message into an "encrypted" one that is incomprehensible to a third party and thus guarantees its confidentiality. In fact, using this method is very simple thanks to an encryption key.

1- Analysing needs

Identifying the real needs of a business is the first step. Some departments (executive committee, R&D, accounting, etc.) are more concerned than others by the protection of sensitive data. "First of all, we need to talk to the company about its business, its value-added, its expertise etc., in order to target what really needs to be protected," says Jocelyn Krystlik, Product Marketing Manager at Stormshield.

2- Combining simplicity and efficiency

The encryption solution adopted must be simple to use and designed according to the user experience. Technology should not be a burden on business processes. "It is important to remember that users see encryption as a constraint at first," says Krystlik, who also emphasises the need to "guarantee the reversibility and the recovery of data, in other words the effectiveness of the encryption solution".

3- Training and raising awareness

A new solution and procedure is only worthwhile if it is understood, adopted and mastered. It is therefore vital to inform and train users on the sensitive nature of data and its encryption. "Unless they've had prior training, an average user usually has no knowledge of encryption," says Krystlik, who advises using e-learning modules, among other awareness tools, that are particularly suitable for business.

4- Managing meticulously

Adopting a data encryption solution requires asking some basic questions. Namely: who has the encryption key? Who will conduct data recovery? Who will manage the help desk (account unlocking)? The priority must be to limit access to people concerned and to know who has been entrusted with these encryption keys.

5- Considering external factors too

Encrypting data should not hinder communication with partners (suppliers, customers, etc.). It is therefore necessary to take into account their own needs and uses, even if it means using less robust systems. "There are free encryption solutions that use a password," says Krystlik, who also talks about "free cloud infrastructure solutions for occasional exchanges with a customer or supplier". Once again, training is essential, especially to make partners understand that encryption is also in their interest.

Share on

Looking for an encryption solution that can be integrated into your company’s tools? Try our Stormshield Data Security Enterprise solution, which can be seamlessly integrated into your collaboration and communication tools (such as customer messaging) for e-mail integrity and confidentiality as well as for local or shared directory protection.
When security goes hand-in-hand with mobility and flexibility. Use our Stormshield Data Security for Cloud & Mobility solution to quickly encrypt or decrypt your data and work in complete security on any type of document, from any device, using any type of Cloud platform.

About the author

mm
Jocelyn Krystlik
Business Unit Manager, Stormshield

Jocelyn Krystlik is the Cloud Product Marketing Manager at Stormshield. He has a diverse background in security, having spent eight years consulting and product managing for Arkoon Network Solutions before it was purchased by Stormshield’s parent company, Airbus. Since July 2014, he has been helping Stormshield’s customers mitigate threats, providing cloud and data security expertise, consultancy and training, and was instrumental in the marketing of the company’s data security product, Security Box.