Corporate data encryption: instructions | Stormshield

Faced with the risk of data theft or leaks, one simple and effective way to protect your business is encryption. A technique that nevertheless requires following a few simple rules.

All companies either have sensitive data or process data of a personal nature. However, leaks and cyberattacks are occurring more and more often, causing increasingly costly data losses. In 2017, the financial cost for French companies increased by 50% in one year, reaching an average amount of 2.25 million euros (PwC's "The Global State of Information Security Survey 2018").

Faced with this threat, data encryption is an essential protection tool. This technique makes it possible to transform a "classic" message into an "encrypted" one that is incomprehensible to a third party and thus guarantees its confidentiality. In fact, using this method is very simple thanks to an encryption key.

 

Analysing needs

Identifying the real needs of a business is the first step. Some departments (executive committee, R&D, accounting, etc.) are more concerned than others by the protection of sensitive data. "First of all, we need to talk to the company about its business, its value-added, its expertise etc., in order to target what really needs to be protected," says Jocelyn Krystlik, Product Marketing Manager at Stormshield.

 

Combining simplicity and efficiency

The encryption solution adopted must be simple to use and designed according to the user experience. Technology should not be a burden on business processes. "It is important to remember that users see encryption as a constraint at first," says Krystlik, who also emphasises the need to "guarantee the reversibility and the recovery of data, in other words the effectiveness of the encryption solution".

 

Training and raising awareness

A new solution and procedure is only worthwhile if it is understood, adopted and mastered. It is therefore vital to inform and train users on the sensitive nature of data and its encryption. "Unless they've had prior training, an average user usually has no knowledge of encryption," says Krystlik, who advises using e-learning modules, among other awareness tools, that are particularly suitable for business.

 

Managing meticulously

Adopting a data encryption solution requires asking some basic questions. Namely: who has the encryption key? Who will conduct data recovery? Who will manage the help desk (account unlocking)? The priority must be to limit access to people concerned and to know who has been entrusted with these encryption keys.

 

Considering external factors too

Encrypting data should not hinder communication with partners (suppliers, customers, etc.). It is therefore necessary to take into account their own needs and uses, even if it means using less robust systems. "There are free encryption solutions that use a password," says Krystlik, who also talks about "free cloud infrastructure solutions for occasional exchanges with a customer or supplier". Once again, training is essential, especially to make partners understand that encryption is also in their interest.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Looking for an encryption solution that can be integrated into your company’s tools? Try our Stormshield Data Security Enterprise solution, which can be seamlessly integrated into your collaboration and communication tools (such as customer messaging) for e-mail integrity and confidentiality as well as for local or shared directory protection.
About the author
mm
Jocelyn Krystlik Business Unit Data Security Manager, Stormshield

Jocelyn has varied experience in security: he spent eight years in consulting and product management for Arkoon until it was bought out by Stormshield’s parent company, Airbus. Since 2014, he has been helping Stormshield's clients reduce their exposure to threats by providing expertise, advice, and training in data security, especially in the cloud. He played a key role in bringing Security Box, a corporate data security product, to market. He is now Manager of the Data Security Business Unit.