Sharing sensitive information? Yes, but a with a proper protection. Theft, leakage and exfiltration are all threats to your data, which is a prime target of malicious cyber acts. Each exchange can also become a source of risk, as once your data passes from one place to another, it can be intercepted, modified or even destroyed. For better data security, your IT security teams have to apply a number of best practices, the most important of which is data encryption.
Data security in organisations is regularly put to the test. Encrypting your data thus protects you from the theft and leakage of this information. This fragility is due to various causes, ranging from negligence to industrial espionage, as well as new mobile working practices and the widespread use of collaborative tools. The concept of data protection is closely linked to confidentiality, integrity and availability. Together with the concept of traceability, these elements are the fundamental building blocks of information security.
And to protect the confidentiality and integrity of this data, one solution is generally given: data encryption.
To improve their agility, more and more organisations have decided to move away from classic workstations – with their many cumbersome clients – in favour of thin clients or virtual computers. This increasing reliance on applications delivered on a SaaS basis is forcing the publishers of security solutions to innovate, including by performing data encryption directly in the browser.
Data protection solutions: Toward deployment without constraints? Dig the subject in our Stormshield whitepaper.
How is a piece of information encrypted? The encryption of unstructured data can take several forms. In addition to disk encryption, it is possible to encrypt a file or an email individually. Once encrypted, the information is thus readable only by the sender and the recipient, regardless of the medium or terminal used (workstation, tablet, mobile phone, USB key, file server, or public or private Cloud). Protection against malicious acts, such as data leaks or interception attacks.
To be adopted by your teams, your data encryption solution has to fit into their day-to-day working life - not the reverse. The solution thereby enables them to access data securely, wherever they are, in a series of use cases adapted to current communication and collaboration tools.
How can sensitive information be secured? Stormshield uses end-to-end encryption to ensure the protection of data. Whether DKE encryption (Double Key Encryption) or CSE encryption (Client-Side Encryption), the encrypted medium thereby comes with its own security and can be shared securely on different platforms, in the Cloud or within the company.
With Stormshield Data Security (SDS) data protection software, discover a simple and seamless encryption solution for users, who do not have to alter their work habits. At the heart of data security is the user's ability to determine who is authorised to access information and to create secure collaboration spaces. A data protection offer built on the reliability of its solutions, which are accredited at the highest European level.
At the European level, Recital 83 of the General Data Protection Regulation (GDPR) is clear and mentions the encryption technique: "In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption."
In France, the CNIL supplements this approach and lists the basic precautions to be taken when encrypting data: use a recognised and secure algorithm, use a sufficiently large key, protect secret keys, etc. Finally, from PCI-DSS in the banking world to HIPAA in the health sector, data encryption is also subject to sector-specific regulations.
Does sharing sensitive information mean to encrypt everything? Which data has to be encrypted? It is easy to get lost in the terms related to this subject, such as vital data, sensitive data or critical data, and also personal data. As a result, many companies believe they are not affected and do not need to protect their files and exchanges. However, all companies are concerned by the need to protect data. Production data, financial data, R&D data and HR data are all elements that enable a company to operate on a daily basis.
In order to make sense of it all, everyone needs to define what information is strategic to the company or institution concerned, bearing in mind that any data produced has value.