CoSoSys – maker of data loss prevention (DLP) software Endpoint Protector – has warned that encryption should be deployed regardless of data type, information at risk, or the perceived potential for cyber attack.
As Zoran Cocoara, director of enterprise sales at Endpoint Protector by CoSoSys, explains, there are no perfect data security measures or security solutions.
“There is no way to prevent a data breach,” Cocoara confirmed. “[But] encrypting data means encoding it in such a way that it can only be restored to its original form if the person or system decoding it has the appropriate key.”
Decoding is “theoretically possible” without a key, but requires so much computing power and time to crack the complex algorithms typically involved that it poses no threat, he maintained.
And encryption improves data security and protection in various ways, he said.
“Adding an extra layer of security ensures that even if one of these layers fails, the secured possession is still safe,” Cocoara said.
Without encryption, if the typically attack-focused security measures fail, it’s game over – access has been gained. Also, encryption may be required or at least “strongly encouraged” by several specific laws and compliance requirements around data handling and management, he said.
The Payment Card Industry Data Security Standard (PCI DSS) requires that the Primary Account Number (PAN) be unreadable when stored.
“The General Data Protection Regulation (GDPR) does not directly require encryption, but it does recommend that the controller or processor evaluate risks and implement risk-mitigation measures, such as encryption,” added Cocoara.
Symmetric encryption, including encryption adhering to the Advanced Encryption Standard (AES), means that the encryption key is used for both encoding and decoding. Asymmetric encryption employs a private key for decoding and a public key for encoding.
“These two types of encryption are frequently used together in complex solutions and secure internet protocols like Secure Socket Layer (SSL)/Transport Layer Security (TLS),” Cocoara said.