Information security: Data encryption - not enough!

So far, the encryption of data is a powerful method to protect important or private data from being violated by scrutiny of malicious code or malicious intent.

However, the media in the world reported quite a lot about the ability to leak personal data of customers such as social insurance codes, credit card information . This shows that If you want to protect your data, it's only dangerous to rely on data encryption. More and more hackers can read theft, exchange data and impersonate to boldly and skillfully penetrate. And so, just encrypting the data is not enough to protect the data for safety.

To meet stringent standards that require data to be stored and protected during a certain period of time, companies must declare war on theft, exchange data with a multi-tiered measure. The layer with the lowest level is encryption and the highest level is the integration of multiple electronic signatures, electronic authentication and management with a hierarchical key ( hierachical key ).

New challenges of backup and storage

Saving important information in the computing environment has facilitated transactions, making record keeping and other work effectively done. However, this progress has also led to internal and external risks and threatens the security and authenticity of personal data and other data. Recognize these risks for inviolability of important data, regulatory documents such as the Gramm-Leach-Bliley law and California State's Database of Safety Violations. The request must provide a secure backup and storage (archive).

The risks that promote the introduction of the above laws include:

1- Data is stolen: Information is still intact but their confidentiality is no longer guaranteed.

2- Data is exchanged: Information in the process of travel is blocked and modified or corrected at the destination.

3- Conflict to invade: Source information is invaded by an unknown person, or an individual or an organization when accessing data represents another entity.

Many products perform backup and archiving often transmitting and saving data in plain text or through a simple cryptographic algorithm. While many sophisticated techniques are used to ensure that data stored in the memory medium is not initially accessible by unauthorized users, the data stored in the media is backed up by unauthorized users. Comfortable access and recovery.

Some hardware encryption methods simulate the operation of tape drives and encrypt all data transferred to tape. While this way is better than storing in-place data in text form, these devices often do not fully understand the actual value of the data, so they encrypt extremely important databases only parity with encrypting MP3 files doesn't matter.

Failure to clarify the difference between important data and unimportant data is a danger. With this approach, some key data is not properly protected and any organization that uses such a crude approach cannot distribute the memory most effectively.

The final drawback of most current backup and storage products is the limited capability of encryption. Encrypting itself only solves the problem of anti-theft information but the danger of data being swapped and hacked by impersonation remains. One way to compete for these threats is to use a multilay-ered approach to ensure data security.

Currently, the understanding of most people who are interested in information security "I have saved data on tapes already" is no longer acceptable in the protection of data. To satisfy the specified requirements and to perform data protection at every stage of the long-term backup and storage process, we recommend using the following methods:

Encrypt / decrypt file decryption with advanced algorithms: Use public key encryption (public-key) and a series of strong and certified cryptographic characters (cipher), data must be encrypted Encrypt before leaving the original memory and continue in this form when stored on storage environments throughout its life cycle. Regardless of whether data is on the hard disk or tape, unauthorized individuals or organizations cannot read important customer information.

Encrypt / decrypt passwords on the network using advanced algorithms: Since more than 50% of attacks on data occur on private networks, a safety corridor must be set up to ensure Precious electronic assets cannot be read while transmitting from one storage environment to another.

Digital signature: Digital signatures can protect data from being compromised. Use one-way hashing for both the data to be backed up and the digital signature sent on the network. When backup data and stored data arrive at the destination, a new hash function is created from the original data and compared to the original hash function to ensure the information is not changed. It is also possible to use a similar method to ensure the irreversibility of long-term archives in cases where law or litigation must be followed.

Management of keys in hierarchical order: An integrated and hierarchical infrastructure (cartificate infrastructure) will deal with the problem of confusing and ensuring that the information backed up or restored has been sent from a trusted computer. Such a mechanism can be used to ensure that only authorized users recover the data they are allowed to access.

Application of data safety policies: Different data have different importance; and therefore, there are different safety policy requirements. A good system will compare and apply the required hashing and encryption algorithms, storage time, and password length for different types of data. The system needs to apply flexible and different safety levels depending on the value of the information we need to protect.

Dark forces capable of breaking into computer systems make data protection tools very important because it is a means of controlling the ways in which data is processed and stored. storage and protection against data theft and swapping. Encryption is a good way to do it, but its benefits are limited. That's why data security needs to integrate electronic signatures, electronic certificates and hierarchical key management methods. If these methods are applied wisely to data management along with the support of execution templates, we will have a comprehensive, scalable, multi-tiered storage security platform. be with immediate and future multi-dimensional threats.