Manage Learn to apply best practices and optimize your operations.

Encryption best practices

Encryption is a necessary security tool in financial companies, but government mandates limit how much data you can encrypt and where it can be deployed. Learn how to determine what's the best plan for encryption at your financial services organization.

In the heavily regulated financial services industry, the encryption and protection of data is paramount in securing network operations.

The storage infrastructures financial organizations deploy are complicated, ranging from simple networks using network attached and an assortment of file servers to large complicated storage area networks (SANs) that are connected to hundreds of host and mainframe computers with multi-port director-level Fibre Channel switches.

Regardless of the implementation, these networks are fraught with security concerns revolving around where data is encrypted and how it is protected as it flows both inside and outside the organization.

Adding to these concerns is a growing number of regulations and laws that mandate the encryption of data. These include U.S.Treasury Orders and Directives that call for FIPS-level Data Encryption Standard encryption and authentication for any Electronic Funds Transfer, and American National Standards Institute X3 and X9 standards for Personal Identification Numbers, key distribution and authentication.

The need for such encryption is starting to hit home as well. Eighty-seven percent of respondents to a survey from London, Ont.-based InfoTech Research Group, said regulatory compliance is forcing them to consider implementing encryption as a way to protect their data, but that only 54% are encrypting data at rest.

IT administrators must be able to determine how these mandates and regulations affect the encryption of data in their organizations, which data they will encrypt and where in the storage infrastructure encryption is deployed. Here are some tips on where to begin:

  • Have some means for encrypting tape cartridges before moving them to on-site or off-site archival storage. Vendors such as Crossroads Systems, Decru, CipherMax and nCipher offer products that connect to the SAN and provide data compression, data integrity checking and secure audit logging. Be sure that the introduction of these devices into the SAN does not cause performance penalties.
  • Look at encrypting data on disk. Appliances from Decru, nCiper and CipherMax can also be used to do this. Other new technologies such as Seagate's Self-Encrypting Hard Disk, which is available on laptops from Dell, NEC and Lenovo, also natively encrypt data in hardware without attendant performance penalty. Fujitsu and Hitachi drives also provide disk encryption. Any product incorporating the Trusted Computing Group's Trusted Storage Specification should also be considered.
  • Protect your mobile devices against loss or corruption. Consider implementing laptops with biometric thumbprint readers for authentication or use Microsoft's Encrypted File System to protect against data theft.
  • Encrypt all email with digital signatures and public/private key encryption. The digital signature lets a user electronically sign an e-mail message using a private key that has been assigned to them. The recipient will use the public key of the sender to verify that the message originated from him. Technologies such as these are included in Microsoft Office and in products from Postini, Zix, Ingrian and Intradyn.
  • Encrypting the data your network hard drives, laptops and media leaving your site is crucial to financial services organizations not only in preventing data leakage, but in securing the integrity of the enterprise and its data resources.

About the author:
Deni Connor is principal analyst for Storage Strategies Now, a research firm in Austin, Texas.

Dig Deeper on Data encryption techniques

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.