How Business are Adopting Encryption in their Security
Nov 6th, 2014
Business are Adopting Encryption in their Security
Riskope thanks Cherie Graham for this piece.
It doesn’t matter when you read this article because when you do, there will be another big data breach in the news. For the last several years they’ve been everywhere, spanning from stolen credit card numbers from Target to the recent hack at JP Morgan, leaking personal info on more than 76 million customers. Data breaches affect millions on both personal and enterprise level. Encrypted text messages and iCloud security are in the news now that Apple is beefing up security on its users accounts (two-step verification and better encryption for iMessage). Even the Director of the FBI expressed his concern for the growing amounts of encryption in iMessage and other messaging services. That’s how much these companies are stepping up their game and addressing the issue at hand.
But while leaked celebrity photos make headlines, the real threat is in big business. Security companies work day and night to keep hackers away from precious financial, or proprietary information that could absolutely wreck a company and every customer who does business with it constituting a significant risk.
Here are some of the latest advances keeping data secure.
That’s Google CEO Eric Schmidt’s solution to solving government surveillance and big data breaches. Google is paving the way on data encryption, ensuring almost all Google searches use HTTPS privacy when available. Google Drive, which is an growing choice for small business, is constantly beefing up security to data centers. It’s servers are SSAE 16 / ISAE 3402 Type II, SOC 2-audited and have achieved ISO 27001 certification, according to Google Drive’s webpage.
Even though Google has options for business storage, it’s still very much a consumer company first. Cloud services that specialize in enterprise storage need to be at the top of their game to ensure data breaches aren’t happening to its clients. Companies like Mozy offer at least the base level of 256-bit AES encryption with features like a 448-bit managed blowfish key and data encrypted backups where not even the companies running the server have the key. However, as always there is a trade-off and in this particular case it is more time consuming so a balanced approach is paramount.
Two-step authentication, the process that requires “something you know” and “something you have” for a password, has been around for a while, but whether or not a service offered it was hit or miss. But now it’s hard to come across a financial or cloud storage service that doesn’t offer two-step authentication, if not require it. Consumers usually rely on their phones for two-step, using codes received via text message to accompany a password on a website, but companies will use something called an RSA Token, which is just a small piece of hardware that can go on a keychain. It generates a new code every 60 seconds to accompany a password used for any sort of account, including cloud storage. If someone were to breach this level of security they would need to know the password and have the RSA Token. In this case the trade-off is that you need that piece of equipment, which could lead to major consequences if you just have that item at home or your luggage was delayed in a trip, all of which in itself is almost consequencesless.
Tagged with: Encryption, JP Morgan, risk, security, Target, trade-off