As data breaches and cyber attacks make headlines with increasing frequency, businesses and consumers alike are looking for ways to better protect their data.
One way to do this is by encrypting data at rest, which is data that is not currently being used or accessed.
Benefits of encryption
Perhaps the most obvious is that it makes it much more difficult for unauthorized individuals to access the data, for example in case of a data breach.
Even if an attacker were to physically obtain the drive, they would not be able to read the data without the proper encryption key. This can be a helpful obstacle against criminals, as well as a way to protect data in the event that a device is lost or stolen.
Possibilities
There are a number of different ways to encrypt data at rest. This can be done at file level or entire drive level.
- One popular method is to use full disk encryption, which encrypts the entire drive, including the operating system, all of the files, and the free space.
This is a very effective way to encrypt data, but it can also be time-consuming and resource-intensive.
Useful tools for this are Veracrypt, which is open source and free. A more business oriented environment could use Microsoft’s Bitlocker. - Another popular method is to use file-level encryption, which only encrypts individual files.
This can be a good option for businesses that only need to encrypt certain types of data, such as financial information or personal health information.
File-level encryption can also be less resource-intensive than full disk encryption.
This might also be a preferred approach in a Bring-Your-Own-Device cultured business where the endpoints are harder to manage.
Some useful strong tips while implementing
- No matter which method of encryption you choose, it is important to make sure that you have a strong encryption key
- This key should be sufficiently long and should be a mix of uppercase and lowercase letters, numbers, and symbols
- It is also important to keep the encryption key safe and to never store it on the same device as the data that is being encrypted
- TPM chips help with keeping a key safe, while not asking the end-user the encryption key every time it’s needed
- When choosing a method of encryption, businesses should consider their needs and the resources that they have available.