Securing data at rest

Data at rest can be compromised in multiple ways: 

  • Someone can steal the disks
  • Data can be transferred to a different medium

The most popular method is disk-level encryption. This encrypts the whole disk. This is known as the broad-brush approach; it is not very efficient, though. The reason being all of the data on the disk does not have the same level of sensitivity. Let's take an example of a customer's data. There is some data which no one, except the authorized user, should ever be able to see, such as social security number (SSN). There is other information, such as a customer's address, which is still private but is not personally identifiable information (PII).

PII is the kind of information that can be used on its own or with other information to identify, contact, or locate a single person. 

To encrypt at a finer level of granularity, column level and row level encryption works best. The reliability of encryption also depends upon the algorithm being used. Advanced encryption standard (AES) is the default algorithm that comes in two flavors—128 bits and 256 bits—depending upon the size of the encryption keys. 

Encryption is of two types: symmetric encryption and asymmetric encryption. If the same key is used to encrypt and decrypt data, it's called symmetric encryption. If different keys are used for encryption and decryption, it's called asymmetric encryption. Asymmetric encryption involves a public and private key pair.   
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset