To this day, data encryption remains a robust method for protecting important or private information from invasive scrutiny or malicious intent.
However, various media outlets around the world have reported extensively on the potential for leaking personal data, such as Social Security numbers and credit card information. This indicates that relying solely on data encryption for protection is quite dangerous. An increasing number of hackers are proficient at eavesdropping, tampering with data, and impersonating identities to infiltrate systems boldly and skillfully. Therefore, merely encrypting data is insufficient to ensure its safety.
To meet stringent standards that require data to be stored and protected over time, companies must wage war against data theft and tampering with a multilayered approach, where the foundational layer is encryption and the uppermost layer involves integrating multiple electronic signatures, electronic authentication, and hierarchical key management.
New Challenges in Backup and Storage
Storing important information in a computing environment has facilitated transactions, making record-keeping and other tasks more efficient. However, this advancement has also introduced risks from both internal and external sources, threatening the security and authenticity of personal and other data. Acknowledging these risks to the sanctity of critical data, regulations such as the Gramm-Leach-Bliley Act and the California Database Security Breach Notification Law have highlighted the need for secure backup provision and mandatory archiving.
The risks that prompted the introduction of these laws include:
1- Data theft: Information may remain intact, but its security is compromised.
2- Data tampering: Information can be intercepted and altered during transit or modified at the destination.
3- Impersonation for intrusion: Source information can be impersonated by an outsider to gain access, or an individual or organization can present themselves as another entity while accessing data.
Many backup and storage products typically transmit and store data in plain text or through rudimentary encryption algorithms. While sophisticated techniques are employed to ensure that data stored on original media cannot be accessed by unauthorized individuals, backup data often remains accessible and recoverable by such unauthorized users.
Some hardware encryption methods simulate the operation of magnetic tape drives, encrypting all data transferred to tape. Although this method is better than storing data in plain text on-site, these devices often fail to comprehend the actual value of data, leading to the encryption of highly critical databases at a level equivalent to encrypting inconsequential MP3 files.
The failure to distinguish between critical and non-critical data poses a significant risk. With this approach, some key data may be inadequately protected, and organizations employing such a crude methodology cannot optimally allocate their storage resources.
The final drawback of most current backup and storage products is the limited capability of their encryption processes. Encryption alone addresses the issue of preventing unauthorized reading of information, but the threats of data tampering and impersonation still persist. One way to mitigate these threats is to adopt a multilayered approach to ensure data safety.
Today, the understanding among most stakeholders in information security that “I’ve stored data on tape” is no longer acceptable in data protection efforts. To meet established requirements and effectively protect data throughout the backup and long-term storage processes, we recommend employing the following methods:
Advanced Encryption/Decryption of Files: Utilizing public-key encryption algorithms and a series of strong and authenticated ciphers, data should be encrypted before leaving the original storage and maintained in this form while stored in various environments throughout its lifecycle. Regardless of whether the data is on a hard drive or magnetic tape, unauthorized individuals or organizations should not be able to read important customer transaction information.
Advanced Encryption/Decryption Over Networks: With over 50% of data attacks occurring on private networks, a secure corridor must be established to ensure valuable electronic assets remain unreadable during transfer from one storage environment to another.
Electronic Signatures: Electronic signatures can protect data from being tampered with. By employing one-way hashing for both the data needing backup and the electronic signatures sent over the network, a new hash function can be generated from the original data upon return, which is then compared to the initial hash to ensure information integrity. A similar method can also be used to ensure the non-repudiation of long-term archived data in cases of regulatory compliance or litigation.
Hierarchical Key Management: An integrated and hierarchical certificate infrastructure will address the issue of impersonation and ensure that the information being backed up or restored originates from a trusted computer. Such a mechanism can ensure that only authorized users can restore the data they are permitted to access.
Implementing Data Safety Policies: Different types of data hold varying degrees of importance; therefore, they require different safety policy demands. A good system will correlate and apply hashing and encryption algorithms, storage duration, and required password lengths for various data types. The system needs to flexibly apply different safety levels depending on the value of the information that needs protection.
The dark forces capable of breaching computer systems have made data protection tools extremely vital as they serve as a means of controlling how data is processed, stored, and safeguarded against theft and tampering. Encryption is a good practice, but its benefits are limited. That is why data safety must integrate electronic signatures, electronic authentication, and hierarchical key management methods. If these methods are wisely applied to data management alongside supporting enforcement frameworks, we can establish a comprehensive, multilayered secure storage foundation capable of confronting current and future multidimensional threats.
