APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Data Center
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Data Center
    Editor's Pick (1 - 4 of 8)
    left
    Hybrid IT - The New Reality

    Ramesh Munamarty, Group CIO, International SOS

    Faster, Safer Data Hosting Starts with a Map

    Mark Bauer, Managing Director & Co-Lead Of The Data Center Solutions, JLL

    Universal Digital Identity-How to Get it Right?

    Dr. Michael Gorriz, Group CIO, Standard Chartered Bank

    Data Center of the Future

    Ari Bose, CIO, Brocade

    Centricity of Data Science in the IT World

    Harpreet Kaintel, CIO, ZenithOptimedia Group

    The Data Experience Revolution: Moving Beyond Access to Action

    Mazen Kassis, Head of Data & Analytics, Foodstuffs North Island

    Harvesting The Future: The Transformative Impact Of Ai On Agriculture

    Jeremy Groeteke, Global Head Of It & Digital Strategy, Vegetables & Flowers, Computational Agronomy, Syngenta Group

    Beyond Use Cases And Poc: Scaling Llm Within The Techstack Of Financial Operations

    Kemi Nelson, Vice President, Liberty Mutual Insurance

    right

    Encryption-is it enough?

    Jerry Irvine, EVP, CIO, Prescient Solutions

    Tweet
    content-image

    Jerry Irvine, EVP, CIO, Prescient Solutions

    CIOs and their corporations are looking for the magic bullet to protect their intellectual property and the personally identifiable information of their clients, partners and employees. Legacy security measures such as firewalls and antivirus provide little protection from hackers and malicious users breaching the enterprise environment and the implementation of more strict access controls.Data loss prevention (DLP) solutions are cumbersome and limit the productivity of end users.

    With these technical and business constraints in place, CIOs are turning to encryption of data across the entire data life cycle to mitigate the risks of lost or stolen information. But does today’s encryption technology really provide the levels of confidentiality required in this totally Internet connected world?

    There are three primary phases in which data can be encrypted: in transit, at rest, and in use. The highest level of data protection currently exists in the data transmission phase. In this phase, encryption occurs between specific communicating devices. Protection provided by encryption in transit includes confidentiality from eavesdropping and sniffing, or man-in-the-middle attacks. Applications such as VPN clients and browser based HTTPS provide strong encryption processes which protect the confidentiality of data making it very difficult for unauthorized users to intercept. It is common practice for organizations to encrypt of data transmitted from remote devices; however, data that is being transmitted on internal networks typically goes unencrypted. There is a perception that data transmitting the internal network, or even that being transmitted to remote facilities, is secure and therefore does not require encryption. Nevertheless, an organization’s internal network can be easily breached making data vulnerable to the same risks of eavesdropping, sniffing and man-in-the-middle attacks. Consultants, vendors and individuals off the street not only have access to wireless networks but often have access to network jacks in conference rooms, cafeterias and other common areas. Also, devices that do not require direct authentication (i.e. printers, scanners, industrial controls, etc.) can be infected with malware that can eavesdrop, sniff, or capture traffic and send out information to the Internet.

    Past concerns of implementing encryption to internal data transit included increased overhead on servers, network devices and end user workstations. This overhead could cause systems delays, loss of connectivity and loss or corruption of data. Many of today’s server and network technologies have data encryption capabilities built in to allow for easier configuration and implementation and minimize the impact on utilizations. Implementing encryption of data in transit from endpoint to endpoint, both remotely and internally is mandatory in today’s cyber risk environment.

    “The highest level of data protection currently exists in the data transmission phase with the ‘at rest’ and ‘in use’ phases close behind”

    Another phase of data encryption is the encryption of data at rest. Implementing encryption of data at rest is the easiest of all phases and, in fact, is built in on many devices such as smartphones, tablets and PCs. There are really no reasons not to encrypt all data on smartphones, tablets, PCs; however, there are some major limitations of encrypting data at rest. Users and applications must be able read data in order to use it, consequently, when a user or application logs into the system the data must appear decrypted. This is both necessary and a major vulnerability because when a user or application logs in all data, even that data at rest that they have access to, becomes readable. So, if a user’s device or application is infected with a virus, malware, etc. and they log in all data on their system or systems they can access becomes available to the hacker.

    The last phase of data encryption is encryption of data in use, this is the weakest link. As defined in the previous encryption of data at rest section, in order to make use of data, it must be readable or decrypted. Many applications, database companies and cloud service providers are claiming different levels and characteristics of encrypted data in use; but, current technology does not make this completely possible. Encryption of data in use relies heavily on encryption of data at rest and in combination with strong authorization and access controls. By allowing only authorized users, limiting their access to the principles of least privilege and performing on the fly decryption of data upon access, companies are providing a minimal level of encryption of data in use.

    Based on the functionality of encryption within the different phases, it must be obvious that encryption is not a silver bullet for the protection of data.

    Encrypting data in transit can be compromised even if it is being performed across both internal and remote networks via the placement of malware on authorized devices that can eavesdrop or sniff data as it traverses the enterprise. Encrypting data at rest can also be overcome via the placement of malware on an authenticated device and it can also be bypassed by un-authorized users who illegally obtain valid user ids and password which have rights to view the data. The encryption of data in use with existing technologies uses the same but stricter rules as defined within the encryption of data at rest phase and therefore can be compromised in the same ways.

    Encryption is designed to provide an additional layer of data protection but complex authorization policies and strict access controls providing only the least amount of privileges necessary for a user to perform their functions are still required in the protection of data. If hackers get into a network but are unable to gain authorized access with valid credentials, encryption will protect data from being read, copied or manipulated. However, cyber incidents facilitated by gaining un-authorized access to systems using valid user credentials, such as phishing scams or social engineering, can allow hackers complete access to decrypted data.

    Check this out: Top Forcepoint Consulting Services Companies

    Weekly Brief

    loading
    Data Center Cooling Solution Company of the Year in APAC - 2025
    ON THE DECK

    Data Center 2024

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://data-center.apacciooutlook.com/ciospeaks/encryptionis-it-enough-nwid-559.html