Navigant's Cyber Risk and Information Security PracticeLearn More


Enterprise Encryption20 July 2017

Email Security, IT Security, Risk Management

With large data breaches occurring frequently, it is important for companies to consider encryption to protect sensitive information. Encryption, in a general sense, is the encoding of data so that only people who have a shared key can access the information. Information stored in an encrypted document is generally unintelligible otherwise.


Computers encrypt data to certain standards, some of the most common being AES, SHA, and RSA; These protocols support certain levels of security whether they use 64-bit, 128-bit, or 256-bit keys. In 1997, a project was launched to crack a 64-bit RC5 key, and it took 30,000 computers 5 years to accomplish. While computing technology has improved, encryption has also improved. It is 725 billion times harder to crack a 128-bit key than cracking a 64-bit key, therefore, cracking higher levels of encryption is thought to be effectively impossible.


Common products used for data encryption are Microsoft’s Bitlocker and TrueCrypt. McAfee.Symantec also offer enterprise level solutions.


One of the key elements to maintaining encryption at an enterprise level is key management. It is important to keep keys as separate as feasible from the data that they are encrypting. Best practices dictate that they should be on a different segment of the network from the machine holding the encrypted information. It is also important to limit access to keys to prevent unauthorized access to sensitive information on the network. Many 3rd party services are available to streamline key management including Amazon Web Services’ relatively new offering.


It is also important to ensure that sensitive data is secure while in transit. This can be accomplished by ensuring that web pages have valid SSL licenses and are using https. Individuals can use virtual private networks (VPNs) to obfuscate their traffic from prying eyes and keep sensitive data within the corporate network even when working remotely. It is a best practice to have outbound data be encrypted when it reaches the network firewall.


If your organization would like to discuss its unique cyber security threats and risk exposure, please contact COMPASS at 667-401-5108.

Work With Us Learn How