Data Encryption 3.0 & GDPR
Requirements for 21st century enterprise data security
In May 2018 the General Data Protection Regulation (GDPR) comes into effect. From then on companies have to encrypt their Personal Identifiable Information (PII). Otherwise they face severe penalties. In the worst case, these penalties can amount to up to 4% of the world’s total annual turnover or 20 million euros (almost £18 million).
That’s why eperi has 5 hands-on tips for an up-to-date enterprise data security:
- Database encryption is not data encryption. The data itself has to be encrypted, not just the database. This way, it cannot be compromised by database admins or theft. Unencrypted sensitive data must not leave the enterprise.
- The entire cryptographic key life circle (generating, assigning, editing, deleting) should be managed by a small number of highly loyal enterprise members. Key data must not leave the enterprise or be shared with developers/vendors of applications or security solutions.
- Only Open Source based encryption allows to completely test for weaknesses and backdoors.
- Have the end user in mind and don’t break application functionality while encrypting sensitive data. Use a highly customizable solution that allows users to decide on a field level what data is encrypted, tokenised or left unencrypted.
- No compromises: Do not use solutions that skip steps of the encryption algorithm to retain application functionalities (search, sorting). They are just feel-good measures and do not provide any real security.
Elmar’s career in IT security started with the transformation of the credit card system of the 90s when his team notified banks that PIN number for cards could be extracted from the code on the magnetic strip due to lack of encryption. From there, he had a successful career at IBM managing global IT projects and changing the way companies do business today. He founded eperi in 2003 and ten years later launched the eperi Gateway for cloud data protection based on the highest standards of open source encryption that was developed with the German Federal Office of Information Security.
Elmar loves nothing more than to eat, drink and code with his friends and whole heartedly believes in the power of open source. His business was recently awarded Microsoft Partner of the Year for the Open Source on Azure category.