The Företag Group
The inner workings of data encryption
Data security protocols include components such as firewalls, networking, backup, multi-factor authentication, physical security, and much more. We offer multiple layers of protection in our encrypted server hosting solution. Data is encrypted when it is transferred between clients and our servers. Data is also encrypted when it is stored in our data center.
As a leading data protection provider, per default, all data stored on our servers are encrypted.
No matter what type of file is stored on our servers, whether it is a database, operating system, or application data, everything will be encrypted by default using AES 256-BIT XTS encryption.
AES
Advanced Encryption Standard (AES), developed by NIST, is a popular widely used public encryption standard. Known for being remarkably resilient against attempted breaches, AES is used by security services, governments, financial institutions, and other organizations around the world.
AES is regarded as one of the most robust encryption methods in existence. Data encrypted following this method will demand multiple security keys to retrieve the data in its original form.
256-Bit
Data breaches occur when bad actors employ brute force by using all possible key combinations to force decryption. In response to this threat, 256-bit encryption emerged.
With this approach to encryption, every bit you add will double the number of possible keys creating an infinite number of key variations. As the time and computing power to try all the different key variations are staggering, it would take over a billion years to break even a 128-bit key.
XTS
AES can be described as a “block cipher” where the data is divided into 128-bit blocks before scrambling it with 256-bit keys. In this scenario, disks store data in a particular way, and disk sectors are divided into blocks which are the same size as blocks encrypted by a block cipher.
The scrambling process involves 14 different rounds of encryption to ensure that your data remains truly unrecognizable. Organizations that use XTS block cipher mode are guaranteed full disk encryption.
How do you encrypt data at rest?
When data is stored in data centers, it needs to be secured. To achieve this, we encrypt sensitive information stored in physical servers, cloud servers, and in virtual data centers.
Encryption of physically server
Artmotion's approach to encrypted hosting employs HPE Secure Encryption for both local and remote deployments. Local Key Management mode enables a single server deployment.
Additionally, Remote Key Management mode provides for central management of enterprise-wide deployment. Key features include Broad Encryption Coverage, HPE Secure Encryption, Secure Encryption Software, High Availability and Scalability, and Simplified Deployment and Management.
Encryption of cloud servers and data
Data At Rest Encryption (DARE) prevents data visibility in the event of theft or unauthorized access. It is essentially the encryption of data that is stored and not moving through networks.
With our approach to DARE, cloud servers have an option of offline backups with military-grade protection. Transparent Data Encryption is used when no changes are made to the application logic or schema. DARE is deployed for DB2, MySQL, and Oracle databases.
Encryption of a virtual data center
The virtual data center won't store sensitive data in a central location. Instead, we use industry-leading security tools to break up network data files and spread them across multiple nodes.
As each storage group will be encrypted with its own private key, it will be impossible for any other node that is participating in the network to achieve total data visibility. This process is known as "sharding."
Whether you're working with one or a 100 virtual servers, we can secure it efficiently.
How do you encrypt data in motion?
Data in transit demand robust protection as it can be exposed to a variety of threats. To secure data during a transfer, we encrypt sensitive information before moving and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc.) to protect the contents of data in transit.
SSL
Transfer encryption secures the connections between servers and clients. This uses standard TLS, a secure communication protocol used by HTTPS (also called SSL).
Secure Sockets Layer or SSL is an industry standard security protocol for establishing encrypted links between a web server and a browser in online communication. Whenever SSL technology is used, you can rest assured that all data transmitted between the web server and browser remains encrypted.
Encrypted VPN
An encrypted Virtual Private Network (VPN) enables users to send and receive information through networks securely.
This technology essentially creates a secure tunnel between two devices (typically the server and the client) where the data is encrypted when entering the tunnel and decrypted when it exits the tunnel.
Custom encryption
Our in-house security experts can also deploy highly customized data encryption solutions based on your specific business needs. So if you require custom encryption, we can help you achieve your security goals.
You can also apply your own approach to data encryption
In addition to the options listed above, clients can also use server-side encryption and install any encryption software such as Bitlocker for Windows or GnuPG for Linux. By default, these approaches leverage AES encryption algorithms in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key.
All our data encryption solutions leverage AES 256-Bit XTS. However, our Encrypted Virtual Datacenter solution uses a process known as data sharding to protect your sensitive information.
Regardless of what you choose for your business, you can count on enterprise encryption to secure your digital assets. What is more, you won't need to make any changes to your current operating system or applications.
However, if your organization demands policy-based encryption, we can also support that by deploying a variety of randomly generated Disk Encryption Keys (DRK) across each physical disk.
Hard disk encryption is critical to data security: here's what you need to know
Hard disk encryption is critical to data security: here's what you need to know
The exponential rise of cybercrime has led to the growth of encryption solutions. At the same time, there has been a push back from governments. Let's explore what hard disk encryption is and why it's critical to business relevance.
In recent weeks, there’s been much talk about encryption. Ever since the Trump administration started their campaign against cryptography, even the mainstream media has started exploring this topic.
However, this is only the beginning. As our digital security grows more critical by the second, you can be sure to hear a lot more about it.
This is because encryption is now vital to protect sensitive personal and business data. But before we get ahead of ourselves, let’s define it.
What’s encryption?
The original idea behind encryption isn’t limited to technology. It was first used by ancient communities in Egypt and Greece to encode secret messages that couldn’t be read by “the enemy.”
Today, encryption can be described as a method of turning plain text into a scrambled unintelligible format (known as cipher) by leveraging different algorithms.
So even in the event of a data breach, that information will not be accessible to hackers. In this scenario, you can’t decipher the encoded data without a decryption key.
Encryption is now widely used across the following industries:
-
Cloud storage
-
Communication apps
-
E-commerce
-
Healthcare
-
Online banking
What are the key benefits of encryption?
The primary benefits of encryption are privacy and robust security. Encryption solutions can be used to secure data at rest (where it lives) or in motion (when it’s in transit).
This approach ensures that the data is unreadable even if hackers compromise it while it’s in transit. At present, there’s no better method of ensuring data privacy and security.
The Advanced Encryption Standard (AES)
As cybercrime grew exponentially, governments had to step in to improve security standards against advanced hacking techniques. Today, the top-security standard is AES, and it was set up by the U.S. National Institute of Standards and Technology.
AES has a strong reputation for its resilience to cyberattacks. When data is encrypted following the AES approach, multiple security keys will be required to retrieve the data back in its original form.
So it’s no surprise that it’s the go-to tool for used by security services, governments, financial institutions, and other leading multinationals.
256-Bit
256-bit encryption can be described as a process where data or files are encrypted by leveraging a 256-bit key to achieve total encryption. It’s more secure than previous incarnations that used 128-bit and 192-bit encryption algorithms.
This is an effective response to multi-pronged brute force attacks because every bit that’s added will double the number of possible keys. As a result, there will be an infinite number of key variations generated to help secure sensitive information.
It’s highly effective because the time, resources, and sheer computing power needed to try every possible key variation would take over a billion years (and that’s to breach a 128-bit key encryption).
XTS
The AES approach to encryption is called block cipher. In this scenario, data is divided into 128-blocks before it’s scrambled with 256-bit keys.
When you follow this method, the disks will store data in a particular way, and disk sectors will be divided into blocks. These will be the same size as blocks encrypted by the block cipher.
When you follow the XTS approach, the scrambling process will include 14 rounds of encryption to make data completely unrecognizable. So whenever you leverage XTS block cipher mode, your organization will benefit from guaranteed full-disk encryption.
AES 256-Bit XTS
The AES 256-Bit XTS approach to encryption ties all these robust security solutions together. As described in the NIST special publication SP 800-38E, the XTS algorithm will be used to encrypt data on the drive platter.
When sensitive data demands extra levels of protection, the go-to approach to data encryption is AES 256-Bit XTS data encryption.
Below you will find some examples of how AES 256-Bit XTS is applied to encrypt portable drives, server disks, and servers:
Portable disks
Anyone can encrypt a portable disk. But if this proves to be a challenge, you can use the services of third-party providers.
Robust encryption can be deployed across storage devices like the following:
-
Flash Drives (USBs)
-
Hard Disk Drive (HDDs)
-
Solid State Drives (SSDs)
Server Disks
AES 256-Bit XTS encryption can also be deployed across server disks. You can encrypt the data at rest on the physical hard drive, seamlessly. You won’t need to set up any additional Hardware Security Modules or Key Management Servers.
HPE Secure Encryption is a leading security solution that’s used to secure data at rest. It’s the perfect tool for bulk storage hard drives and SSDs (as long as they’re connected to a compatible HPE Smart Array Controller). The encryption and decryption keys can be efficiently managed at a BIOS level.
What about virtual servers?
This same approach to encryption can be deployed seamlessly on virtual servers leveraging robust security tools like vSAN encryption.
Alternatively, you can also use logical volume hard disk encryption software from the likes of Bitlocker to secure your sensitive data. It’s a popular encryption solution that comes with recent versions of the Windows operating system.
On the cloud, all these different encryption methods can be deployed to secure personal and enterprise data. This is because although it’s called the “cloud,” your data will live in secure data centers on physical hardware.
While governments might want to access your sensitive data under the guise of national security, it's essential to consider the fact that any backdoor will also provide an opportunity for hackers to steal your personally identifiable information.
That's why encryption remains the only viable solution that can help keep both enterprise data and personal data safe and secure.
To learn more about how encryption can help ensure the security of your digital assets, schedule a call with one of our in-house data security experts.