Encryption as a solution

What is encryption?

Encryption is the process of encoding information in a way that prevents unauthorized parties from being able to read it.

Key length and encryption strength

Encryption strength is most commonly equated to key length (bits) and the encryption algorithm used. The simplest way to defeat encryption is to try all the possible keys. This is known as a brute-force attack, but longer keys have made this approach ineffective.

To brute force a 128-bit AES key, every one of the roughly 7 billion people on Earth would have to check 1 billion keys a second for around 1.5 trillion years to test every key.

– ESET (https://encryption.eset.com/gb/#solution).

So attackers do not typically try to reverse-engineer the algorithm or brute force the key. Instead, they look for vulnerabilities in the encryption software, or attempt infect the system with malware to capture passwords or the key as they are processed.

To minimize these risks, you should use an independently validated encryption product and run an advanced, up-to-date anti-malware solution.

How does it work?

Encryption is applied, most commonly, in two different ways:

Encrypted storage – often referred to as ‘data at rest’ – is most commonly used to encrypt an entire disk, drive or device.

This type of encryption becomes effective only once the system is stopped, the drive ejected or the encryption key blocked.

Encrypted content – also referred to as granular encryption – means, typically, encrypting files or text at the application level.

The most common example is email encryption, where the message format must remain intact for the email client application to be able to handle it, but the text body of the email is encrypted along with any attachments.

What do I need from encryption?

While key length and the range of software features are important, they do not tell you how well a product will perform from the user’s point of view – or from the administrator’s.

FIPS – 140 Validation

The most widely accepted independent validation is the FIPS-140 standard. If a product is validated to FIPS-140 then it is already more secure than most situations demand and will be acceptable under the GDPR and other regulations.

Management of Encryption Keys

One of the biggest usability challenges is how users are expected to share encrypted information. There are two traditional methods:

Shared passwords, which suffer from being easy-to-remember-and-insecure or impossible-to-remember-and-secure-but-written-down-or-forgotten

Public-key encryption, which works well across smaller workgroups with no or low staff turnover, but becomes complex and problematic with larger or more dynamic teams.

Using centrally-managed, shared encryption keys avoids these problems, with the added bonus of mirroring the way that physical keys are used to lock our houses, apartments, cars, etc. Staff already understand this concept, and it only needs explaining once. Coupled with a premium remote-management system, shared encryption keys strike the optimum balance of security and practicality.

Ease of use for non-technical users

There will always be situations where your employees will need to decide whether or not to encrypt a document, email, etc. It is vital that they are able to use the software provided and can be confident that encrypting data will not lock them – or authorized recipients – out.

Remote management of keys, settings and security policy

To avoid staff having to make security decisions, encryption can be enforced everywhere – but this tends to restrict legitimate business processes and can stifle productivity. The inclusion of a remote management capability – one that allows changing of encryption keys, functionality or security policy settings for remote users, who typically represent the biggest security issue – means that the default settings for enforced encryption and security policy can be set higher without limiting normal processes elsewhere in the business.

What’s the solution?

 ESET Endpoint Encryption What ESET Endpoint Encryption offers

Encrypting the personal data in your systems can help satisfy many requirements of the GDPR. ESET’s solution is powerful, simple to deploy, and can safely encrypt hard drives, removable media, files and email.

ESET Endpoint Encryption allows you to meet data security obligations by easily enforcing encryption policies while keeping productivity high. With low help-desk overhead and short deployment cycles, no other product can match ESET Endpoint Encryption for flexibility and ease of use.

The client side requires minimal user interaction, improving compliance and the security of your company data from a single MSI package. The server side makes it easy to manage users’ and workstations and extend protection of your company beyond your corporate network.

  • Simple and powerful encryption for organisations of all sizes safely encrypts files on hard drives, portable devices and sent via email.
  • Certification: FIPS 140-2 Validated 256 AES encryption for assured security.
  • Hybrid-cloud based management server for control of endpoint encryption keys and security policy.
  • Support for Windows® 10, 8.1, 8 including UEFI and GPT, 7, Vista, XP SP3; Microsoft Windows Server 2003 – 2012; Apple iOS.
  • Algorithms & standards: AES 256 bit, AES 128 bit, SHA 256 bit, SHA1 160 bit, RSA 1024 bit, Triple DES 112 bit, Blowfish 128 bit.