Step 4: Protect Data— in Motion, in Process, and at Rest
Encryption is an effective, well-established way to protect sensitive data because even if information is lost, it remains unusable. Encryption is critically important for protecting data covered by regulations and standards such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and Payment Card Industry (PCI). Increasingly, these and other regulations are encouraging—and specifying—encryption in certain usage scenarios. And the penalties for noncompliance are stiffer than ever. There are a number of ways to perform encryption, but typically it comes with a cost—what is often referred to as a performance tax. As an IT manager, you must to be able to justify the trade-off in performance with the requirement for secure data.
What Types of Data Should You Encrypt?
Data in motion Data in flight over networks (Internet, e-commerce, mobile devices, automated teller machines, and so on) Data that uses protocols such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), Internet Protocol Security (IPsec), Hypertext Transfer Protocol Secure (HTTPS), FTP, and Secure Shell (SSH) Data in process Transactional data in real time, such as encrypted fields, records, rows, or column data in a database Data at rest Files on computers, servers, and removable media Data stored using full disk encryption (FDE) and applicationlevel models
13 Intel IT Center Planning Guide | Cloud Security