The governance of data with encryption-decryption
Javid Ur Rahaman
Vice President, Chief Architect | Cloud & AI Platform Engineering for Retail, Supply Chain, Federal & Public Sector
Introduction
Data Governance is the practice of controlling and protecting information in an organization. Data governance helps companies ensure their data is secure, reliable, ready for analytics, and compliance-ready. The goal of a data governance program is to consistently apply best practices across your organization so that you can have the correct data at the right time to make better decisions based on facts rather than assumptions.
Data Governance and Encryption Decryption
Encryption is a method of protecting data by transforming it into a form that can be accessed only by those with the encryption key. The purpose of encryption is to prevent unauthorized users from accessing data, but it can also be used to protect data at rest and in transit.
Encryption protects against unwanted access to information stored on physical media like hard drives or laptops and transmitted over network connections such as the Internet. Data must always be protected at all times: when stored, while being transmitted over networks, and when actively being used by users (e.g., when a credit card number is entered into an online order form).
Many organizations use encryption on both fixed and removable drives because they want to prevent unauthorized access from occurring at any point during the lifecycle of their sensitive information—from creation through destruction—and they want this protection regardless of whether someone physically steals an encrypted drive or snoops around inside it while plugged into a computer’s USB port (or even after unplugging).
Encrypted data is meaningless. It cannot be audited for compliance with the governance rules. This conflicts with data governance programs that seek to ensure data resides in appropriate environments, are used appropriately and comply with regulatory requirements. Encrypted data is meaningless. One must find out if data has been improperly used or transferred.
Data governance is about ensuring that company data resides only in appropriate environments, is used appropriately, and complies with regulatory requirements. One way this can be achieved is through encryption, which can make it hard to determine if data has been improperly used or transferred. Encryption is beneficial for security, but it creates a dilemma for data governance programs: encrypted data cannot be audited for compliance with the governance rules. As a consequence, encrypted data cannot be audited for compliance with the rules of governance. Data governance programs ensure that company data resides in the right environment in compliance with regulatory requirements. By using encryption, one cannot tell if one's policies have been followed by others (the receiver) since they appear as meaningless ciphertext to them, but not to you as the sender!
领英推荐
How do we resolve this dilemma?
As you can see, encryption is an essential part of data governance. It protects your data from unauthorized access, damage, loss, and disclosure.
The challenge is implementing encryption without getting in the way of your business requirements. This is where key management comes into play—it provides a secure method for managing access to encrypted data while allowing users to work with it as needed.
First, be aware of the issue. Be sure to pay particular attention to the location of encryption keys and other metadata about the encrypted data. In addition to monitoring the types of encryption used, look at the strength of the encryption algorithms employed, particularly as they relate to risk. The stronger the cryptography, the more difficult it will be for anyone to decrypt and access your data without your knowledge. Do not allow yourself or your organization to become complacent with weaker cryptography just because it might be more accessible.
First, be aware of the issue. Look at the strength of the encryption algorithms employed. The more robust cryptography, the more difficult it will be for anyone to decrypt and access your data without knowledge. Do not allow yourself or your organization to become complacent with weaker cryptography just because it might be more accessible.
Look at all aspects of your encryption program to include it in your Data Governance program.
Encryption is a valuable tool for data governance because it can be used for compliance, protection from unauthorized access and modification, or both.
Conclusion
While we’ve discussed data governance, many other security aspects must be considered when working with encrypted data. You may be concerned about whether your encryption program will meet regulatory compliance requirements such as HIPAA or PCI DSS. If so, evaluate products based on their ability to meet those standards. Another thing to consider is whether or not the technology used for decryption supports critical management and storage following regulations such as GDPR.