This post is also available in: German
Data loss and theft, manipulation of data by outsiders who gain control over devices or systems, business interruptions, and extortion are all data protection related issues that are causing grave concern amongst IT managers as companies move to digitalize their business processes. Many of the related problems are the result of internal factors. That’s because companies without a well-conceived endpoint security concept are left fully exposed to ever-new forms of attacks launched by cybercriminals.
Lack of data protection means a high risk potential
Employees are being bombarded with vast amounts of data all the time and wherever they are, be it on a plane, at the train station, in a hotel, at home, or in the office. This means that the use of computers, laptops, as well as smart and IoT devices present a major potential risk for data protection.
The EU General Data Protection Regulation mandates that data be protected against loss by means of encryption and the logging of unencrypted data access. In spite of this, many companies are reluctant to roll out appropriate measures to protect data. That’s because they are concerned that employees will feel that they are unable to perform their work without being disrupted. Nevertheless, there is no way around the fact that data has to be encrypted.
Transparency in the flow of data
Endpoint security solutions such as special keys act as an additional layer of protection against data theft. They allow IT administrators to implement and enforce security policies. This is also the case with device loss or theft. That’s because data security ensures that thieves cannot get their hands on sensitive information. Using smart cards and eTokens is a further way to improve security in this area. In this case, the following types of encryption are advisable:
- Cloud storage encryption
- iOS and Android encryption
- Full disk encryption
- Local folder encryption
- Network share encryption
- Removable device encryption
In addition, multilevel systems protect against unauthorized data and hence reliably block cyberattacks. Here, software solutions must be able to analyze and classify real-time processes as well as data flows and storage across all levels. Likewise, it is necessary to ensure that encryption and decryption is not only possible on traditional workstations such as Windows systems, but also on macOS, Android, iOS, and similar systems, too.
More data protection through secure encryption
It is a general misconception that companies only need to secure communication when synchronizing data. The relevant synchronization service providers usually hold the encryption key, while the data itself is not encrypted. As a result, unauthorized persons and organizations, such as hackers, can gain access to the provider’s keys or to the data storage media directly. The most secure method is for companies to have the keys and encrypt data before synchronization.
They need to encrypt the data interfaces they use. And if at all possible, encryption should be file-based and on-the-fly. This offers the following advantages:
- Compatible procedure
- Companies do not need to prepare data storage media in advance
- No additional apps for authentication, decryption, and encryption
Consistent monitoring of endpoints ultimately allows for the implementation of enterprise-wide alerting capabilities that include automatic responses in the event of a threat. The principle behind it is as follows: IT systems monitor, log, and encrypt all data access at the endpoint. New technologies based on Machine Learning (ML) and Artificial Intelligence (AI) offer even more options here – and there are certain to be a number of new advances in the years to come. One thing we already know today, though, is that security concepts that do not address endpoint security are insufficient and incomplete.