Encryption for Information Protection

A. Introduction

Nowadays, data protection is not only a corporate governance issue, but also a law compliance one. Losing sensitive data can lead to severe consequences both to the affected parties as well as to the organization. If data leakage is caused by your overlooking, negligence, or improper protection, you will be held responsible. Sensitive data such as personal information, financial information, human resource matters, research works, product designs, and so on are invaluable and/or private. They should be secured at all times to protect their integrity and confidentiality.

There are many different security protection mechanisms, and besides physical protection, data encryption is perhaps the simplest, most effective, and commonly used one. The following are the most recent data encryption technologies and solutions for meeting different data protection needs.

B. Encryption for Data at rest

  1. Encrypting Office document by setting protection in MS Office
  2. Encrypting PDF documents using Adobe Acrobat Professional
  3. Encrypting with BitLocker To Go for removable devices under Windows 7
  4. Encrypting using FIPS compliant USB devices
  5. Encrypting with BitLocker for disk volumes under Windows 7
  6. Encrypting with SecureZIP for files and folders

You will need to use these different approaches in different occasions:

  • Always encrypt sensitive documents. Using the built-in features of the latest version of MS Office and Adobe Acrobat Professional with strong passwords will address most of the information leakage risks (solution "1" and "2" above).
  • Always encrypt disk volumes of mobile computers and shared PCs. BitLocker is particularly designed for this type of protection (solution "5").
  • Always encrypt removable media (for example, USB flash drives). BitLocker To Go covers the protection of these devices (solution "3"). However, if you still have not upgraded your PCs to Windows 7 or Windows Vista, you may have to choose a thumb drive supporting FIPS compliant encryption for the protection (solution "4").
  • Commercial products such as SecureZIP (or open source utilities) may be needed for encryption of folders and files of other file types. (solution "6")

C. Encryption for Data in motion

Although this document focuses on the encryption support for data at rest, various means of encryption protection for data in motion are mentioned below for completeness:

  • Always use SSH and SFTP for remote access and file transfer
  • Use HTTPS for filling in forms and account login, and use HTTPS for other access when there is a choice
  • Use VPN service when accessing systems involving sensitive data
  • Use SSMTP service when accessing Email service for sending Email from a public network
  • Always choose 802.1x (WPA/WPA2) for Wireless LAN connection whenever it is supported

D. References

csc@cityu.edu.hk