The enterprise and all business is getting encrypted, are you? Encrypting your files, folders and all data is a key component of securing your business against bad and malicious actors, hackers, governments, and competitors. Many companies are wide open and vulnerable to having all of their data legally and/or secretly stolen by third parties.
With the right help and guidance you don't have to worry about what encryption algorithms like PGP, AES, RSA are.
It is impossible to understand what the word encryption means, not by definition, but effectively. For example Whatsapp, who is owned by Facebook, and is under government supervision, claims "End To End Encryption". That may be true, but they control the network and the keys. Whatsapp may be encrypted, but it is effectively defeated because Whatsapp controls the network, and can still decrypt your data at will and by law.
Are these services safe (samples but not comprehensive):
Just ask yourself, is it a free service? It's probably not safe.
Whether paid or free, is it a huge corporation? It's probably not safe.
Is it US based? Probably not safe even with the best intentions.
- Whatsapp. No
- Facebook. No
- iCloud. No
- Outlook. No
- Gmail. No
Can't I just use encryption on my Google Drive, Dropbox or similar?
Yes you can and this enhances your data security significantly. However, keep in mind that the data is still stored under the control of US based third parties. Nothing stops a third party from obtaining the encrypted files and trying to decrypt them. The first line of defense is to try and make sure no one has access to the data, even in encrypted form.
And no, using SSL encryption for your web site or e-mail or other services does not qualify as fully encrypting your data but it does reduce and prevent the chance of it being decrypted during transmission.
The solution to having safe secure data, e-mails and files is to make sure you control your own network, data and server. Encryption is only as strong as the weakest link, so cut out the weakest link by putting yourself back in control of your data.
All you need are some secure and fully encrypted Cloud or Dedicated Servers running Linux.
How can someone legally steal my data?
In many countries it is possible to get a court order to obtain your data, including third parties over business disputes or other allegations even if they are not truthful. It could be a wide dragnet campaign where an unrelated issue is used as the reason.
In many countries, government agencies and authorities can compel providers to allow access to your data. This is where the encryption part comes in handy.
Why do I need encryption when our company has a firewall and secured our servers?
Firealls and public facing security, are just a single line of defense that don't protect against unauthorized physical access to your data. In the case of many large server and cloud providers, they often already co-operate with authorities to provide this access without disclosing it to you. The first thing you can do is to avoid extremely large firms and providers that are most likely to be under government supervision or control.
There is also the possibility that you or another utility that you use exposes your data by storing encrypted copies initially and then encrypting them, which would make it possible that your data could be compromised with little or no effort. Even if you delete your non-encrypted files, it is possible and often the case that such a provider will still internally keep a copy of that data even though it is deleted from your view.
Going fully encrypted is the best way to keep your data safe from prying eyes. We all know that you have to secure from the public such as public facing services like databases, CRM, e-mail, web services etc.. But as mentioned earlier, a lot of times the most efficient way for a third party to get your data is to gain physical access to your server, hard drive(s) or VM (Virtual Machine) / VPS (Virtual Private Server) Cloud images. From there it is a simple mount and copy and they've got all of your private company and client data.
Isn't encryption a very complicated and technical thing to enable on a Dedicated Bare Metal Server or Cloud VPS?
Admittedly so, it is tricky, but most experienced Unix/Linux sysadmins (System Administrators) should be able to do this but there are extra layers and barriers to maintenance. This is why we recommend that our clients setup a standardized OS image, template and system to maintain and deploy these servers.
In general, an encrypted server that we would deploy is not much more different than a tradtional server, aside from the fact that the entire contents are encrypted and if anyone steals the hard drive or image, they would not be able to decrypt it (unless you have a very silly and easy to guess decryption key!).
The security that you gain by having an encrypted server is well worth a few extra steps that it takes to run the server, but again, admittedly is what often stops companies from migrating to encryption.
How can I practically achieve this?