Six things you can do to protect your valuable data

Rana Gupta
Financial Chronicle

Safety is always uppermost on the minds of network and security professionals. They are familiar with the many encryption is stripped away, leaving the data in a plain-text format as it traverses the local area network, application servers, and databases.

Therein lies the vulnerability — it is easily readable at this stage of transit and in storage. At present, the most reliable way to provide this protection is through encryption that – instead of being stripped off at the web server — stays with the data as it travels or is stored in a database.

Encryption protection

If typical network caches and switches could read encrypted data, there wouldn’t be unencrypted data on the network. But caching and switching functions, which require reading packet data, cannot do so on encrypted data. There are data security solutions capable of caching and switching without leaving data vulnerable and unencrypted on the backend.

Application attacks

Recent attacks against e-commerce sites have proven the vulnerability of websites to exploitable URLs. Certain servers and third-party add-ons ship with exploitable holes installed by default. If URLs are left unblocked, an attacker can take advantage of these weak links to run scripts that provide unauthorised access to the web servers.

Private key

Keys are the foundation of all encryption-based security solutions. If a hacker, internal or external, gains access to your private keys, the security of your entire network is gone Not reduced — gone.

That’s a risk assumed by companies that store the web server’s private keys on the web server itself.

Servers are not secure due to the fact that anybody can connect to it, and typically a high number of MIS personnel have access to it.

The best protection against private key compromise is a superior combination of physical security and key management technology, including tamper-resistant hardware and the most stringent security standards throughout the private key lifecycle.

Identity, access risks

Offering access to a broader constituency creates its own IT challenges: how to identify authorised and unauthorised users; how to define and manage access to specific data systems; and how to ensure that those identities cannot be counter feited or altered.

It is essential to opt for those solutions, which can utilise digital certificates, a more secure method of identification than user IDs and passwords. To reduce the complexity of creating and managing certificates, the solutions have a built-in certificate authority, making certificate generation easy and efficient.

Misconfigurations

Network administration is rife with opportunities for mistakes: simple omissions, typos, or oversights that would go unnoticed in any another profession can spell security risks on a network and serious performance problems on a website.

For daily management, remote administration via the web interface is secured with 128-bit encryption via transport layer security or TLS to protect administrator commands.

The writer is business head, India & Saarc at SafeNet India