Enquiry Online & Avail Free Service


Data security has traditionally been seen as a matter of locking down data in a physical location, such as a data center. But as data migrates across networks, borders, mobile devices, and into the cloud and Internet of Things (IoT), focusing solely on the physical location of data is no longer relevant.

To prevent disclosure of sensitive corporate data to unauthorized people in this new corporate environment, data needs to be secured. Encryption and data masking are two primary ways for securing sensitive data, either at rest or in motion, in the enterprise. They are important parts of endpoint security and any enterprise’s optimal security posture.

Encryption is the process of encoding data in such a way that only authorized parties can access it. Using homomorphic encryption, sensitive data in plaintext is encrypted using an encryption algorithm, generating cipher text that can only be read if decrypted.

In data masking, “fake” data replaces real data for users who should not have access to the real data, whether because of their role in the company or because they are attackers. Masking ensures sensitive data is obscured or otherwise de-identified.

Dynamic data masking can transform the data based on the user roles and privileges. It is used to secure real-time transactional systems and improve data privacy, compliance implementation, and maintenance.

With data masking, data is retained in its native form, and no decryption key is necessary. The resulting data set does not contain any references to the original information, making it useless for attackers.

How does encryption work?

Encryption scrambles data using no readable mathematical calculations and algorithms. An encryption system employs an encryption key generated by an algorithm. While it is possible to decrypt the data without possessing the key, significant computational resources and skills would be required if the encryption system is designed properly. An authorized recipient can easily decrypt the message with the key provided by the originator.

If the encryption key is lost or damaged, it may not be possible to recover the encrypted data from the computer. Therefore, enterprises need to set up rigorous key management processes, procedures, and technologies before implementing data encryption technologies. 

Organizations should consider how key management practices can support the recovery of encrypted data if a key is lost or destroyed. Those planning on encrypting removable media need to consider how changing keys will impact access to encrypted storage on removable media, such as USB drives, and develop solutions, such as retaining the previous keys in case they are needed.

Encryption can be applied to endpoint drives, servers, email, databases, and files. The appropriate encryption depends upon the type of storage, the amount of data that needs to be protected, environments where the storage will be located, and the threats that need to be stopped.

Public key encryption is one use of public key cryptography, also known as asymmetric cryptography. Digital signature, in which a message is signed with the sender’s private key and can be verified by anyone who has access to the sender’s public key, is another well-known use of public key cryptography.

Selecting encryption solutions

There are three primary types of encryption solutions: full disk encryption, volume/virtual disk encryption, and file/folder encryption. When selecting encryption types, enterprises should consider the range of solutions that meet their security requirements, not just the type that is most commonly used.

The top features that enterprises should consider when choosing an encryption system include centralized policy management, application and database transparency, low latency, key management interoperability, support for hardware-based cryptographic acceleration, support for compliance regulations, and monitoring capabilities.

There are many factors to consider when selecting storage encryption solutions, such as the platforms they support, the data they protect, and the threats they block.  Some involve installing servers and software on the devices to be protected, while others can use existing servers, as well as software built into devices’ operating systems. 

Unfortunately, encryption can result in loss of functionality or other issues, depending on how extensive the changes are to the infrastructure and devices. When evaluating solutions, enterprises should compare the loss of functionality with the gain in security capabilities and decide if the tradeoff is worth it.  Solutions that require extensive changes to the infrastructure and end user devices should generally be used only when other options cannot meet the enterprise’s security needs.

Encryption protocols

An encryption protocol is a series of steps and message exchanges designed to achieve a specific security objective.


To ensure compatibility and functionality, enterprises should use standard-conforming encryption protocols such as Internet Protocol Security (IPSec), Secure Socket Layer (SSL), Transport Layer Security (TLS), Secure Shell (SSH), Secure/Multipurpose Internet Mail Extensions (S/MIME), and Kerberos. Each has advantages and disadvantages. Some overlap in functionality, but each tends to be used in different areas.



L A Technologies Offers six tips for stronger encryption:

  • Do not use old encryption ciphers
  • Use longer encryption keys
  • Encrypt in layers
  • Store encryption keys securely
  • Ensure that encryption implementation is done properly
  • Consider external factors, such as digital signature compromise.


Cloud and IoT drive encryption adoption

Increasingly, enterprises are adopting cloud computing and deploying Internet of Things (IoT) devices to improve efficiencies and reduce costs. However, these technologies can pose additional risks to corporate data.

Encryption could help secure the data, but not many enterprises are opting for that solution. For example, only one-third of sensitive corporate data stored in cloud apps is encrypted, according to a survey of more than 3,400 IT and IT security pros by the Ponemon Institute and Gemalto.

At the same time, close to three-quarters of respondents believe that cloud-based apps and services are important to their company’s operations, and an overwhelming 81 percent expect the cloud to become more important in the near future.

Data encryption can be more challenging in the cloud because data may be spread over different geographic locations, and data is not on storage devices dedicated solely to an individual enterprise. One option is to require the cloud service provider to offer data encryption as part of a service level agreement.

Also, enterprises are increasingly using IoT devices, but few of them have security built in. One option to improve security is to encrypt the data that is transferred by IoT devices, particularly those that connect wirelessly to the network.

In sum, data encryption can be used to secure data at rest and in motion in the traditional enterprise environment, as well as the emerging environments of cloud computing and IoT deployments.

About Us

The 18-year history of L A Technologies Pvt.Ltd is one that speaks of the evolution of a company by a visionary, Mr. Lawrence Albert, and of its employees, who have helped businesses and governments apply information technology to achieve new levels of competitiveness and success.


© Copyrights 2010. All rights reserved. by / L A Technologiesindia.com