3n$rYpt!0N…Encryption under GDPR

encryption

The regulations are quite forth coming about what is needed in terms of encryption. In short, everything should be encrypted and this should be done to protect the rights and freedoms of those subject to data capture.

What this means is that data should not only be encrypted when at rest (on your server/computer/tablet) but should be encrypted in transit (via E-mail of file transfer) and should be encrypted during use. Now, we know this doesn’t sound easy. Managing Encryption of data when; At rest (AR), In Transit (IT) and In Use (IU) is a massive challenge for businesses who don’t currently have encryption, but this can be achieved using a number of products.

Planet IT are able to offer businesses the following products, which we believe will tick as many of your security and data compliance boxes:

  • – Sophos Safeguard Encryption
  • – Bitglass
  • – BitLocker and FileVault
  • – Microsoft Office 365 Security and Compliance Centre

Sophos Safeguard Encryption

Sophos’ safeguard encryption places all created files on a system under an encryption that can only be reversed by someone using the same software whom has access to the file. This really is as simple as it sounds and is a great option for any business trying to become GDPR Compliant. Looking at the demo of Sophos Safeguard Encryption the protection it provides to documents both IU and AR are unparalleled.

Providing not on file level protection but whole system protection through BitLocker or macOS’s File Vault. This is unlike any other product on the market, leveraging the built in OS technology to maximise the provided protection. On top of all this, it can provide protection to files transferred off the system via USB, file share or to the cloud.

If you are a Sophos customer using one of their other products this move makes perfect sense, it seamlessly integrates with their desktop protection products (Antivirus and Intercept X) and their network protection units like the SG and XG line.

You can find more information here https://www.sophos.com/en-us/products/safeguard-encryption.aspx

Bitglass

Bitglass is a different technology to Sophos and comes from the traditional space where firewalls and content protection would of sat, or for those in the technology space CASB (Cloud Access Security Broker). This technology is designed to leverage antivirus/anti-malware (provided by Cylance), Access Control, Data loss provision and Visibility on a single platform. Bitglass can sit onto any cloud service and apply itself to your data source.

Bitglass offers a great platform for anyone who is based completely in the cloud and has very stringent data protection or legal compliances to abide by. However if your business is focused on mobility and home working, this platform presents more issues than its worth.

Bitglass can be found here https://www.bitglass.com 

BitLocker and FileVault

Both BitLocker and FileVault are tools built into your modern operating systems BitLocker is available for free inside Windows 7 (Enterprise and Ultimate editions), 8(Pro and Enterprise editions), 8.1 (Pro and Enterprise editions), 10 (Pro, Enterprise, and Education editions) and FileVault is free inside macOS and OS X (10.3 or higher).

This software is disk level encryption, the basis of its operating is as such. The data or the hard drive is encrypted in such a way that only the hardware that performs the encryption can reverse it and open the files, this means that if your laptop or desktop hard drive is removed and placed into different hardware to be read it will fail. This technology is critical for any business which allows it’s devices to leave site. Businesses cannot risk having hardware containing business-sensitive data roaming freely around without basic levels of protection in place.

BitLocker can also be used to encrypt mobile storage, like USB, External Hard drives and memory cards. However it is worth noting that if you use this technology on a external drive, it cannot be read on a non Windows 7 (and above) PC, which can cause compatibility issues with macOS and Linux.

Other points of note with BitLocker and FileVault is that this technology can be leveraged with other platforms like Sophos Safeguard to increase the device protection, above those offered by the software platform alone.

More information on BitLocker can be found here https://technet.microsoft.com/en-us/library/cc732774(v=ws.11).aspx

More information on FileVault can be found here https://support.apple.com/en-gb/HT204837

Microsoft Office 365 Security and Compliance Centre

This solution offers nearly all the features of Bitglass but in a less intrusive way, it allows you to leverage all the features of Office 365 and the Azure platform.

With data classifications, Data loss prevention, data governance and threat management, this tool offers all the pieces of the puzzle that you need to meet GDPR compliance and its only getting better by the day. The way that Microsoft have set up Office 365 means your constantly receiving new features and improvements and this shows up massively in the Security and Compliance centre. Microsoft have a clear GDPR road map for Office 365 and the platform will give you all the protection you need for your data (that is stored on Office 365) from this tool.

Warning! This takes some time to configure and may require specialist support to ensure the data is being handled correctly, however the 0 cost option is always one preferred by businesses.

My personal view on this toolset is don’t run off buying a product like Bitglass until you have given the Security and Compliance centre a run for its money, as it is more than likely going to give your compliance team the piece of mind they need.

More information on Microsoft Office 365 Security and Compliance Centre can be found here https://technet.microsoft.com/en-GB/library/dn876574.aspx

For more information on GDPR or IT security and support solution for your business in general, give our Planet IT team a call today.

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.