Protection that travels with your data
Persistent strong encryption is the most effective form of data protection, preventing unauthorized users from accessing sensitive information no matter where files are located.
Unlike other forms of encryption, persistent encryption is applied to data itself, rather than to a storage location or transmission system. Information protected by persistent encryption remains secure throughout the entire data lifecycle, whether files are saved on servers, endpoint devices, removable storage, or in the cloud.
When is your data in the clear?
Encryption can be implemented many different ways, some of which leave data vulnerable to inappropriate access as it moves from user to user and device to device. Organizations should understand when their encryption software leaves data in the clear (meaning the data is not encrypted) in order to understand their exposure to internal and external cyber threats.
- Network encryption provides protection for data as it travels across a network. Data is encrypted while in motion from its origin to its destination, but remains in the clear on either side of the transmission, unless another form of encryption is used.
- Transparent encryption provides protection for data at rest. When transparent encryption is applied, the protection is removed before data is accessed, for example when an authorized user copies a file from a file server. This makes the encryption process "transparent" to end users, but also means data exists in the clear any time it is moved or copied from the protected location.
The two most common forms of transparent encryption are full disk encryption and file system encryption.
- Full disk encryption protects data at rest by encrypting all data on a hard drive or other storage device. However, this type of encryption only provides protection in the event that the storage device is physically stolen, because data on a drive is decrypted as soon as the device is powered on and accessed by an authorized user.
- File system encryption protects data at rest in specific locations, usually file or application servers. This method of encryption provides protection against access by outsiders and by unauthorized insiders, because only authorized users or applications can decrypt and access data in the protected locations. Smartcrypt TDE provides file system encryption for structured and unstructured data on Windows servers.
- Persistent encryption is encryption that travels with data as it is shared, copied, and moved from one system or user to another. Depending on whether the encryption is applied to structured data (fields in a database) or unstructured data (files on servers, laptops, desktops, and mobile devices), persistent data encryption can be categorized as either field level encryption or persistent file encryption.
- Field-level encryption is applied to specific columns or tables within a database. If encrypted data is exported for use in another location, the encryption travels with it, protecting it from inappropriate use. To preserve referential integrity, the length and/or format of protected data can be preserved during encryption. Organizations can use Smartcrypt Application Encryption to incorporate field-level encryption in their existing applications with only a few new lines of code.
- Persistent file encryption is applied to files on servers, user devices, and other locations, as well as email messages and other forms of unstructured data. Encryption can be applied on a file-by-file basis, or applied to all files within a protected folder. Persistent file encryption remains with files no matter how many times they are copied, shared, or moved, ensuring that only authorized users can access them.
Organizations that rely on non-persistent encryption may believe that they have protected their sensitive data against internal and external cyber threats, only to learn that their data has been compromised while in the clear.
PKWARE's automated technology finds, classifies, and protects data with persistent encryption in a single integrated workflow. PKWARE's encryption software works on every enterprise operating platform, including laptops, desktops, file servers, mobile devices, midrange systems, and mainframes, and allows authorized users to access encrypted data on any device.
Learn more about PKWARE's automated data security platform.Learn More