When data is in transit between applications, systems or locations it is best protected using appropriate technologies and standards taking into account confidentiality, integrity and availability. For example:
- User and Application / Browser and Server
- Administrators and Systems
- Application and Application / Server to Server / Site to Site
- IPSec VPN
- Application and Database / Server to Server / Site to Site
- Database Engine
- IPSec VPN
- Backup and System / Site to Site
- IPSec VPN
- Physically / Data to Drive
- diskAshur Pro2 SED
- DESLock+ Pro SW
… can be applied.
Please see SSL, VPN and Licensing for more details.
Although encryption at other levels is equally important, Encryption/Hashing and Encryption/Decryption of sensitive information is ideally first (after transit) handled by the application layer during input and output, even better if the user can control the keys; reducing the risks/vectors and potential impacts at all other levels.
Much like application encryption, but often handled within the database engine itself, table/column/field level encryption reduces the risks/vectors and potential impacts at all other levels.
File Level Encryption
Encryption of the files at the operating system level using supported software to encrypt a virtual folder, drive or set of files with decryption occurring on boot or mount until unmounted. This can be provided using the DesLock+ Pro and Enterprise Server licensed products through Pipe Ten’s partnership with ESET.
Full Disk Encryption
Much like File Level encryption full physical or virtual drive encryption at a software level with decryption on boot or mount, can be provided using the DesLock+ Pro and Enterprise Server licensed products through Pipe Ten’s partnership with ESET.
Self Encrypting Disks
In scenarios where critical privacy is required, self encrypting disks provide a hardware device level solution to data at-rest and can out-perform software based solutions. Pipe Ten deploys SED by way of diskAshur Pro2 SED coded storage to address DR scenarios where bulk data collection and physical transit needed, with enterprise server SED drives also supportable.
Pipe Ten has experience in the sourcing and configuration of Thales and similar HSM necessary for communication and transacting with financial markets, services and networks such as Faster Payments or SWIFT.
Last saved: 2021/05/04 at 16:18 by Gavin Kimpton