Data protection is a large topic but can be broken down into some simple concepts.
At its core, data protection uses encryption (including hashing) and tokenisation. Encryption, which can be used for confidentiality, verification, and integrity of data while tokenisation is typically used in keeping confidential, by replacing sensitive data with a token, for example, online payments, where the system hides everything but the last 4 digits of your credit card. And like securing valuables, a key is used by encryption and tokenisation to ensure access is provided only to the key holder. As you can imagine a simple business has many more keys than your home and how many times have you lost a house key?
Firstly, the lifecycle of a digital key is more complex than just being in possession of a key or not, as defined in the key status below when it comes to the question of historical data, group shared, and ownership, being just the tip of the iceberg.
• pre-active (created but not used),
• active (used),
• suspended able to be active (not used for new but can be used for old),
• compromised not to be reactivated (not used for new but can be used for old),
• deactivated able to be active (currently not in use for new or old) and
• destroyed not to be reactivated (not used).
Apart from the lifecycle of a digital key but the safeguarding of the key which includes access, the distance the key is stored from the crypto engine that uses the key as well as the algorithm used is paramount to the success of your data protection strategy. With digital keys seldom working in isolation but having a two-level key hierarchy, being a master with several working keys, and for most organisations this means the use of a key management solution or KMS with its ability to automate, manage and monitor key usage at scale as well as provide a layer of access control.
But key management does not end with one KMS as keys can be used in a variety of solutions such as file encryption, self-encrypting discs, database encryption, and transaction signing from local solutions to multiple clouds. This is where a layered key management solution for large organisations is the best approach when taking control of native encryption, local key management, bring your own key, and several cloud key management solutions. Smaller users may only require one KMS in contrast.
And finally, why data protection is becoming so important is because it is being driven by compliance with the most relevant being POPI or protection of personal information. Government or the law is finally catching up to the internet with its sharing of digital information by introducing regulation for the good or more accurately the privacy of the people. Privacy regulation (POPI) has begun outlining a framework with requirements for the safekeeping of personal information and consequences for non-compliance.
When read for the first time, a framework does not dictate product or solution as these may change over time but focuses on the requirements of safekeeping which to the uninitiated may seem vague but come down to confidentiality and ensuring access is provided to only the intended which as you know by now is nothing other than encryption and tokenisation with a key management solution providing access control.
For further information on your data protection strategy, please contact firstname.lastname@example.org