Data privacy laws such as HIPAA require that sensitive information be secured using adequate Encryption methods when at rest and in motion. And good general practice for all information that you really don’t want to see posted on Facebook is to encrypt it.
Protection Against Theft, Loss, & Prying Eyes
Typical Data Storage is Unprotected
You’ve got your tax records, sensitive business documents, embarrassing photos, and private love letters on your laptop. And you’ve got a Windows password. Protected right? Wrong.
Any thief can pop that hard drive out of your computer and read it from a separate computer in minutes.
Encryption Adds Strong Protection
Data that is properly encrypted can’t be read without the correct password. A thief or unwanted viewer would need to guess your password / pass phrase to see the data. And the longer the password, the longer it would take a hacker to break the code.
Encryption Methods
All encryption methods follow the same general technique of using sets of Keys. The way they are created differs and the strength of the keys differ, but the results are the same. Without the proper encryption passwords or pass phrase, data looks meaningless. A simple sentence will appear as gibberish computer characters.
Strong protection is can be put in place wherever your data resides: personal computer hard drives, server data storage, cloud storage, cloud databases, mobile phones, email, thumb drives, etc.
And there options for to encrypt at a File level, Folder level, or Drive level depending on the system.
Compliance with HIPAA for example calls for avoiding certain encryption types and using others. What strength and what cypher types are allowed? That’s a great question for our Compliance Team.
Zero Knowledge
This comes into use when we look at 3rd party services like Dropbox or LastPass. Data that is stored “in the cloud” on Dropbox servers is relatively secure. Their data centers have physical security, cameras, and the like that most large data centers have. But your data could be viewed by their technicians or by government authorities that demand access.
Zero knowledge means that the service that stores or moves your data can’t read it. Lastpass is an example of this. Lastpass is a cloud based system for storing all those passwords you can’t remember. When your data is stored their it is encrypted in a way that prohibits their people or anyone else from viewing your information. They have “zero knowlege” of your real info.
So, if you want to use the super convenience of Dropbox, but want to keep your stuff truly private, you need to either pre-encrypt your files yourself, or add a service to automatically pre-encrypt files before they are shared in Dropbox. This gives you Privacy and Cloud convenience.