Transporting Data Securely
In our January 2013 newsletter, Stephen Santee gave some excellent guidance in setting up a Mobile Media program. This was followed up in February 2013 with Carrie Straka providing statistics of the dangers of malware and mobile media. However, what is a way to securely transport data and protect it in case the medium of transport is compromised? The answer is encryption. There are many types and levels of encryption available. Once the type and level of encryption are selected, there are several ways to transport your data using encryption.
This method is used when you have a lot of data going back and forth over an unsecured network such as the internet. It creates a private “tunnel” of information between communicating parties. This is mainly used by people that work in a home office and have a need to connect back to a corporate network.
Example Technology: Virtual Private Networking (VPN)
Possible Drawbacks: (Depending on how it is implemented) Slows down overall communication; a limited number of connections can be made
This method is used when you need to send secure messages over an unsecured network. This allows the entire email, including attachments, to be protected. This is commonly used to share information securely between two companies that have a non-disclosure agreement in place or between executives within the same company.
Example Technology: PGP Email Plug-in for Microsoft Outlook
Possible Drawbacks: Both parties must be using the same software and method of encryption as solutions are not standardized well
This method is used when protected information is contained with files. These files, once protected, can be transported by any normal means.
Example Technologies: Microsoft Document Encryption, Adobe Document Encryption, Compressed Files Encryption (zip, rar, etc.)
Possible Drawbacks: (Depending on how it is implemented) Can be easy to break in and steal information; Parties communicating must share and keep up with encryption password
This method is used when you have bursts of data to transport over an unsecured network such as the internet. It creates a private “tunnel” of information between communicating parties. This is mainly used to upload and download files on an as-needed basis.
Example Technologies: Secure copy (SCP), FTP over SSL (FTPS), SSH file transfer protocol (SFTP), FTP over SSH
Possible Drawbacks: Both parties must be using the same software and method of encryption as solutions are not standardized well.
This method is used when you cannot transport data over a network and it must be physically transported. The media is protected so that if it is lost, no data can be recovered without the appropriate passcode or key.
Example Technologies: IronKey, McAfee Encrypted Drive, Encrypted USB Flash Key with PIN access
Possible Drawbacks: Most solutions require software to either be installed or temporarily executed to encrypt and decrypt data; this software may not work on all platforms (ex. Windows, Linux, Mac, etc.). Other solutions that have a physical keypad overcome this limitation but require the user to remember and transport a PIN safely.
If you are going to transmit data, it is always best to be safe. Encryption can help secure and protect your information in the event of a compromise, and with these methods above, you have several different options at your fingertips. Choose one that works best for you and your organization’s needs.
Special thanks to Charles Smith (firstname.lastname@example.org) who contributed to this article.