One evening this week, I was reading the latest in tech news on Engadget and Re/code about yet another organization whose network and data had been compromised. With businesses like Target, Home Depot, and even JP Morgan Chase falling victim to Advanced Persistent Threats I wondered what controls, processes and procedures these organization had to monitor suspicious activity and the sharing and storing of sensitive files. Add concerns with compliance requirements like those mandated by PCI and HIPAA, and you end up with a severe migraine.
There are logs, logs everywhere with tons of data and there are solutions in the SIEM space which analyze all of these logs from a security perspective, but this is typically reactive in nature. Organizations need proactive protection of data while it resides on the corporate networks – they need encryption of data at rest.
Reality is, you need protection, both in transit and at rest. Serv-U MFT Server protects data while it is in transit using SSL and SSH. Serv-U Gateway, the reverse proxy add-on which prevents the storage of data in the DMZ, further reduces risk. However, data-at-rest encryption is another important part of the picture, protecting data while it resides on network storage or on a server.
There are several options available to customers who are seeking to provide this additional layer of security on their network. Typically, encrypted file systems are the optimal choice as they are usually easiest to deploy. Depending on the platform you want to secure, there are a couple different options.
You can leverage EFS or Encrypting File System, which is a feature already built into many Windows versions including the newest versions of Windows and Windows Server. There is another feature within Windows in regards to file encryption called BitLocker, but don’t confuse this with Cryptolocker. You can read more about BitLocker vs. EFS here.
If you are looking for non-Windows options or even other Windows options that are not created by Microsoft, historically many folks used an open source program called TrueCrypt, but active development for this recently ended. You can still use this product, but just know that any new issues will not be fixed. With this being said, this code base has been forked and in the process of being turned into a free product called CipherShed, which will work on Windows, Mac OS and GNU/Linux.
If any of the above don’t fit the bill for you, here are some other options for you to look at and consider.
Combining Serv-U with one of the options listed above ensures that you data is completely secure, both in-transit and at rest.