Data security can be somewhat of a “blind item” for SMBs, meaning it’s out of their area of expertise. But most won’t be hiring consultants to guide them through the process of assessing security issues and finding answers. That will be up to their vendors, their VARs and themselves. In many situations, file-level encryption is the right solution for these companies.
In an article on SearchSMBStorage.com, “Secure data storage strategies and budget-friendly security tools for SMBs,” Kevin Beaver lays out the security issues facing SMBs. He says that storage security for most SMBs can be a challenge for a number of reasons. There are typically too few people in IT to begin with, but often there are too many parties getting involved with the security decision, leading to an accountability problem. And, mobile devices are exacerbating the situation, enabling users to carry company data around in an easily lost and easily stolen package called a smartphone, PDA or tablet.
As Kevin mentions, data encryption can be especially useful at small businesses, but also at midsized companies, where VARs are more likely to spend their time. In most of these companies, IT staff members aren’t security experts, and the risks may not be so severe or so well-defined that sophisticated solutions are already in place. In these environments, encryption is often a piecemeal process that’s implemented at a number of levels, and probably not in a comprehensive way.
While money’s certainly tight in smaller companies and some freeware solutions are available, buying a comprehensive encryption package can be an appropriate investment. It can help address the challenges of not having enough IT staff or enough expertise in data security by providing a foundation for a company’s security infrastructure. Some products can extend that protection to data that’s accessed on mobile devices and tie in existing encryption solutions, like Microsoft’s BitLocker or Seagate’s drive encryption.
For many companies, data encryption is typically full-disk encryption (FDE), which often came on the device (like BitLocker) or was bought for a specific situation, like laptop data protection for salespeople. But FDE is cumbersome, since it applies to everything on the computer, even systems files. When anything is changed or added, FDE must be disabled. Like propping open the front door to carry in groceries, anything can come in or go out of the system during this vulnerable time. Encryption has gotten somewhat of a bad rap, due partly to the fact that it traditionally has relied on this less convenient full-disk methodology. Also, encryption can sometimes interfere with backups or other operations. These experiences can be frustrating and lead to improper use and poor results. Or the user can simply turn it off.
File-level encryption, on the other hand, allows data protection to be embedded in the file, staying with the data regardless of where it’s stored. This enables computer users to encrypt their data files and leave software and systems files open to facilitate updates or installation without requiring that encryption be turned off. It can also provide protection for mobile/handheld devices, as well as more traditional endpoint devices like desktops and laptops.
File-level encryption works well with server virtualization, where multiple VMs share the same physical storage volume. By encrypting individual VMDK files, it essentially provides VM-level encryption, allowing sensitive VMs to share physical resources. File-level encryption is also useful in multi-tenant cloud environments since it protects sensitive files and eliminates the reliance on data security by the cloud provider.
Security for data storage assets is an area in which many companies need some help. Data encryption can provide a compelling solution for VARs to lead with at organizations that have a myriad of storage and compute devices but a shortage of solid security expertise. File-level encryption, in particular, can be an effective way to protect sensitive data on servers, desktops, laptops and even mobile devices, while leaving the system available for maintenance and updates. It can also provide a way to secure data in shared, virtual server environments and the cloud.