But encryption and other security mechanisms are not helpful if the security layers where the data is being stored can be circumvented, for example by a systems administrator. Encryption is good for confidentiality, but does not protect data from intentional deletion or accidental modifications. It is important to have a single data access channel to the storage location and ensuring that only a strict protocol, that prohibits code from entering, is available for remote users. In September 2004, an unauthorized party placed a script on the CardSystems system that caused records to be extracted, zipped into a file, and exported to an FTP site. The result was the exposure of millions of credit card details and the eventual demise of CardSystems.

Ensure that Data at Rest is protected

The cornerstone of protecting storage while at rest is encryption. Encryption ensures that the data is not readable and thus maintains its confidentiality. But encryption that places high demands on managing is ineffective. By using transparent key management there is absolutely no need for user level or administrator level encryption key management or awareness, and the use of advanced cryptographic protocols, such as AES 256bit for both storage and session encryption and signing, guarantees the protection of the data :

Protection from data deletion, data loss

The protection of data by encryption is simply one part of the problem. Files may be accidentally or intentionally deleted or changed. Always keep older versions, ensuring an easy way to revert to the correct file content or recover from data deletion.


Protection from data tampering

Data inside protected storage must be tamper proof by integrating authentication and access control that ensures that only authorized users can change the data. In addition, to ensure that data manipulation that somehow bypasses the access control doesn’t go unnoticed, digital signatures must be employed to detect unauthorized changes in the files.

Auditing and monitoring

Comprehensive auditing and monitoring capabilities are essential for security for several reasons. First, it allows the enterprise to ensure that its policy is being carried out. Secondly, it provides the owner of the information with the ability to track the usage of its data. Thirdly, it is a major deterrent for potential abusers, knowing that tamper-proof auditing and monitoring can help in identification. Finally, it provides the security administrator with tools to examine the security infrastructure, verify its correct implementation and expose inadequate or unauthorized usage.