While lossy data compression may work for multimedia-type files, using this technique can alter the meaning of data, which makes it inappropriate for strategic data.
Preparing for Battle
As businesses extend their operations and data beyond traditional corporate and IT boundaries, the need to securely compress data becomes more compelling.
IT, security and data center managers must now determine the safety of their data:
- From being stolen, destroyed in a disaster, or otherwise compromised
- In the data center
- In corporate systems
- Representing intellectual property
- Reflecting executive communications.
Security officers faced with protecting digital assets have woven together a fabric of systems and technologies to help manage the risk and protect their corporate IT operations. The problem is too big and amorphous for a one-size-fits-all solution.
Firewalls act as a protective perimeter to your IT assets, but they’re only one part of the security fabric. What happens when someone has breached your security wall? If you’re fortunate, there’s a virtual guard dog waiting to stop further access. Adding RACF, ACF2, or even Top Secret to the data processing environment is the first layer of protection for your mainframe. This is great as long as you don’t plan to move the data to other environments.
IT organizations spend tremendous time and effort protecting the network, configuring firewalls, isolating critical back-end processes, and keeping their servers running. However, the inevitable still happens. You probably know a company or someone who has fallen victim to a malicious attack, costing that company millions of dollars in production downtime. So, how can one prevent such an invasive, costly event? It’s a challenge, given the disparity of the platforms commonly deployed and the growing need to network with partners and ensure their systems use secure, effective technology.
The challenge is greater and more imminent for companies that fall under strict regulatory guidelines such as:
- Gramm-Leach-Bliley Act (protecting the privacy of financial data)
- Healthcare Information Portability and Accountability Act (HIPAA), which protects the privacy of patient information in the healthcare industry
- Sarbanes-Oxley (mandating efficient, financial reporting record-keeping among public companies).
Data centers can save money by combining encryption and compression. Encryption usually increases the file size, making pure encryption security solutions infrastructure-intensive. But combining the two techniques yields significant file size reductions. Figure 3 shows an example of a document encrypted with a typical industrial-strength algorithm.
When using encryption alone, the resulting file sizes are typically significantly larger than their original size. If the same files are compressed before being encrypted, each file is significantly smaller than when encryption is used alone. In the same data file example shown in Figure 4, each file is more than 50 percent smaller than its original size.
For the typical IT organization, the task of transferring large files over the network is usually scheduled at night, to minimize the disruption in network performance for the organization’s users. After compressing these files, sometimes by as much as 90 percent or more, the transfer requires less dedicated bandwidth, which often translates directly into cost savings, but also means more flexibility for the IT organization to schedule large file transfers.
Here are some best practices IT professionals can follow in selecting a ZIPbased data security solution:
- Evaluate both the product and the vendor: The product should offer native platform-specific features and support, and should not offload all its responsibilities to another system, such as a PC server. The vendor should be experienced in storage technology, with a strong track record for supporting customers with operations similar to yours.
- Insist on strong security: Strong security— using either passwords or digital certificates—is the industry standard for the protection of data in transit or in storage. The risks are too high to use anything less.
- Check for data integrity: Encryption serves to scramble data so it’s not decipherable by prying eyes. However, data integrity is paramount. The loss of one bit of data compromises the data transfer and raises suspicions about the integrity of the entire process. ZIP vendors that serve enterprise customers have developed sophisticated error-checking steps, such as CRC32, a standard data integrity calculation based on applying a logic operation (a series of bitwise operations) to a block of data to produce a fixed size value representing the original data in a file. A good 32-bit CRC process, for example, compares the final ZIP file to the initial ZIP file to ensure that there were no compromises in data during the process. Users or administrators are alerted about any discrepancy.
- Demand efficiency: Data compression makes files smaller. Encryption tends to increase the size of files. Combining encryption with data compression creates a secure file significantly smaller than the original. The chance of a transmission error is greatly reduced when files that typically take hours to send can instead be sent in minutes.
- Ensure security of data at rest: While securing data in transit gets all the attention, there remains a risk to data stored and archived. Don’t put up with solutions with large upfront overhead.
The security scrap heap is full of solutions that didn’t work. ZIP compression, already in use in virtually all data centers today, provides a robust platform for delivering strong security that is reliable, deployable, and usable. The traditional ZIP standard includes password-based security. Several companies have extended this further to include strong security, including the government Advanced Encryption Standard (AES). In using ZIP to secure and compress data in storage, data centers can reduce the security risk and pack more data into the same media. Deploying a ZIP implementation requires minimal infrastructure, training and support. By adding this layer of data security to the security mix, your organization can count on further protection for your most important enterprise asset: data.