Encryption of IAM Data

Posted by Chris Hayes on Thu, Dec 17, 2015

Screen_Shot_12-16-15_at_02.32_PM.png

2015 was a rough year for Identity and Access Management news.  Digital toymaker VTech lost 6.4 million children's names, birthdates, parents' email, mailing addresses and more.  Ashley Madison's data was exposed including email addresses, chat message data and more.  AT&T just agreed to pay $25 million as a result of 275,000 exposed customer names and other information.  Customer and employee identity data is extremely valuable.

Here at EmpowerID we've been working diligently to support an easy to use method of encryption for data stored in our Identity Warehouse.  We are now excited to fully support encryption of all data we inventory and store.  This means if someone gets access to data files on a server or to backups, your data is still protected!

By encrypting data at rest we can now prevent malicious parties from getting the database files and restoring them onto a system and browsing personally identifiable information (PII).  Identity data is encrypted using AES256 which also ensures compliance with many laws, regulations, and guidelines in different industries.

Below, encryption hierarchy with dotted lines representing the encryption used by TDE, courtesy of Microsoft

IC51741.gif

 

Supporting real-time I/O encryption of the EmpowerID 2016 Identity Warehouse means that the data is encrypted before even being written to disk and only decrypted when read into memory.  Verification is easy enough once the process is complete

 Below we can easily verify that the encryption process is complete.

Screen_Shot_12-17-15_at_05.46_PM.png

Once encryption is complete you can look through backups to verify the data is encrypted.  Below on the left you can easily see unencrypted data containing PII, following encryption you can see a backup of the same database is now fully encrypted and unreadable.

Screen_Shot_12-17-15_at_05.28_PM.png

If someone were able to get the Identity Warehouse database they would be unable to load it up to recover the data as you can see below.

3E50DC91.png

So make 2016 the year you commit to encrypting employee and consumer data and the year you lower your exposure to data leaks!  Give us a call or click the link below for a quick demo of the EmpowerID difference.

Request a Demo