Scribd
Upload
31 views

APAC 7 NAS Encryption Best Practices

This document provides best practices for encrypting data on a NAS (network-attached storage) device to protect sensitive information. It recommends identifying and prioritizing what data to encrypt, encrypting sensitive data both at rest on the device and in motion between systems, encrypting administrative sessions, using VPNs for remote connections, implementing centralized key management, and not relying solely on encryption as other security layers are also needed.

Uploaded by

Training CDAC KOLKATA
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
31 views

APAC 7 NAS Encryption Best Practices

This document provides best practices for encrypting data on a NAS (network-attached storage) device to protect sensitive information. It recommends identifying and prioritizing what data to encrypt, encrypting sensitive data both at rest on the device and in motion between systems, encrypting administrative sessions, using VPNs for remote connections, implementing centralized key management, and not relying solely on encryption as other security layers are also needed.

Uploaded by

Training CDAC KOLKATA
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

7 NAS ENCRYPTION

BEST PRACTICES
TO PROTECT DATA

IDENTIFY WHAT TO ENCRYPT


Encrypting and decrypting data can slow performance,
sometimes significantly. Encrypt only the data that needs
protection or that applicable regulations govern. Prioritize
the data based on its requirements for confidentiality. To
help prioritize data, consider what the repercussions would
be if certain types of data were compromised.

ENCRYPT SENSITIVE DATA AT REST


At-rest data refers to the data stored on the NAS device, as
opposed to the data transmitted between endpoints. Use
NAS encryption to protect sensitive data from unauthorized
access, even if a device is stolen. Use advanced cryptographic
technologies such as AES 256-bit encryption. Encrypt
metadata along with the rest of the data.

ENCRYPT SENSITIVE DATA IN MOTION


Data in transit is susceptible to threats such as
eavesdropping and hijacking, inside and outside the
organization's network. When encrypting data in motion, use
industry-standard protocols such as the transport layer
security protocol and close all unused ports on the NAS
device. Also, include all sensitive information, including
backups and replicated data.

ENCRYPT ADMINISTRATIVE SESSIONS

Administrative access is just as vulnerable to attack as other


types of communication. Always encrypt administrative
sessions to prevent data breaches and other risks, whether
administrators connect through APIs, command-line
interfaces or other client tools.

USE VIRTUAL PRIVATE NETWORKS


A VPN provides an encrypted connection over the internet. It
hides details about the session and adds an extra layer of
protection for client systems that communicate remotely
with NAS devices. Because a VPN disguises a user's online
identity and activity, it is more difficult for hackers to steal
data or compromise systems -- or even infer a session's
contents or type of data.

IMPLEMENT CENTRALIZED KEY


MANAGEMENT

Most approaches to encryption rely on cryptographic keys.


Cryptographic keys must be properly generated, distributed,
stored and, when the time comes, destroyed. This process
requires a centralized key management system. Without this
system, keys could be compromised. Key management
should also consider applicable regulations, including data
protection laws and laws related to importing and exporting
encryption technologies.

DON'T RELY SOLELY ON ENCRYPTION


TO PROTECT SENSITIVE DATA
Data protection requires multiple layers of security. For
example, an employee might be authorized to access PII data
on the company network. When the user logs in and accesses
the data, it is decrypted and presented as plain text. If a
cybercriminal acquires the user's login credentials, the
hacker will be able to view any data available to that
employee, even if the data is normally encrypted.

© 2022 ComputerWeekly.com | TechTarget

You might also like