Welcome to the WEI Tech Exchange Blog

Avoid Security Breaches with Data Protection Technology

Written by Greg LaBrie | Apr 12, 2016 12:45:00 PM

Every few years a new encryption algorithm is released by an IT solutions provider to ensure your data stays safe. Hardware keeps improving, making older encryption algorithms easier to break. Thus, new encryption mechanisms are needed to keep your systems and data safe.

Nowadays, the most popular encryption mechanism is called AES-256. The AES part stands for Advanced Encryption Standard. The 256 part is the key size to encrypt the actual data files. Want your data to be even more secure? The simplest way to better secure your data is to increase the key size. AES-512 for instance. The problem with increasing your key size is there are certain side effects you’ll need to learn to deal with, primarily speed.

That’s where Intel comes into play. Instead of relying on software-based approaches for the encryption and decryption of your data, Intel has embedded a hardware-based solution into the chipset for this underlying problem. Intel has two data protection technology solutions available to assist you with your encryption needs.

Intel Data Protection Technology with AES-NI

The NI in AES-NI stands for new instructions. It is kind of like the TNG part added to Star Trek, for the second generation of that TV show. You’ll find the AES-NI adds additional instruction sets in the chipset to speed up the performance of the AES encryption and decryption. The faster the system is able to process encryption requests the more data that can be processed securely. Some changes are not limited to just speeding up AES operations but can also be used for other tasks. You have improved large integer arithmetic with their ADCX and ADOX commands. You have added instructions for RORX and MULX, Rotate Right Logical Without Affecting Flags and Unsigned Multiply Without Affecting Flags respectively. Lastly, the PCLMULQDQ instruction is available for carry-less multiplication of two 64-bit operands.

Intel Data Protection Technology with Secure Key

The Secure Key technology is the easier of the two to explain. Instead of relying on software to generate a random number securely, the random number is generated directly from the processor chip. No more bad seeds to be later used to do the actual encryption.

Why do you need the added protection of Intel Data Protection Technology? Personally identifiable information (PII) needs to be protected. If you don’t protect it, someone will find it and reveal it. Security through obscurity used to be a valid option, it no longer is. Here are some of the bigger data breaches from 2015:

  • Toymaker VTech exposed the information of 4.8 million users plus another 200,000 kids
  • Securus had about 70 million inmate phone calls revealed, including those that should have had limited access due to attorney client privilege
  • Donald Trump’s hotel chains were hacked revealing information about hotel visitors
  • Experian accidentally exposed the information of 15 million T-Mobile subscribers
  • Carphone Warehouse, a UK-based phone retail store, had encrypted credit card data stolen
  • Lastly, two words: Ashley Madison. Will that company bounce back from their massive data breach? The initial fallout was massive. Any press is good press probably wasn’t true here.

The key takeaway from all the significant data breaches is if you don’t protect the data of your customers, expect it to be compromised. Someone will find and exploit the weaknesses in your network. Thus, if you don’t protect your data with a smart approach, someone else will collect if for you.

Learn more about Intel’s data protection technology solutions and how to leverage them in your IT environment, contact us today.