All clients stress the need for protection of their data. For many of SafetyStratus clients in the Higher Education Sector, data related to research methods, results, hypothesis is highly confidential. A data breach could be very damaging to the institution as well as to the individual besides the financial ramifications.
One of the safeguarding techniques used by SafetyStratus is encryption of the client data.
Far too often users are asked to choose complex passwords that are a combination of letters (with at least 1 upper case), numbers and special characters but easy to remember. The objective is to prevent unauthorized access to data. While most falter at this necessary evil resorting to a combination of names, birthdays and special characters like @ for “a /2” or $ for “s/4” this is only the beginning of a plethora of things to thwart bad actors from accessing your data.
Often more important is how the entity that asks for your data stores it. Encryption is used to protect data from being stolen, changed or compromised. It generally works by scrambling data into a digital code that can only be unlocked with a unique key.
There are 3 most common or widely used types of encryption techniques. Symmetric Encryption, Asymmetric Encryption and Hashing.
Symmetric Encryption is when the same key is used to encrypt and de-crypt the data. So for example, if you were to swap the letters in the alphabet in a particular sequence. One could use N instead of A, O instead of B, P instead of C and so on. Hence the word SafetyStratus would be FNFRGLFGENGHF. To de-crpyt “FNFRGLFGENGHF”, you simply use the same substitution logic (key) to make sense of the word.
Due to this nature, the symmetric encryption is fast, but it relies on the key being kept secret.
AES (Advanced Encryption Standard) is the trusted standard in the US elevated by NIST. It is highly efficient in 128, 192 and 256-bit. It is so robust that you would need quantum computers to hack it which thankfully are not commonplace. SafetyStratus understands that our clients work could contain highly sensitive information such as injury incident information with medical records, applications for grants and funding, chemical inventory etc. SafetyStratus uses AES 256-bit encryption for storing all client data.
Asymmetrical Encryption uses two keys – one for encryption, often called the “public” key and another one for de-cryption, often called the “private” key.
In asymmetrical encryption, data is locked with the public key and can only be de-crypted with its corresponding private key. One common use of this type of encryption is on sftp servers where the private and public keys are generated on the sftp server for a remote user and the public key is sent securely to the remote user. This allows the user to authenticate without having to put in a password. Another example is https in which your browser sends its public key to the server. The server uses this key to encrypt the data and send it back to your browser which then uses its private key to decrypt it.
Hashing is transforming data of any length into a fixed length output known as a hash value. This is like the bar-code on a product. It could be a pack of cookies or a single milk carton. The bar-code is a fixed length. The hashing algorithm uses a complex set of computations to arrive at the hash value and if even if one character is changed in the input, the hash value could be drastically different. The previously mentioned password encryption is typically stored as a hash value. Thus, when a password is supplied, it is hashed and compared with the stored hash value. The actual password is never stored and therefore difficult to crack.
For more information and understanding of how your personal data is protected by SafetyStratus, please visit SafetyStratus where you can speak to industry leading EHS professionals or schedule a demo of the product. Tune in to other EHS related Data Privacy articles coming soon…
AUTHOR BIO:-
KC (Kalyan Madhunapantula) has over 15 years of systems administration majority of which is on Unix/Linux. He holds an MS in Environmental Engineering. His thesis on watershed modeling using a program in Fortran inspired his foray into computers. Joining an IT team of a leading multi-media company, he progressed through DBA, system administration and management.
He was the lead administrator for overseeing IT SOX compliance for 20+ applications including HR and Financials. With the advent of Cloud Services, KC embraced AWS and today serves to ensure IT security and compliancy with frameworks such as SOC2, GDPR, HIPAA and PIPEDA at SafetyStratus.
