Storing encrypted files is critical for companies that offer sensitive information online. But improperly encrypted files can be an equally risky scenario as it leads to a false sense of security. The process of having improperly encrypted files in storage is known as Insecure Cryptographic Storage (ICS). There is a variety of factors that can lead to ICS, including these:
- Bad algorithms
- Improper key management and storage
- Encryption of the wrong data
- Insecure cryptography (such as encryption developed in-house, etc.)
- Locate and identify sensitive company data and confidential client information, and make sure it is completely encrypted.
- Make a list of all people who need access to sensitive data and sensitive areas. Both whitelisting and blacklisting are good solutions.
- Developers should make sure that no sensitive data can be overwritten easily: however, all sensitive memory locations should be erased and overwritten as soon as the data is no longer needed to be stored there.
- Encryption keys, DRM and algorithms should only be known to company management.
- All data and drives that are encrypted should be checked and scanned frequently.