Data Security Adds an Extra Layer of Protection

by Tait Hamiel
June 1, 2004

When using encryption alone, the resulting file sizes are typically significantly larger than their original size. If the same files are compressed before being encrypted, each file is significantly smaller than when encryption is used alone. In the same data file example shown in Figure 4, each file is more than 50 percent smaller than its original size.

For the typical IT organization, the task of transferring large files over the network is usually scheduled at night, to minimize the disruption in network performance for the organization’s users. After compressing these files, sometimes by as much as 90 percent or more, the transfer requires less dedicated bandwidth, which often translates directly into cost savings, but also means more flexibility for the IT organization to schedule large file transfers.

Evaluating Solutions

Here are some best practices IT professionals can follow in selecting a ZIPbased data security solution:

• Evaluate both the product and the vendor: The product should offer native platform-specific features and support, and should not offload all its responsibilities to another system, such as a PC server. The vendor should be experienced in storage technology, with a strong track record for supporting customers with operations similar to yours.
• Insist on strong security: Strong security— using either passwords or digital certificates—is the industry standard for the protection of data in transit or in storage. The risks are too high to use anything less.
• Check for data integrity: Encryption serves to scramble data so it’s not decipherable by prying eyes. However, data integrity is paramount. The loss of one bit of data compromises the data transfer and raises suspicions about the integrity of the entire process. ZIP vendors that serve enterprise customers have developed sophisticated error-checking steps, such as CRC32, a standard data integrity calculation based on applying a logic operation (a series of bitwise operations) to a block of data to produce a fixed size value representing the original data in a file. A good 32-bit CRC process, for example, compares the final ZIP file to the initial ZIP file to ensure that there were no compromises in data during the process. Users or administrators are alerted about any discrepancy.
• Demand efficiency: Data compression makes files smaller. Encryption tends to increase the size of files. Combining encryption with data compression creates a secure file significantly smaller than the original. The chance of a transmission error is greatly reduced when files that typically take hours to send can instead be sent in minutes.
• Ensure security of data at rest: While securing data in transit gets all the attention, there remains a risk to data stored and archived. Don’t put up with solutions with large upfront overhead.

The security scrap heap is full of solutions that didn’t work. ZIP compression, already in use in virtually all data centers today, provides a robust platform for delivering strong security that is reliable, deployable, and usable. The traditional ZIP standard includes password-based security. Several companies have extended this further to include strong security, including the government Advanced Encryption Standard (AES). In using ZIP to secure and compress data in storage, data centers can reduce the security risk and pack more data into the same media. Deploying a ZIP implementation requires minimal infrastructure, training and support. By adding this layer of data security to the security mix, your organization can count on further protection for your most important enterprise asset: data.