A top-of-mind question for business leaders across all industries is how to eliminate the risk of a data breach. In addition to removing sensitive data from your business process, there are two other tactics you should deploy: application-level encryption and strong authentication.
Though it is generally accepted that encrypting sensitive data will protect your organization, most people in the security business don’t realize that not all encryption is equal. Even when using NIST-approved algorithms with the largest key sizes available, data is still at risk.
How is that possible? Well, all other things being equal in the cryptographic sense, two design decisions matter when encrypting data:
1) Where the data is being cryptographically processed
2) How are cryptographic keys being managed?
Source : Info Security