5 Rules For (Almost) Painless Encryption

  /     /     /  
Publicated : 22/11/2024   Category : security


5 Rules For (Almost) Painless Encryption


Even as mobility and cloud take off, too many companies still leave data in the clear, spooked by operational concerns. Yes, key management remains a problem. But can you really afford not to encrypt?





Download the entire Dec. 10, 2012, issue of
InformationWeek
, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree for each of the first 5,000 downloads.
You cant talk about big IT trends without running into data protection worries. For the 728 business technology pros responding to our
InformationWeek
2013 Outlook Survey
, which explores spending and technology priorities for the coming year, improve information security ranked No. 1 among 19 projects. This makes perfect sense; whether your company is fixated on big data, public cloud, BYOD or mobile app development, security plays a key role.
Yet even as mobility and cloud take off, many companies still leave data in the clear, worried about operational and performance concerns. Never mind that major compliance and regulatory frameworks either require or strongly recommend data encryption. Yes, key management remains a problem. But there are ways to use encryption without breaking your infrastructure while we wait on the ultimate solution: identity-based encryption. Here are five rules that help.
Rule 1: Stop The Bleeding
Strategy: 5 Keys to Painless Encryption
Our full report on
encryption
is free with registration.
This report includes
14
pages of action-oriented analysis. What youll find :
Top 13 security techs, rated by what matters: funding
10 critical encryption decision factors, from interoperability to skills, or lack thereof
Get This
And
All Our Reports

ITs natural inclination is to standardize on a single encryption vendor, since interoperability is notoriously spotty. But if you look at the top five types of encryption used by respondents to our
InformationWeek
2012 Data Encryption Survey
-- VPN, email, backup, file and disk, in that order -- no single provider can cover all of them. That lapse is no excuse for a free-for-all, though. We see too many IT organizations letting individual project leads make decisions about what types of encryption to use, what products to buy and even how to manage these systems once theyre in place. While we do encourage flexibility, complete decentralization rarely ends well. At minimum, require that a central team approve all new encryption software buys, rules and implementations. This same group must ensure that processes, such as certificate management, are updated to include the new software project that teams want to implement. This one simple change dramatically reduces the sprawl of encryption products and processes. And dont forget the vendor management group during this process.
Rule 2: Pick Your Battles
Dont try to do everything within a narrow set of encryption best practices, and if youre lacking in this area, certainly dont try to put encryption everywhere at once. Instead, perform a risk assessment, prioritize requests and analyze the potential volume of keys and certificates to determine where to focus. The conventional approach is to pick an encryption system based on your data classification scheme and types of sensitive data, but you should also look at the ways encryption tool management can break down. Problems usually hit during key rotations and because of weak passwords or certificate expirations rather than the encryption algorithm itself being breached. Manage the weakest link.
To read the rest of the article,
Download the Dec. 10, 2012, issue of
InformationWeek


Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
5 Rules For (Almost) Painless Encryption