Crypto Mulled at Irvine Event
Top tips for successful data protection using encryption emerge at tradeshow today
March 12, 2008
IRVINE, Calif. -- With hardware encryption having become a de facto standard in its own right, vendors debated the pros and cons of crypto at the system, device, and file levels this morning at the Data Protection Summit here.
There were the familiar entreaties to make sure keys are escrowed in a way that makes them easy to access over the long term. There was the call to use standards-based technologies (and the retort: "Standards are wonderful -- every vendor should have one"). And there was a familiar refrain to avoid obsolescence as enterprises add to their storage security arsenal.
One vendor actually took on the challenge implicit in the session title: "Top 10 Things You Need to Know About Drive Encryption Today." Warning he wouldn't be nearly as funny as David Letterman, Chris Burchett, CTO of Credant Technologies Inc., Addison, Texas, nonetheless enumerated some major -- and less obvious -- aspects of contemporary encryption wisdom:
No. 10: When your boss says, "Encrypt all endpoints," think "all platforms."
No. 9: All endpoints may also include devices you don't own -- partners' devices, USB drives that users may leave behind, and the like.
No. 8: Encrypting data is "managed corruption," so keep in mind the managed part. Customers want to avoid decrypting and re-encrypting data, thus exposing it unnecessarily. Treating all enterprise information in a more holistic way is the security industry's biggest challenge.
No. 7: Encryption needs authentication, so consider authentication options and how they will be managed. While most customers use two-factor authentication now, requirements scale and grow, so that at some point, they will need identity management systems as well.
No. 6: Keep an eye out for hidden issues. for example: Will encryption of data at bootup affect defragmentation later on? (Credant, you may have guessed, encrypts at the file level.)
No. 5: Consider technologies that protect against insider threats -- using unique IDs for each user helps with that.
No. 4: Users will complain and work around security that's in their face, or that forces them to take extra steps. Any encryption solution must be completely transparent at the desktop level.
No. 3: Often, you must be able to prove encryption, either with a log or audit trail, for compliance purposes.
No. 2: Done wrong, encryption gets in the way of forensics -- or hampers it entirely.
No. 1: Drive encryption is ubiquitous -- the challenge now is how to manage it.
Read more about:
2008You May Also Like