| |||||||||
| |||||||||
Current Filter: Security>>>>>Feature> Encryption to amaze Editorial Type: Industry Focus Date: 05-2016 Views: 2777 Key Topics: Security Encryption Cloud-based Security GDPR Key Companies: Roke CipherCloud Key Products: Key Industries: Government Health | |||
| Truly effective encryption that actually protects data wherever it may reside is an absolute must for any business or organisation dealing with sensitive data Just 'turning on' encryption is not enough to be assured that your information is protected. These are the cautionary words of Richard Morris, head of cyber protection at Roke, who says the following must be considered: Key Management Strategy: "Keys can be the Achilles heel of any encryption system - if keys are not handled appropriately, the loss of them will render the encryption null and void. One must consider how encryption keys will be used, distributed and recalled. Who has access to them? What happens when a key is lost or compromised? If using digital certificates, what is the mechanism used to revoke them and is that mechanism sufficiently robust?" Products: "Do you trust the implementations used to encrypt or authenticate your data or just assume it's bulletproof? Do you have a robust patching scheme to update products following security flaws being identified and which could be exploited to gain access to your data? Are you tied to one proprietary product/solution where, should the product be discontinued, there are no security patches being provided?" Implementations: "If you're developing encryption solutions, have you actually considered the strength of the algorithm and whether the implementation is sufficiently robust - battle-proven open source software will likely be more robust than a new proprietary implementation? Is there enough entropy/randomness in any key derivation implementation? What if the encryption platform or software is hacked - are your keys for the rest of your system easily accessible to the hacker?" Morris goes on to point out factors such as Risk Mitigation: "What would the consequences of losing encryption keys be - is the total loss of the data or service a better outcome than information falling into the wrong hands? Can key backup and restore strategies mitigate the risk of permanently losing data, without themselves being a target of malicious activity?" And finally, there is Support: "Is there a sufficient support infrastructure in place to process requests to recover lost passwords, keys or digital certificates and re-issue new ones? Are your IT support personnel sufficiently trained to deal with encryption technologies?"
INSIDE THE CLOUD Core CASB technologies, such as cloud encryption and tokenisation, enable the enterprise cloud journey by securing data before it leaves the premises. "The PRISM and MUSCULAR revelations underscored the security case for using strong encryption and enterprise managed keys," Feng continues. "Because more vendors are baking the technology into products, government officials in the US and EU have suggested mandating encryption backdoors to give law enforcement data access to investigate suspected criminal activities. As a result of its robustness, cloud encryption post-Snowden has gained rapid adoption with companies in finance, healthcare, telecommunications and other regulated sectors, as well as with multinationals that operate under a myriad of regional privacy laws. "In security, the best publicised news focuses on the vulnerability, not the cure. But, as Snowden highlighted, 'trust the math'. Encryption and tokenisation, applied with proper security hygiene, offer proactive data defences against unwanted intruders. With regulators around the world setting an increasingly stringent privacy agenda for the treatment of data, companies investing in cloud can keep using their applications, as long as they prove they are taking adequate protection measures, such as encryption and tokenisation." Given the EU court's suspension of Safe Harbour, there is more incentive than ever for companies that move data across the Atlantic to strongly encrypt or tokenise information that regulators categorise as sensitive, Feng concludes.
CRUCIAL COMPONENT Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |