Editor’s note: This post was written by Charles Kolodgy, IDC Research VP, Security Products.
Business value resides in data – digital information which is easy to create, copy, modify, and disseminate. However, data is difficult to control. The expanding technology environment (mobile devices, cloud services, increasing connectivity, and social networking) is facilitating the use and proliferation of data everywhere.
Illicit access to valuable data puts the enterprise at risk – just look at the recent breaches at businesses like Target and Neiman Marcus. There are many sophisticated, dedicated, and malicious attackers who want your data.
For these reasons the protection and preservation of data should be the primary focus of IT security.
It is well understood that the best method to protect digital data is encryption. With encryption you make sure information is only readable by the people who can decrypt it. You don’t just protect the data from criminals who want to steal the information – but also from inadvertent release as the result of user error or loss.
Additionally, encryption can be used to control access of information that is shared. Only those who have proper access will be able to receive the encryption key. Although people know encryption is required, many do not deploy it as they should because they may be fearful of the technology; worry about performance; consider it too difficult to use; or, believe it unmanageable.
The reality with encryption technology today is most of these impediments have been addressed.
For computers there are many types of encryption – self-encrypting drives, full-disk encryption, file/folder encryption, removable media, email, and cloud storage. These solutions are designed to be reliable and easy to use, and to not significantly degrade performance.
Security mechanisms whose use is controlled by the user do not provide companies with reliable security, and encryption capabilities are much more likely to be deployed when encryption is completely transparent to the user.
The encryption system should be based on corporate policy and automatically make the decisions about what to protect.
Organizations have many choices on what data encryption they deploy, but the greatest value to the enterprise is centralized policy and key management.
Central administration of encryption capabilities, policy setting and enforcement, and encryption key control is critical for data protection.
By having administrative control, you remove the user from the equation, allow for remediation of problems quickly, enhance overall security, and can handle compliance reporting.
The key word for encryption administration is “central.” Managing all the enterprise’s encryption from a single console improves the ability to have consistent enforcement of policy, enables more granular data control through the dissemination of encryption keys, and improves overall efficiency for administrators.
IDC surveys have shown that enterprises are more inclined to deploy encryption if all devices and components could be managed, including key management, under one console.
However, for this to work the policy and key management system must:
- Be easy for the administrator
- Be policy driven
- Be capable of managing third-party and enterprise-developed applications
- Support computers, mobile devices, email, and collaborative applications, including in the cloud
- Be expandable, allowing new encryption applications to be added
- Have strong reporting capabilities
In summary, organizations need to establish and deploy a comprehensive corporate encryption strategy.
The specific mechanisms of encryption deployed should be selected based on need but functionality is improved when many of the components have a single code base.
What is mandatory is centralized policy and key management. With central policy and key management, that can manage multiple encryption engines from multiple vendors, the enterprise can meet existing and future data protection capabilities.
– by Charles Kolodgy, IDC Research VP, Security Products
Sophos news in review: Apple fixes, iOS malware, PCI DSS, and data encryption | Sophos Blog
[…] Sophos security experts have been talking a whole lot about data security in the wake of the Heartbleed security hole, and we had a very special guest writing for our blog this week to talk about encryption. […]
What two features of security does WEP address? | Israel Foreign Affairs
[…] determination of a unique starting unicast encryption key for each preshared key […]
How safe are London’s Wi-Fi hotspots? See the results of our warbiking ride (Video) | Sophos Blog
[…] know we all should appreciate that encryption is a must-have if you want to keep your personal data […]
How cyber safe is Las Vegas? Sophos ‘warbiker’ reveals wireless insecurity | Sophos Blog
[…] Wi-Fi networks. Of those he scanned, half were connecting to the Internet with no encryption at […]
Sophos news in review: Partner conferences kick off, Target CEO resigns, and is antivirus ‘dead’? | Sophos Blog
[…] that for a long time, which is why Sophos offers complete security, including endpoint antivirus, encryption for data protection, as well as network protection against advanced persistent […]
Sophos survey: IT departments expect more Macs, but most aren’t encrypting them | Sophos Blog
[…] a serious concern that so many businesses aren’t encrypting data on all devices, including Macs. Our survey found that only 21% of businesses are encrypting […]
Life after TrueCrypt: 5 tips for better data security | Sophos Blog
[…] Encrypting your data and communications is vital in today’s security landscape. Our security experts offer these five key recommendations for moving beyond TrueCrypt to an alternative for data protection. […]
World Backup Day – why backups are so important, and some data protection tips for businesses | Sophos Blog
[…] your backups? It’s all well and good to have data on your desktops, laptops and servers encrypted – but if your backups are stored in plain text, think of what happens if they get lost or […]
World Backup Day – why backups are so important, and some data protection tips for businesses — The Cloud Key
[…] your backups? It’s all well and good to have data on your desktops, laptops and servers encrypted – but if your backups are stored in plain text, think of what happens if they get lost or stolen. […]