Encryption no longer an optional technology


This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."

Download it now to read this article plus other related content.

With so many types of encryption available, it can be tough for a company to figure out which one is best suited to its needs. The first step is to determine whether your organization is subject to any federal or industry regulations that mandate how data is to be secured. If so, these regulations often provide guidance on the types of encryption solutions that must be used.

Most organizations will want to take a layered approach. When it comes to encryption, the general rule is that data needs to be protected at rest and in motion. If data is only encrypted at the storage level, or only while in transit, then the data is not fully protected against potential exposure. Although application-level encryption fulfills both of these criteria, it should be used only to augment your network's security, not as the sole encryption method. The reason is that not every application offers built-in encryption, and those that do have varying encryption strengths.

If a company is not subject to regulations requiring encryption, it's critical to consider the total cost and staff requirements associated with deploying and maintaining the technology. Encryption can cost a significant amount in terms of hardware, software and support, and it is important to make sure the benefits

    Requires Free Membership to View

justify the expenditures.

Whatever encryption solution a company chooses, it should be transparent to end users and compatible with your network infrastructure. Some encryption solutions cause complications with backing up data or with accessing or encrypting data stored on a SAN. Make sure the solutions you are considering will not cause a significant administrative burden once the initial setup is complete.

While encryption definitely has its place in an enterprise security strategy, a company can't rely on encryption to solve its security problems. Most security experts agree that there is no such thing as a full-proof security solution. Any security mechanism can be circumvented with enough time and effort, including strong encryption. The key to good security is to make a breach more trouble than it's worth. This is best achieved by taking a layered approach to security that involves comprehensive policies and multiple technologies.



This was first published in October 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: