Home > Information Security Magazine > Features > Encryption no longer an optional technology
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Encryption no longer an optional technology
by Brien Posey
Issue: Oct 2008
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

HOW TO CHOOSE
With so many types of encryption available, it can be tough for a company to figure out which one is best suited to its needs. The first step is to determine whether your organization is subject to any federal or industry regulations that mandate how data is to be secured. If so, these regulations often provide guidance on the types of encryption solutions that must be used.

Most organizations will want to take a layered approach. When it comes to encryption, the general rule is that data needs to be protected at rest and in motion. If data is only encrypted at the storage level, or only while in transit, then the data is not fully protected against potential exposure. Although application-level encryption fulfills both of these criteria, it should be used only to augment your network's security, not as the sole encryption method. The reason is that not every application offers built-in encryption, and those that do have varying encryption strengths.

If a company is not subject to regulations requiring encryption, it's critical to consider the total cost and staff requirements associated with deploying and maint...



aining the technology. Encryption can cost a significant amount in terms of hardware, software and support, and it is important to make sure the benefits justify the expenditures.

Whatever encryption solution a company chooses, it should be transparent to end users and compatible with your network infrastructure. Some encryption solutions cause complications with backing up data or with accessing or encrypting data stored on a SAN. Make sure the solutions you are considering will not cause a significant administrative burden once the initial setup is complete.

While encryption definitely has its place in an enterprise security strategy, a company can't rely on encryption to solve its security problems. Most security experts agree that there is no such thing as a full-proof security solution. Any security mechanism can be circumvented with enough time and effort, including strong encryption. The key to good security is to make a breach more trouble than it's worth. This is best achieved by taking a layered approach to security that involves comprehensive policies and multiple technologies.


asdfghjkl


asdfghjkl


< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts