Hardware-based encryption gains most innovation of '07

By Neil Roiter, Senior Technology Editor, Information Security magazine 03 Jan 2008 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Sensitive data hits the road every day, on poorly protected laptops, removable storage media, PDAs and smart phones. In 2007, businesses long accustomed to protecting information in their data centers turned to new security technologies and products to reduce risk to data on the go.

We're seeing so much buying because it's getting easier to implement and protects you against the most common incidents. Jon Oltsik, senior information security analyst, Enterprise Strategy Group

In addition to the expected repackaging, partnering and acquisition and marketing spin, the security industry has responded with some genuine innovation. The simple antivirus products of a few years ago are rapidly evolving into comprehensive integrated suites, combining antivirus/antispyware, HIPS, host firewall, removable device control and even NAC in a single centrally managed agent. Data loss prevention has shifted its focus from the gateway to the endpoint, focusing on data that can simply walk out the door.

Nowhere is the shifting focus on mobile endpoints more pronounced than disk encryption. Businesses that shunned the cost and key management headaches of encrypting laptops have scrambled to deploy it for a perceived quick fix to protect data and satisfy regulatory auditors.

Even so, it's cutting-edge technology that will complete the rapid evolution of full disk encryption from selective to near ubiquitous deployment. Hardware-based encryption is just making its way into the mobile device market, but it's coming on fast. Earlier this year, Seagate announced the Momentus 5400 FDE 2 hard drive, at first available only through clone laptop company ASI, but now available on select Dell models. Intel has announced its chip-based hardware encryption, code-named Danbury, will ship with vPro processors in the second half of 2008.

"By end of 2008, we'll see a fair amount of variety of offerings," said Jon Oltsik, senior information security analyst for the Milford, Mass.-based Enterprise Strategy Group. "By mid-2009, there will be more widespread combinations. By the end of next year, if you are replacing laptops, you'll have several options--not just from Dell. It will be pretty much universal."

Full disk encryption: How can a corporation assess the costs of whole-disk encryption? Security management pro Mike Rothman explains how an enterprise can estimate the costs of implementing whole-disk encryption. Federal government pushes full-disk encryption: Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full-disk encryption (FDE) products. Seagate pushes hard drive encryption to the data center: Seagate wants to extend full disk encryption to hardware, but is the enterprise ready?

Hardware-based encryption, whether disk- or chip-based, solves the performance problem that limited adoption. Moving keys into hardware makes encryption easier to implement and manage. Most important, perhaps, for a little more money, it comes with the laptop you already planned to buy.

"If the requirement is to encrypt laptops, the easiest way is to buy laptops that can already encrypt," said Oltsik.

He said that it's not clear which technology--disk- or chip-based--might prevail, but that's in the hands of the laptop makers. It depends on who is most successful in channel distribution and gets into production lines. Users don't really care.

Where does this leave software encryption companies like Credant, Utimaco, PGP, and Safeboot (recently acquired by McAfee) and Check Point (which acquired Pointsec)? Recognizing that their boom will last only as long as it takes hardware-based encryption to take hold, they are partnering with Seagate and Intel to offer integrated solutions. While the hardware companies handle the encryption processing, software vendors will focus on what they day do best--policy creation and implementation, key management, etc.

"In five years, we probably won't sell encryption software," said Malte Pollman, Utimaco vice president of products, but key and other management services for Intel, Seagate and any other hardware encryption companies.

But while hardware processing is making laptop encryption more attractive, it's by no means a complete data security solution. It should be part of a multilayered defense, including data loss prevention and endpoint security tools.

"Encrypting hard drives is a security of last resort, if a PC is stolen from you or me at the airport," said Oltsik. "We're seeing so much buying because it's getting easier to implement and protects you against the most common incidents. There are a lot of other kinds of attacks we have to pay attention to."

Tags: Disk Encryption and File Encryption,  Enterprise Data Governance,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disk Encryption and File Encryption No major PCI DSS revision expected in 2010 How to use TrueCrypt for disk encryption The future of PCI DSS encryption requirements? Tokenization for PCI What are the top three network intrusion techniques? Health Net healthcare data breach affects1.5 million Prevent meet-in-the-middle attacks with TDES encryption Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Should developers create libraries of common cryptographic algorithms? What is an encryption collision? Enterprise Data Governance How to protect distributed information flows Interpreting 'risk' in the Massachusetts data protection law Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private Security Industry Market Trends, Predictions and Forecasts SCADA system, critical infrastructure security lacking, survey finds Security architects fear savvy botnet attacks, IPv6 security issues Security compliance predictions for 2010: New regulations, new technology IAM trends: Rebuilding security with provisioning technologies Gartner acquires Burton Group, bolsters presence Securosis adds Security Incite, Rothman to its roster Five security industry themes to watch in 2010 How to advance in your infosec career in the current economic storm Top cybersecurity stories of 2009 Security industry praises Schmidt but sees challenges ahead Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Advanced Encryption Standard  (SearchSecurity.com) data key  (SearchSecurity.com) Encrypting File System  (SearchSecurity.com) encryption  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) network encryption  (SearchSecurity.com) output feedback  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) Rijndael  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary