Hardware-based encryption gains most innovation of '07

By Neil Roiter, Senior Technology Editor, Information Security magazine 03 Jan 2008 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Sensitive data hits the road every day, on poorly protected laptops, removable storage media, PDAs and smart phones. In 2007, businesses long accustomed to protecting information in their data centers turned to new security technologies and products to reduce risk to data on the go.

We're seeing so much buying because it's getting easier to implement and protects you against the most common incidents. Jon Oltsik, senior information security analyst, Enterprise Strategy Group

In addition to the expected repackaging, partnering and acquisition and marketing spin, the security industry has responded with some genuine innovation. The simple antivirus products of a few years ago are rapidly evolving into comprehensive integrated suites, combining antivirus/antispyware, HIPS, host firewall, removable device control and even NAC in a single centrally managed agent. Data loss prevention has shifted its focus from the gateway to the endpoint, focusing on data that can simply walk out the door.

Nowhere is the shifting focus on mobile endpoints more pronounced than disk encryption. Businesses that shunned the cost and key management headaches of encrypting laptops have scrambled to deploy it for a perceived quick fix to protect data and satisfy regulatory auditors.

Even so, it's cutting-edge technology that will complete the rapid evolution of full disk encryption from selective to near ubiquitous deployment. Hardware-based encryption is just making its way into the mobile device market, but it's coming on fast. Earlier this year, Seagate announced the Momentus 5400 FDE 2 hard drive, at first available only through clone laptop company ASI, but now available on select Dell models. Intel has announced its chip-based hardware encryption, code-named Danbury, will ship with vPro processors in the second half of 2008.

"By end of 2008, we'll see a fair amount of variety of offerings," said Jon Oltsik, senior information security analyst for the Milford, Mass.-based Enterprise Strategy Group. "By mid-2009, there will be more widespread combinations. By the end of next year, if you are replacing laptops, you'll have several options--not just from Dell. It will be pretty much universal."

Full disk encryption: How can a corporation assess the costs of whole-disk encryption? Security management pro Mike Rothman explains how an enterprise can estimate the costs of implementing whole-disk encryption. Federal government pushes full-disk encryption: Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full-disk encryption (FDE) products. Seagate pushes hard drive encryption to the data center: Seagate wants to extend full disk encryption to hardware, but is the enterprise ready?

Hardware-based encryption, whether disk- or chip-based, solves the performance problem that limited adoption. Moving keys into hardware makes encryption easier to implement and manage. Most important, perhaps, for a little more money, it comes with the laptop you already planned to buy.

"If the requirement is to encrypt laptops, the easiest way is to buy laptops that can already encrypt," said Oltsik.

He said that it's not clear which technology--disk- or chip-based--might prevail, but that's in the hands of the laptop makers. It depends on who is most successful in channel distribution and gets into production lines. Users don't really care.

Where does this leave software encryption companies like Credant, Utimaco, PGP, and Safeboot (recently acquired by McAfee) and Check Point (which acquired Pointsec)? Recognizing that their boom will last only as long as it takes hardware-based encryption to take hold, they are partnering with Seagate and Intel to offer integrated solutions. While the hardware companies handle the encryption processing, software vendors will focus on what they day do best--policy creation and implementation, key management, etc.

"In five years, we probably won't sell encryption software," said Malte Pollman, Utimaco vice president of products, but key and other management services for Intel, Seagate and any other hardware encryption companies.

But while hardware processing is making laptop encryption more attractive, it's by no means a complete data security solution. It should be part of a multilayered defense, including data loss prevention and endpoint security tools.

"Encrypting hard drives is a security of last resort, if a PC is stolen from you or me at the airport," said Oltsik. "We're seeing so much buying because it's getting easier to implement and protects you against the most common incidents. There are a lot of other kinds of attacks we have to pay attention to."

Tags: Disk Encryption and File Encryption,  Enterprise Data Governance,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disk Encryption and File Encryption Database monitoring, encryption vital in tight economy, Forrester says Sophos integrates encryption into endpoint security Cryptography for the rest of us Encryption in data management should never be ignored, expert says The difference between AES encryption and DES encryption Security budget issues to resonate at RSA Conference Portable security storage device could replace OTP devices Mass. officials explain new data protection regulations A simple substitution cipher vs. one-time pad software Are encrypted, self-deleting USB storage drives worth the investment? Enterprise Data Governance Risk management must include physical-logical security convergence Simple information security mistakes can cause data loss, says expert Organizations struggle with data leakage prevention, rights management Encryption in data management should never be ignored, expert says Attackers cash in on fundamental data handling mistakes, Verizon finds Data loss prevention benefits in the real world Mass., Nev. data protection laws wrong, ineffective Cybersecurity hearing highlights inadequacy of PCI DSS Enforcing a vendor risk assessment to avoid outsourcing security risks How to Secure Cloud Computing Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Advanced Encryption Standard  (SearchSecurity.com) data key  (SearchSecurity.com) Encrypting File System  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) International Data Encryption Algorithm  (SearchSecurity.com) network encryption  (SearchSecurity.com) output feedback  (SearchSecurity.com) quantum cryptography  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) Rijndael  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary