Video: Data encryption techniques and methods for protecting data

Video: Data encryption techniques and methods for protecting data

Video: Data encryption techniques and methods for protecting data

Date: Feb 10, 2008

According to a survey of more than 608 enterprise security pros, 80% of enterprises say they need a better strategy for protecting data.

SearchSecurity.com is responding to this growing need with a multi-lesson Data Protection Security School to help you formulate a comprehensive strategy to secure sensitive info throughout your network.
This screencast will highlight different data encryption techniques and methods, and help you discover the options, challenges and risks associated with different data encryption approaches and how to implement and use data encryption to protect sensitive company data.

Video Highlights

Introduction: Data encryption techniques and methods

  • Business drivers
  • Potential points of protection
  • Encryption methods
  • Managing the project
  • Choosing a product
  • Keys

Data Encryption Business Drivers

  • Business
  • Regulations
  • Follow that data

Potential Data Storage Points

  • Laptops
  • Portable Storage
  • Laptops/cameras

Data Encryption Techniques and Methods

  • Hard drive
    - Software
    - Hardware
  • Trusted Platform Module (TPM)
  • Digital Rights Management
  • Mobile Methods

Hard drive; Software Methods

  • Policy server
  • Client software component
  • Integrated with USB or smartcard
  • Hidden costs


Hard drive; Hardware Methods

  • Fixed
    - Desktop Methods
    - PCMCIA
  • Portable
    - USB
    - Usually hardware key

Trusted Platform Module (TPM)

  • All business-class PCs
  • Requires free client from PC vendor
  • Integrates with biometrics
  • Partial disk encryption only
  • VERY secure
  • U.S. courts following this technology closely
  • Only one third-party central policy server available

Digital Rights Management

  • Encrypts the content (data only)
  • Protection travels with the data
  • New meta data controls
  • Central policy server
  • Requires client software
  • Author determines rights

Mobile products

  • Software only
  • Central policy server
  • Application or platform specific
  • Cross platform
  • Portable encryption challenges

Managing the project

  • Team selection
  • Choose encryption type
  • Product testing
  • Vendor selection

Choosing an effective data encryption solution solution

  • What are you protecting?
  • Have you had a breach recently?
  • Where/how is your data going?
  • Usability/security
  • Infrastructure capability
  • Costs


Keys

  • Varies greatly by vendor
  • Greatest obstacle to encryption deployments
  • Types
  • Key management
  • Key backup
  • Key recovery

Data Encryption Methods and Techniques: Conclusion

  • While regulations may be the largest push, business concerns are also a cause for growth
  • Wide range of devices that require protection
  • Full disk, partial, mobile devices or combinations
  • Choosing a product should be a business decision -- not IT alone
  • Key management is the greatest headache

About the speaker:
Tom Bowers is managing director of consulting firm Security Constructs.

Return to Demystifying data encryption Security School lesson.

More on Disk Encryption and File Encryption
Back to top