Data protection mandates in legislation like HIPAA and the Sarbanes-Oxley Act are making encryption more popular, but cryptography as a point solution is another story.
Enterprises "aren't going out and searching for what product can solve everything out of the box," explains Adam K. Erickson, senior VP of worldwide sales and marketing for encryption middleware provider Eruces. "Rather, what they're tending to do is develop their own solutions in-house."
But it takes time and skill to build encryption from scratch -- more than some companies can afford.
Last month Eruces rolled out the platform-independent Encryption Framework for Enterprises, which leverages its patented Tricryption engine to create an abstraction layer, bridging applications requiring encryption with commonly used algorithms, libraries and toolkits on the market today. Expect other vendors to follow.
Such frameworks should reduce manpower that developers now devote to creating cryptography, or it may save the sanity of those unsure just how to customize, say, an RSA algorithm or OpenSSL. It also tackles a problem arising from transmissions using PKI or VPNs: what do to once encrypted data reaches its destination.
"Now, if an organization has multiple encryption projects going on, developers can go and build upon the same platform, so every data piece will be encrypted and still talk to each other," Erickson says.
The framework is especially appealing to security managers whose developers are racing against a legislative deadline.
"If you're building a simple Java app to run on your Web site and you get it wrong, there's not too much damage to be done," Erickson adds. "If you mess with your cryptography, very bad things can be done."