Security experts urge users and enterprises to adopt full disk encryption and proper key management to secure sensitive data from accidental exposure.
data breaches and privacy violations would spur enterprises to adopt encryption
and use it effectively, according to security experts.
are beginning to assume that the firewall has already been compromised and are
relying on ubiquitous encryption to protect data across the enterprise,
according to Jeff Hudson, CEO of Venafi. In the past, security measures assumed
that firewalls and other perimeter defenses were enough to keep the bad guys
out. Recent high-profile data breaches proved that attackers were able to still
get into the network, and had free rein because the data was not protected at
all, according to Hudson.
predicted that 2012 would be the "year of ubiquitous encryption."
lines, privacy rights organization Electronic Frontier Foundation recommended
that users "commit"
to full disk encryption
on all their computers. Encrypting the entire drive
would help secure private data, including business documents, Web-surfing
history, information about other people and email communications, even if the
computer is lost or stolen, Seth Schoen, EFF's staff technologist, wrote on the
EFF blog Jan. 3.
put off taking security steps that can help protect your private data. Join EFF
in resolving to encrypt your disks 2012," Schoen wrote, noting that there
are several easy-to-use tools available, including Microsoft's BitLocker or
encryption uses mathematical techniques to scramble data so it is
unintelligible without the right key, according to Schoen. "Without
encryption, forensic software can easily be used to bypass an account password
and read all the files on your computer," he wrote.
need to make sure that all data, regardless of whether it is stored in-house or
managed by a third-party provider, is protected by either encryption or
tokenization, Ulf Mattsson, CTO of Protegrity, told eWEEK
. Incorporating these data-security measures may add some
complexity, but the protections would wind up saving the organization money in
the event of a data breach, Mattsson said. Taking the time to protect the data
would expose the organization to less damage post-breach, he said.
In a recent
survey of 500 IT professionals, more than a third admitted to losing USB drives
and portable devices containing unencrypted personal and company data, iStorage
found. Over half said they transported data without encrypting it first, according
that have adopted encryption still encounter problems because they are not
following best practices for encryption key management, according to Hudson.
Organizations struggle to keep track of what keys are being used and who has
access to them. Encryption would be a "defining issue" in the year
ahead, he said.
leave, they may take the keys with them, leaving the organization unable to
access the data, Tim Matthews, senior director of product marketing at Symantec,
. A recent Symantec study
found that poor
and lack of control over the technologies being used could
cost the organization an average of $124,965 a year.
will also need to start thinking about encryption as users start worrying about
their personal data and enterprises try to protect the corporate data leaving
their networks, according to Geoff Webb, director of product marketing at
Credant Technologies. Users have a "real desire" to take back control
over the files they put in the cloud, Webb said. Storage
and collaboration services
will begin offering user-owned data-security and
encryption options, according to Webb. Salesforce.com
acquired Navajo Systems
in August to provide customers with data-encryption
European Union issued a mandate that security breaches involving unencrypted
data need to be disclosed to local regulators, several large telecommunications
companies started offering encryption services to minimize the risk of data
exposure. As industry regulations and laws evolve to address unencrypted data,
organizations will find it necessary to encrypt the data from the get-go, Jon
Heimerl, director of strategic security for Solutionary, told eWEEK
The Health Information
Technology for Economic and Clinical Health (
HITECH) Act is a good
example, as it states that if an organization loses health care data, as long
as it can show that it protected the encryption key and took proper data
security measures, it does not need to disclose the incident.
don't have to make this overcomplicated; even hard drive encryption and
database encryption can go a long way to protect your cool data," Heimerl