Rethink Your Strategy

By Kurt Lennartsson  |  Posted 2010-01-14 Print this article Print

Rethink your strategy

To combat the rising cost of data breaches, organizations must rethink their strategy in regards to protecting data. No longer is a firewall the means to this end. While firewalls protect traditional computing methods, they do not protect data from theft via mobile devices. A stronger method of protecting data in transit on mobile devices is through the use of encryption software.

Encryption is the process in which an algorithm is used to transform information into a senseless jumble of characters and symbols, and it is the future of data security. Only authorized personnel have a "key" that is used to decrypt the information so that it can be readable again.

The rise in the mobile work force has changed the conversation on security methods from device-centric protection to data-centric security. When discussing data encryption, there are a number of solutions.

The whole truth and nothing but

Whole-disk encryption is designed primarily for desktops, laptops, notebooks and devices with hard drives. Whole-disk encryption is a comprehensive and transparent means to securing data. Through this method, data is encrypted and decrypted on the fly, as users perform their normal tasks. All the data on the hard drive is encrypted. Unlike firewall-only perimeter defenses, data encryption protects data wherever it goes and, therefore, is ideal in the ever-expanding world of business mobility.

No hard drive? No problem

File and folder encryption protects specific files on a device and requires an encryption key to gain access to the data. Because some mobile devices do not have hard drives, the whole disk cannot be encrypted. However, file/folder encryption is designed in such a manner that it allows encryption of the data on the device. This way, if an employee loses a flash drive or a CD/DVD, the data is not accessible if it falls into the wrong hands.

Regulations and mandates galore

Protecting data has become so critical that federal and state regulatory mandates have emerged requiring immediate action to properly protect Personally Identifiable Information (PII). In the United States, 45 out of 50 states have passed data protection and reporting laws. Most industries have regulatory requirements to protect data. The healthcare industry has the Health Insurance Portability and Accountability Act (HIPAA), the financial industry has the Sarbanes-Oxley Act (SarbOx), retail and manufacturing has the Payment Card Industry Data Security Standard (PCI DSS), and state and local government and institutions have the Family Educational Rights and Privacy Act (FERPA). And this is just to name a few.

Kurt Lennartsson is the Chief Technology Officer at Mobile Armor. Kurt's more than 20 years of experience in the security industry has involved directing, architecting and developing software and hardware for computer security and large scale systems (both Web and mobile). Kurt is the co-inventor of more than 10 patent applications in the security field. Some of the strengths Kurt's extensive security industry background brings to Mobile Armor include significant experience in mobile device encryption systems, PKI firewalls, intrusion detection/prevention systems, smart cards and AAA authentication systems. Kurt also headed several government-mandated security certification projects for both FIPS 140 and Common Criteria (EAL4). He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel