Simply Security - News, Views, and Opinions from Trend Micro

Posted on April 16th, 2012 in Encryption by Simply Security | Be the first to comment | Tags: Encryption

Strong encryption keys essential to data protection

Data security has become a top priority for most IT departments, as numerous organizations are falling victim to damaging data breaches. With cyberattacks more prevalent than ever and insider breaches still a significant threat, it has become pivotal for enterprises to devise comprehensive security policies and implement up-to-date data protection techniques.

Although hackers continue to adapt and develop increasingly targeted, sophisticated attacks on businesses, modern data protection technology can help IT departments defend critical information, enabling them to reduce risk and comply with regulatory requirements. One popular data protection method is encryption, which allows companies to eliminate the risk of unauthorized parties viewing sensitive information, prevent costly damage if a breach occurs and automate compliance tasks. With encryption, data is protected even if gets into the hands of cybercriminals or unauthorized employees.

However, simply adopting encryption technology isn't always enough. According to a recent Computerworld report, organizations must create strong encryption keys and digital rights must be secured, or else critical data could be exposed even if it's encrypted.

"Most of the standardized encryption methods or algorithms specified by [the National Institute of Standards and Technology] are good, it's just how you implement them and how you do key management," John Kindervag, an analyst at Forrester Research, told the news source. "Don't email keys back and forth, and don't leverage things like Active Directory to store keys."

Kindervag added that enterprises should leave key management to professionals who specialize in devising strong, secure keys, while many companies are outsourcing key management tasks to third-party providers. He said organizations should refrain from building their own keys.

The Computerworld report cited the example of SpecialForces.com, a provider of law enforcement equipment. In December, notorious hacking group Anonymous accessed the company's systems and stole customers' private information and credit card numbers. However, when the criminals realized the data was encrypted, they went back into the business' servers and accessed the encryption keys, resulting in the exposure of 14,000 passwords and 8,000 credit card numbers.

A recent Ponemon Institute study revealed that an increasing percentage of enterprises are realizing the advantages of data encryption. According to the survey of more than 4,000 business and IT managers from across the globe, more than half of organizations currently have an encryption strategy, a significant change from only 15 percent having such a plan in 2005.