- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Whether you're protecting corporate data from internal leakers, hackers looking to steal money from you and your customers, foreign spies, your own government, or employees accidentally leaving their laptops in a taxi, encryption is today's hot go-to tool.
But encryption done wrong can be worse than no encryption at all, since it gives you an unwarranted senses of security. Here are tips for doing encryption right.
TIP 1: Use the strongest encryption you can
If your data must absolutely, positively, be protected at all cost, use well-known, battle-tested algorithms and the longest keys you can practically manage. Use hardware-based encryption to take it up another notch. The NSA isn't the only organization out there with supercomputers.
Intel is one of several companies working on expanding hardware-based encryption technologies. Moving these processes to the hardware level can increase speeds four-fold, says Jason Kennedy, Intel's director of product management. “By accelerating this process four times, you're allowing folks to be able to implement your corporate processes much more effectively.”
In addition, full drive encryption on laptops becomes less annoying for employees, who are then less likely to turn it off. “We're trying to make sure that the security doesn't get in your way,” says Kennedy.
TIP 2: Keep your keys safe
If your encryption is strong enough that not even a foreign government with a supercomputer can break it, then you're in for a world of trouble if you lose your encryption keys.
“My first tip to anyone who starts to think about encryption is to think about the keys,” says Tsion Gonen, encryption expert and chief strategy officer at SafeNet. “Keys first, encryption second.”
That means planning ahead for how the keys will be generated, how they will be stored, who will be allowed access, how often the keys will be replaced, and when those keys will be deleted.
This usually requires the use of key management technology, since many of these tasks can be difficult to do manually, and mistakes can be fatal. And, as with passwords, you don't want to be using the same keys everywhere.
“You should change your keys every two years, under some recommendations,” says Mike Fleck, CEO of CipherPoint Software, a Denver-based security company. And it's not just for the obvious reason that you don't want hackers who get their hands on a key to have access to all your data.
“The bigger the sample size of your encrypted data, the more opportunities a hacker has to find patterns in the data and brute-force the key,” he says.
TIP 3: Delete keys to permanently erase data in the cloud
If your company is using the cloud to share sensitive documents or to make convenient backups, are you sure that your files are really gone when you move them to the trash? (Also read a roundtable discussion on cloud security.)
“A customer of ours is an online legal company, and their clients put legal documents on their cloud service,” says SafeNet's Gonen. “They were asking, 'If we hit delete on a document, is it really deleted, or was it backed up 10 times somewhere on the cloud infrastructure and could still be around?' One way to prove that something was deleted is to delete the key. Then it doesn't matter if it's still somewhere.”