Many IT and BI professionals are dissatisfied with the interoperability and efforts of vendors and storage vendors. Vendors have made it clear that they are interested in encryption standards versus cost and integration challenges. The encryption extension is good, but not the only or ultimate solution. A critical application will eventually need access to encrypted data. If an attacker can view unencrypted data in one application, chances are everyone else can too. In an enterprise-wide architecture, protection is badly needed alongside a single personal node – unauthorized access is unacceptable.
A well-known news and information medium conducted a survey. Information technicians and business intelligence professionals were surveyed. 28% of respondents said they plan to expand their use of encryption well beyond the minimum standard(s).
Creating public interoperability standards would give open source communities a level playing field. Compared to commercial product technologies, “open source” (free exchange of technological information; describes practices in production and development that promote access to the raw materials of the end product, the Internet, communication channels and interactive communities) is not known for being the best management skills. The competition is proven to keep everyone on their toes. The resulting survey analysis and conversations with CISOs (Chief Information Security Officers), a focus on encryption and compliance, are underutilized and/or underutilized. Businesses using top applications encrypt or plan to do so… alongside multiple firewall protection software applications. With the involvement of VPNs (Virtual Private Networks), email, file and data systems, a breach can have devastating consequences. These practices don’t really solve the protection problem. However, a reduction in risk can be seen.
A Chief Information Security Officer (CISO) is the senior executive within an organization. The CISO guides employees in identifying, developing, implementing and maintaining processes throughout the organization to reduce information and information technology (IT) risks, respond to incidents, establish appropriate standards and controls, and establish and enforce policies and control procedures. Typically, the CISO’s influence reaches throughout the organization. Michael A. Davis reports top-level statistics on encryption use by 86% of 499 business tech professionals who say they feel fairly secure. His data is based on a survey by Information Week Magazine on the state of encryption. Davis also states that 14% of respondents say encryption is pervasive in their organization(s). Integration challenges and costs aside, the lack of leadership is at the root of the desolate state of encryption trade shows. “38% encrypt data on mobile devices, while 31% say their use is just enough to meet regulatory requirements.” The compliance focus on encryption frees organizations from notifying customers of a breach in their device security. The Davis Report goes on to state that “entrenched resistance” is not a new phenomenon. A 2007 survey by the Phenomenon Institute found that 16% of US companies encrypt enterprise networks, starting with tape backups. “Doing the bare minimum is not safety,” Davis quoted as saying. “IT and BI professionals face stiff resistance when trying to do more for technology adopters.”
Many enterprise IT and BI professionals are working to increase the use of encryption. Fast and easy access to data interests users more than attention to security. Even when using flash drives, laptops and other portable media, from the CEO (Chief Executive Officer) to the frontline users, encryption never crosses their minds.
Interoperability (a property that refers to the ability of disparate systems and organizations to work together, interoperate, interoperate with other current or future products or systems without restricted access or implementation) would make encryption management more cost-effective and user-friendly. Statements from IT and BI pros advocate the use of encryption for files and folders (something Microsoft is currently working on) that simplifies performance and usage, while reducing costs is the key to better management. Many professionals still wish for more regulation(s). A breach would require customer notification…this action would allow interaction between finance and management and draw more attention to regulatory intervention. “An enterprise-wide initiative as complex as encryption, primarily to comply with regulations, will generally result in a poorly planned project and will likely end up costing more than a planned understanding program,” according to the Davis report.
Tokenization (breaking up a stream of text into meaningful elements called tokens) uses a service that involves accessing a system’s sensitive information, such as a password. B. a credit card number. The system is given a “unique token ID number”. An example of this is a 64-digit number that is used in applications whenever the credit card number is called up by the system. The action also includes database numbers. This change was implemented in 2007. Should the data be compromised (attacked or hacked) in any way, the manipulative tech-acoster would then have no way of reversing the 64-digit numbers back onto the card… and virtually impossible to perform a read receipt. Several systems are designed to destroy the key (number) in an emergency. The action makes it impossible to restore the saved data on the system… inaccessible to everyone. This is a chief information officer’s nightmare. Many companies are interested in individual, specialized and standardized encryption products. The product operates on a “single encryption platform” while a single or centralized application manages multiple forms of encryption keys. This platform promises increased efficiency and lower costs while providing security. The caveat to using this model is using a simple platform to handle email encryption and a backup feature can be detrimental if poorly planned and/or mismanaged. Basket.” The way to go is the Use of “native key management” (provisions in a cryptographic system design relating to generation, exchange, storage and security – access control, physical key management and access) on a Consolidation in the encryption industry represents an ongoing evolution. An environment is emerging , in which encryption vendors sell multiple products as “unified platforms” r encryption products, some IT and BI pros believe.
Another security concern is that encryption vendors have difficulty managing code keys from different vendors. They seem to stumble over each other through competition and scrambling from last to first in line. Vendors struggle to find their separate standards on the same page. They constantly bicker over the details of operation and compliance, and whether “free and cheap products will shut them out” – and take over the industry.
A central key directory is easy to manage. Updating and reporting is an essential and vital task for all IT and BI professionals. Microsoft’s Active Directory (AD) could very well be the leading encryption huckster on the block. The installed base AD systems from Microsoft are manageable via group policy objects embedded in the application(s) and operating system (OS) programs. AD is the most used directory for business and PC users, while many IT and BI engineers already know how to use and work with it. All major Microsoft encryption products offer centralized management via AD as well as enterprise-wide encryption technologies. What’s cheaper than free?
Windows offers portable and powerful full disk encryption… E-mail, folder, file and database encryption is available free of charge. Who can beat this price?
Users are not prevented from emailing unencrypted versions of folders and files – or transferring data to a portable device connected to the USB (Universal Service Bus) port… it only works if the Entity on the other end same or uses comparable email application which many companies are not compliant – (no one seems to follow data encryption policy protocol). Interoperability within encryption and key management can be leveraged based on how data is stored and implemented—while we wait for standardization to shake its heavily laden whole mane free of snags. Data exploitation, hackers and other attackers i.e. malware, spyders, pop-ups etc. would have nothing but the annoyance and hardship they inflict on others. Using encryption interoperability…can’t stop intruders, but it will make intrusion bloody hard, if not impossible.
Businesses, organizations and home users must and should take a risk management approach… implement encryption.
Until next time…