Focus on encryption policy warns expert

gallery

Policies and practices need to be focused on by business as far as encrypting data is concerned, according to a cryptography expert.

Talking to IT PRO, Nicko van Sommeren, chief technology officer of encryption company nCipher, said that without proper controls on key management costs would "explode".

"While enterprises increasingly need to deploy a strong cryptographic foundation for data security, the focus is less on detail, such as algorithms and key lengths, and more on practices and policies," he said.

"It is just as important to manage the distribution and recovery of cryptographic keys, and control the rights to access those keys to secure the data they protect."

He said if companies get that wrong then "management costs will explode".

"Worse still, lose the keys and there is the potential for creating the equivalent of a giant electronic document shredder since the encrypted data can effectively never be recovered without the correct key," van Sommeren said.

He said that data is no more sensitive than it was ten years ago when the company started but nowadays there is much more of it and "even more people want access to it anytime and from any location, so business agility has become the name of the game."

"The challenge now for many companies is to open up their internal systems for greater flexibility, while at the same time recognising the extremely high level of scrutiny and regulatory pressure around the privacy and integrity of personal and corporate information," said van Sommeren.

He said that traditional boundaries are now disappearing and a more data-centric approach to security means that critical information needs protecting wherever it is.

Email to a friend

Print this page