SBN

Is encryption finally going to have its day?

I think so, for a number of reasons:

The Government is handing down mandates.
After a number of high profile incidents, including an MoD laptop left on a train, the rules are being tightened across government departments. Despite the NHS being told that they have to strip budgets back to the bare minimum, they are still being told that encryption of sensitive information is a priority. This is nothing short of amazing for encryption.

Networks are maturing to the point where encryption really makes a difference.
5 years ago encryption didn’t really make any difference. If you encrypted information, you felt safe, but anyone gaining access to your systems (normally an insider with a legitimate user account anyway) could take the information along with the keys. So all you were encrypting was the infiltrator’s route to your valuable data. These days networks have intrusion detection, application firewalls, database protection, security policies that actually make sense (OK, not ALL networks!). In this situation, encryption really is valuable and not just a feel-good factor.

Regulatory bodies are catching up with the meaning of encryption.
Leading on from the previous point, where the networks are catching up, possibly due to the regulations they have to comply with in many cases, the regulatory bodies are also understanding the ramifications of what they have previously mandated. Where PCI made sure that people were securing their networks, many people have also noted that to encrypt huge databases of information is often impractical. OK for the big retailers, but for level 4 merchants to use the same kit is frankly preposterous. A more pragmatic approach has allowed people to follow compliance without meaningless application of rules, allowing the security to catch up first before the compliance drowned it out.

So all things are converging towards encryption being a) required by law, b) required for compliance, and c) actually very useful. Maybe later I’ll explain the choice of product I’m backing.

*** This is a Security Bloggers Network syndicated blog from IT Security: The view from here authored by Rob. Read the original post at: http://robnewby.blogspot.com/2009/06/is-encryption-finally-going-to-have-its.html

Secure Coding Practices