Encryption isn't bulletproof if keys and digital rights are left out in the open. Here's how to lock down stored data. Encryption can make up for a litany of security snafus -- from a bad firewall to an unrelenting hacker to a lost laptop. Once data is encrypted, criminals can't use or sell it. Plus, if encrypted data goes missing, companies are protected from disclosure requirements in most states. No wonder 38% of companies surveyed by Forrester Research have already adopted full-disk encryption technology. But data protection doesn't stop there. Encryption keys and digital rights also must be well orchestrated and secured, or else encryption protection goes out the window.
For instance, encryption keys kept in a predictable place are like house keys left under a welcome mat: They're easy prey for intruders.
In December, hacking group Anonymous broke into SpecialForces.com, a provider of law enforcement equipment, and stole thousands of customers' data and credit card numbers. The data was encrypted, so the crisis appeared to have been averted. But the hackers didn't stop there. They broke into the company's servers and stole the encryption keys. The group then leaked roughly 14,000 passwords and 8,000 credit card numbers of customers on its website.
"Most of the standardized encryption methods or algorithms specified by [the National Institute of Standards and Technology] are good, it's just how you implement them and how you do key management," says John Kindervag, an analyst at Forrester Research.
To Continue Reading: Click Here
Source: Computer World
By: Stacy Collett