Encryption best practices

In the heavily regulated financial services industry, the encryption and protection of data is paramount in securing network operations.

The storage infrastructures financial organizations deploy are complicated, ranging from simple networks using network attached and an assortment of file servers to large complicated storage area networks (SANs) that are connected to hundreds of host and mainframe computers with multi-port director-level Fibre Channel switches.

Regardless of the implementation, these networks are fraught with security concerns revolving around where data is encrypted and how it is protected as it flows both inside and outside the organization.

Adding to these concerns is a growing number of regulations and laws that mandate the encryption of data. These include U.S.Treasury Orders and Directives that call for FIPS-level Data Encryption Standard encryption and authentication for any Electronic Funds Transfer, and American National Standards Institute X3 and X9 standards for Personal Identification Numbers, key distribution and authentication.

The need for such encryption is starting to hit home as well. Eighty-seven percent of respondents to a survey from London, Ont.-based InfoTech Research Group, said regulatory compliance is forcing them to consider implementing encryption as a way to protect their data, but that only 54% are encrypting data at rest.

IT administrators must be able to determine how these mandates and regulations affect the encryption of data in their organizations, which data they will encrypt and where in the storage infrastructure encryption is deployed. Here are some tips on where to begin:

• Have some means for encrypting tape cartridges before moving them to on-site or off-site archival storage. Vendors such as Crossroads Systems, Decru, CipherMax and nCipher offer products that connect to the SAN and provide data compression, data integrity checking and secure audit logging. Be sure that the introduction of these devices into the SAN does not cause performance penalties.
• Look at encrypting data on disk. Appliances from Decru, nCiper and CipherMax can also be used to do this. Other new technologies such as Seagate's Self-Encrypting Hard Disk, which is available on laptops from Dell, NEC and Lenovo, also natively encrypt data in hardware without attendant performance penalty. Fujitsu and Hitachi drives also provide disk encryption. Any product incorporating the Trusted Computing Group's Trusted Storage Specification should also be considered.
• Protect your mobile devices against loss or corruption. Consider implementing laptops with biometric thumbprint readers for authentication or use Microsoft's Encrypted File System to protect against data theft. ...
  
  To continue reading for free, register below or login

  Requires Membership to View

  To gain access to this and all member only content, please provide the following information:

  Email Address:
  
  
  

  By joining SearchFinancialSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  To read more you must become a member of SearchFinancialSecurity.com

  As an existing member of the TechTarget network please activate your SearchFinancialSecurity.com account 

  By joining SearchFinancialSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  
  
  

  Digg This!     StumbleUpon     Del.icio.us

  
  
  
  

  RELATED CONTENT Data Protection Essentials By addressing data privacy, companies avoid public scrutiny Lessons learned: The LendingTree case Lessons learned: The Countrywide Financial breach The Societe Generale fraud story: Keith White on fraud Institutionalizing risk management for ongoing management support Risk assessments: Internal vs. external Putting risk analysis into words Lessons learned: The Texas Insurance Claims Services case Lessons learned: The Montgomery Ward breach Lessons learned: The Citibank ATM breach Data encryption techniques How to secure data backup Too many encryption methods make secure communications difficult Massachusetts data protection law has mixed impact on financials RBS WorldPay agrees to market VeriFone end-to-end encryption Download presentations from Financial Information Security Decisions 2009 Data encryption: Pre-implementation best practices Data encryption: Lessons learned from implementation Data encryption: Q&A with Eric Leighninger Community banks to increase security spending, survey finds Lessons learned: The State Street Corp. breach Data classification methods and guidelines How to secure data backup Download presentations from Financial Information Security Decisions 2009 Data governance and classification Data encryption: Pre-implementation best practices Data encryption: Q&A with Eric Leighninger Protecting data in a merger and acquisition Event data analysis By addressing data privacy, companies avoid public scrutiny How to classify security for enterprise file folders Time to prepare for SAN security

  RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

  
  
  

• Encrypt all email with digital signatures and public/private key encryption. The digital signature lets a user electronically sign an e-mail message using a private key that has been assigned to them. The recipient will use the public key of the sender to verify that the message originated from him. Technologies such as these are included in Microsoft Office and in products from Postini, Zix, Ingrian and Intradyn.

Encrypting the data your network hard drives, laptops and media leaving your site is crucial to financial services organizations not only in preventing data leakage, but in securing the integrity of the enterprise and its data resources.

About the author:
Deni Connor is principal analyst for Storage Strategies Now, a research firm in Austin, Texas.