Encryption best practices

In the heavily regulated financial services industry, the encryption and protection of data is paramount in securing network operations.

The storage infrastructures financial organizations deploy are complicated, ranging from simple networks using network attached and an assortment of file servers to large complicated storage area networks (SANs) that are connected to hundreds of host and mainframe computers with multi-port director-level Fibre Channel switches.

Regardless of the implementation, these networks are fraught with security concerns revolving around where data is encrypted and how it is protected as it flows both inside and outside the organization.

Adding to these concerns is a growing number of regulations and laws that mandate the encryption of data. These include U.S.Treasury Orders and Directives that call for FIPS-level Data Encryption Standard encryption and authe

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Protection Essentials By addressing data privacy, companies avoid public scrutiny Lessons learned: The LendingTree case Lessons learned: The Countrywide Financial breach The Societe Generale fraud story: Keith White on fraud Institutionalizing risk management for ongoing management support Risk assessments: Internal vs. external Putting risk analysis into words Lessons learned: The Texas Insurance Claims Services case Lessons learned: The Montgomery Ward breach Lessons learned: The Citibank ATM breach Secure network storage Event data analysis Top NAC challenges include cost, interoperability issues Time to prepare for SAN security Storage vulnerabilities you can't afford to miss The TJX data security breach: 10-K filing shows IAM and compliance mistakes Fitting removable storage devices into an enterprise security policy

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ntication for any Electronic Funds Transfer, and American National Standards Institute X3 and X9 standards for Personal Identification Numbers, key distribution and authentication.

The need for such encryption is starting to hit home as well. Eighty-seven percent of respondents to a survey from London, Ont.-based InfoTech Research Group, said regulatory compliance is forcing them to consider implementing encryption as a way to protect their data, but that only 54% are encrypting data at rest.

IT administrators must be able to determine how these mandates and regulations affect the encryption of data in their organizations, which data they will encrypt and where in the storage infrastructure encryption is deployed. Here are some tips on where to begin:

About the author:
Deni Connor is principal analyst for Storage Strategies Now, a research firm in Austin, Texas.