Encryption best practices

In the heavily regulated financial services industry, the encryption and protection of data is paramount in securing network operations.

The storage infrastructures financial organizations deploy are complicated, ranging from simple networks using network attached and an assortment of file servers to large complicated storage area networks (SANs) that are connected to hundreds of host and mainframe computers with multi-port director-level Fibre Channel switches.

Regardless of the implementation, these networks are fraught with security concerns revolving around where data is encrypted and how it is protected as it flows both inside and outside the organization.

Adding to these concerns is a growing number of regulations and laws that mandate the encryption of data. These include U.S.Treasury Orders and Directives that call for FIPS-level Data Encryption Standard encryption and authentication for any Electronic Funds Transfer, and American National Standards Institute X3 and X9 standards for Personal Identification Numbers, key distribution and authentication.

The need for such encryption is starting to hit home as well. Eighty-seven percent of respondents to a survey from London, Ont.-based InfoTech Research Group, said regulatory compliance is forcing them to consider implementing encryption as a way to protect their data, but that only 54% are encrypting data at rest.

IT administrators must be able to determine how these mandates

    Requires Free Membership to View

and regulations affect the encryption of data in their organizations, which data they will encrypt and where in the storage infrastructure encryption is deployed. Here are some tips on where to begin:

  • Have some means for encrypting tape cartridges before moving them to on-site or off-site archival storage. Vendors such as Crossroads Systems, Decru, CipherMax and nCipher offer products that connect to the SAN and provide data compression, data integrity checking and secure audit logging. Be sure that the introduction of these devices into the SAN does not cause performance penalties.
  • Look at encrypting data on disk. Appliances from Decru, nCiper and CipherMax can also be used to do this. Other new technologies such as Seagate's Self-Encrypting Hard Disk, which is available on laptops from Dell, NEC and Lenovo, also natively encrypt data in hardware without attendant performance penalty. Fujitsu and Hitachi drives also provide disk encryption. Any product incorporating the Trusted Computing Group's Trusted Storage Specification should also be considered.
  • Protect your mobile devices against loss or corruption. Consider implementing laptops with biometric thumbprint readers for authentication or use Microsoft's Encrypted File System to protect against data theft.
  • Encrypt all email with digital signatures and public/private key encryption. The digital signature lets a user electronically sign an e-mail message using a private key that has been assigned to them. The recipient will use the public key of the sender to verify that the message originated from him. Technologies such as these are included in Microsoft Office and in products from Postini, Zix, Ingrian and Intradyn.
  • Encrypting the data your network hard drives, laptops and media leaving your site is crucial to financial services organizations not only in preventing data leakage, but in securing the integrity of the enterprise and its data resources.

About the author:
Deni Connor is principal analyst for Storage Strategies Now, a research firm in Austin, Texas.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.