Encryption is not encryption is not encryption, warns Applied Security
1 min read
Manufacturers are putting too little time and effort into the fight against Internet crime, despite high profile security breaches.
So says Volker Scheidemann, product manager at encryption specialist Applied Security, warning that designs, manufacturing plans and test and performance data are being put at risk.
“The financial, reputational and legal consequences of confidential data falling into the wrong hands can be dire,” he says. “Wind turbine producer Enercon knows this only too well. It claims its construction plans for an innovative turbine were leaked to an American competitor who then filed a patent.”
He also draws businesses’ attention to white-collar crime, citing KPMG’s study in 2006, which found that mistakes, negligence and deliberate breaches by employees present the greatest risk.
“Most information losses can be prevented by using encryption,” says Scheidemann, adding that the only other hurdle is choosing the right technologies.
“One of the biggest concerns about encryption is that it presents a barrier to day-to-day workflow and is complex to use and manage. Therefore, a critical factor for enterprise systems is the ability to encrypt data automatically and seamlessly, without user interaction.”
Scheidemann suggests that both hard drive encryption and virtual container encryption have their limits, primarily in terms of manageability. He suggests file and folder encryption, which make use of the existing folder structure, so that network administration remains intact.
“File and folder encryption … provides protection for the network as well as for local hard drives. However, like container encryption, the user must be careful to store data in the correct place.”
His advice: use centrally administered software. “It allows for the secure automated company-wide encryption of data, regardless of whether data is stored on file servers, workstations, notebooks or USB sticks.”
Beyond that, he advises that administration of the security software should also be separated from network administration to maintain control. “This takes away worries that the internal administrator possesses a master key to all corporate secrets.”
