Recent incident of whistle-blower Edward Snowden’s revelations creates confusion over authenticity and workability of many encryption products. Choosing right encryption software provider is the key for data security for your organization. Below are some tips and techniques to choose right encryption software:
- Random number generators are important. They play a role in the creation of digital certificates.
- If numbers are predictable then it causes breaches due to easy access to secure codes.
Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says organizations should stop using older encryption algorithms like the deprecated DES (Data Encryption Standard), and even its relative Triple DES, which is simply DES applied three times to each data block.
“In the last 30 years, no one can prove that the NSA did more than influence minor changes in their development. The bottom line is that in most cases the NSA appears to have actually improved the math.”
Longest Encryption Keys
“Today AES 128 is strong, but I say go to 512 or the highest key strength you can implement using what you have today,” he says.
Encrypt in Layers
“I say if there is a way to encrypt, then encrypt. That means in your database encrypt each field, each table, then the whole database. You have to make it so hard for an attacker that it is not worth the effort,” he advises.
Secure Encryption Keys
“If you can implement an encryption system where you control the keys to the data stored in the cloud, then that is going to be much more secure,” says Dave Frymier, chief security officer at IT services company Unisys. Devices such as cloud encryption gateways that handle the encryption to and from the cloud automatically can help companies achieve this sort of security.
“In practice it is very hard to implement an encryption system as it has many moving parts, any one of which can be a weak point,” says Ramon Krikken, an analyst at Gartner. “You have to do a great deal of due diligence to make sure that your encryption implementation is done right.”
External factors over which companies have very little control can compromise the security of encryption systems and needs to secured.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.