Thursday, April 30, 2009

DO YOU FEAR DEPLOYING ENCRYPTION IN YOUR ORGANIZATION?

The last time we discussed encryption we examined its role in enhancing and protecting personal privacy. This piece continues by discussing why organizations should employ encryption as a priority tool in their security framework.

The current depressed global economy has resulted in a burgeoning market for stolen data.

Companies have, in the recent past, been slow to employ encryption due to various reasons. It used to be hard to set up and would slow network performance. The primary fear was that if a company used encryption on critical data and something went wrong, then that data would be irretrievable.

These concerns were justified then but are no longer relevant today. The first fear we should dispel about encryption is that implementing it is insanely difficult. Enterprise encryption software is now easy to deploy and maintain. You need to first establish how critical data flows through and out of the company. You also need to locate where this data resides. You will then be able to identify who has or can gain access to the data. Deploying encryption in these areas therefore becomes easier.

The second concern has been that encrypted data compromises network performance. This was true when encryption technology was in its infancy. Today’s solutions have been developed to make the best use of available computing cycles. They extensively use background processing to minimize their impact on the network.

It is also widely believed that managing an enterprise encryption solution is excessively complicated. Today’s encryption solutions are centralized and fundamentally simplify the oversight and administration functions.

It is also feared that encryption negatively affects data availability. Encryption does not limit access to data. It will only do so if you encrypt your database without carefully examining your enterprise use patterns. You should determine which critical applications are accessing the database most often. This will help you optimize your encryption solution to remove any bottlenecks or access delays.

Encryption finally invokes one doomsday dread. This is where a technical or staffing problem makes it impossible to decrypt your data. Imagine if the IT manager suddenly leaves the organization in a huff. Enterprise encryption will not leave you in such a lurch. There are double-authentications which require more than one person to access the key. If the key somehow becomes unavailable you can use the built-in restoration tool to decrypt your data. And with the numerous checks and balances that are in the software, any encrypted data can be decrypted and restored without resorting to expensive external consultation.

Encryption is necessary for any company that handles customer details and other critical data. There is now no sensible fear that justifies delaying usage of this crucial defense tool.

No comments: