Data Security Breaches Reveal Encryption Need

Computerworld - Events such as the theft of a laptop PC containing personal information about thousands of a Rhode Island bank's customers have put a spotlight on the importance of encrypting stored data.
But IT security professionals said that substantial logistical and management issues, as well as the relative immaturity of encryption support in databases and operating systems, make the task a daunting one.
In the Bank Rhode Island case, the names, addresses and Social Security numbers of about 43,000 customers were stored in a laptop that was stolen from the Providence-based bank's principal data-processing provider, Fiserv Inc. The data was password-protected but not encoded . After the theft, Bank Rhode Island's CEO said its IT department will install encryption software on all computers.
That incident came on the heels of one at the Los Alamos National Laboratory in New Mexico in which nine floppy disks and a large-capacity hard disk containing classified information were reported missing after a routine inventory check .
The growing problem of identity theft lends urgency to the need to protect stored information, said Gartner Inc. analyst John Pescatore. Regulatory requirements for data confidentiality are also driving changes, Pescatore said. For instance, companies that encrypt data are exempt from the provisions of California's SB 1386 privacy law in the event of a database breach.
The potential for data theft by insiders—an even more serious problem than virus attacks and network intrusions by hackers—is another incentive, said Kevin Brown, a vice president at Decru Inc., a data encryption technology vendor in Redwood City, Calif.
Washington-based SwapDrive Inc., which provides online data backup and storage services to more than 150,000 corporate and individual users, is using Decru's DataFort device to protect medical and financial information as well as other customer data.
DataFort encrypts and decrypts data flowing between SwapDrive's application servers and its EMC Corp. storage systems. The process is transparent to end users, with all key management functions being handled by Decru's appliance, said SwapDrive CEO David Steinberg. "It's given our users a lot of peace of mind," he said, noting that DataFort also boosts SwapDrive's ability to attract higher-end customers that need more robust security.
Vormetric Inc. in Santa Clara, Calif., also sells encryption technology designed to safeguard data on devices such as PC disks, said Van Nguyen, director of IT security at a Mountain View, Calif.-based high-tech firm that he asked not be named. The company, which has more than 300TB of stored data distributed across offices in 30 countries, uses Vormetric's CoreGuard products to protect its own intellectual property and that of its customers.
"It protects our data while it's stored, while it's in transit and while it resides on a developer's workstation," said Nguyen. CoreGuard encrypts and controls access to the data and also logs and audits any attempts to compromise the information, he said.
But using encryption to protect stored data isn't easy, said Dennis Szerszen, an analyst at Hurwitz & Associates in Cambridge, Mass. The process can involve substantial changes in the way data is stored, accessed and backed up, he said. Large-scale encryption can also change how applications interact with one another, Szerszen added. And the management and administration of encryption keys can be another big issue.
"There have been a number of very large logistical issues that have prevented people from taking an interest in this," Szerszen said. Until recently, many IT managers thought that not encrypting data was a better option than encrypting it was, he said.

Encrypting Stored Data 1 2 Next » Recommend Digg Twitter ShareThis Email Print Send Feedback Reprints Jump to comments Security Additional Resources WHITE PAPER Do You Know the 7 Steps to Successful Data Migration? Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business. WHITE PAPER Total Cost of Ownership of Server Computing Vs. PCs Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment. WHITE PAPER IDC White Paper: Linux in a Global Recession Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today. White Papers & Webcasts Share our Strength Download Now   Lower the Cost and Complexity of a Mobile Workforce through Automation Download This Resource Now! Top 10 Things to Know about Data Protection Download Now   Managing Mobility: Improve Data Security, Compliance and Manageability Download This Resource Now! Top 10 Actions a CIO Can Take to Prepare for a Hurricane Download Now   Managing Secure File Transfer to Save Time, Money and IT Resources Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with... Ponemon Study: The Business Risk of a Lost Laptop Download Now   Security Convergence Equals Network Security Cost Savings Listen to IBM Internet Security Systems' take on network security convergence. Airport Insecurity: The Case of Lost Laptops Download Now   Disaster Recovery 2008: Reduced Costs and Improved Performance How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this... All White Papers | All Webcasts Computerworld Reports 8 Questions To Ask About Your Intrusion-Security Solution Computerworld Technology Briefings IT Service Management Computerworld Briefing - Analytics: The Art and Science of Better All Computerworld Reports Sign up to receive updates on the latest Security resources   White Papers Share our Strength Top 10 Actions a CIO Can Take to Prepare for a Hurricane Airport Insecurity: The Case of Lost Laptops Optimizing Information Insight: How to Make Fast, Reliable Decisions Based on Consolidated Information Encompassing All Your Data Retooling IT for a Mobile Workforce: The Importance of Automation The Forrester Wave™: Web Filtering, Q2 2009 PCI DSS Compliance in the UNIX/Linux Datacenter Environment A Process-based Approach to Protecting Privileged Accounts & Meeting Regulatory Compliance From Trust to Process: Closing the Risk Gap in Privileged Access Control Can Heuristic Technology Help Your Company Fight Viruses? Top 10 Things to Know about Data Protection Ponemon Study: The Business Risk of a Lost Laptop Mitigating Litigation Risk with Email Management Tools Solving On-premise Email Challenges with On-demand Services Leverage the full power of VMware The Forrester Wave™: Email Filtering, Q2 2009 Privileged Access Lifecycle Management: How PALM Enables Security, Compliance, and Efficiency for Enterprise IT Preventing Data Breaches in Privileged Accounts Using Access Control The State of PCI DSS Compliance at Organizations Today Why Email Must Operate 24/7 and How to Make This Happen Sponsored Links Play NetApp's New Data Defense Game. Return on Information: Google Enterprise Search pays you back. Get the facts. How Do You Rank as an Innovation Leader? Download Recent Study. See how AT&T can help protect your network. 3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010. NetScaler VPX : Harness the Power of Virtualized Web App Delivery Get more enterprise mobility value for up to 25% less. Unified Communications: Thoughts, Strategies and Predictions. Join the discussion. NYUs M.S. in Management and Systems. Offered Online and On-site. Crystal Reports Server: More options. Not more money. Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval. Tolly Performance Report  "Citrix NetScaler with nCore Outperforms F5 BIG-IP" Save up to 61% plus Free Cheesecake Find IT jobs in the Healthcare industry on Dice.com With the NEW KODAK i700 Series Scanners get full speed at 300dpi! Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show Stay informed with custom newsletters from Tech Dispenser New DW Options and Price Points. View Teradata Platform Family Data Sheet. To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial Play NetApp's New Data Defense Game. Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More 64-page prescriptive guide to security, compliance, and IT operations. Streamline IT Costs. Boost Performance with WAN Optimization Enterprise Network & Server Monitoring Software. Cross over to Traverse... Increase UPS efficiency without sacrificing protection Crystal Reports Server: Single server access to reports & dashboards Create new opportunities. See business making progress now ESET NOD32 with ThreatSense(R) - Get your free trial now! Looking to add Unix/Linux functionality to Windows? Join the conversation about the hottest IT trends with Computerworld on Twitter. ITwhitepapers.com - Access thousands of white papers on 300+ technical topics. Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Introducing: Project Icebreaker About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.