Data Security Breaches Reveal Encryption Need

Computerworld - Events such as the theft of a laptop PC containing personal information about thousands of a Rhode Island bank's customers have put a spotlight on the importance of encrypting stored data.
But IT security professionals said that substantial logistical and management issues, as well as the relative immaturity of encryption support in databases and operating systems, make the task a daunting one.
In the Bank Rhode Island case, the names, addresses and Social Security numbers of about 43,000 customers were stored in a laptop that was stolen from the Providence-based bank's principal data-processing provider, Fiserv Inc. The data was password-protected but not encoded . After the theft, Bank Rhode Island's CEO said its IT department will install encryption software on all computers.
That incident came on the heels of one at the Los Alamos National Laboratory in New Mexico in which nine floppy disks and a large-capacity hard disk containing classified information were reported missing after a routine inventory check .
The growing problem of identity theft lends urgency to the need to protect stored information, said Gartner Inc. analyst John Pescatore. Regulatory requirements for data confidentiality are also driving changes, Pescatore said. For instance, companies that encrypt data are exempt from the provisions of California's SB 1386 privacy law in the event of a database breach.
The potential for data theft by insiders—an even more serious problem than virus attacks and network intrusions by hackers—is another incentive, said Kevin Brown, a vice president at Decru Inc., a data encryption technology vendor in Redwood City, Calif.
Washington-based SwapDrive Inc., which provides online data backup and storage services to more than 150,000 corporate and individual users, is using Decru's DataFort device to protect medical and financial information as well as other customer data.
DataFort encrypts and decrypts data flowing between SwapDrive's application servers and its EMC Corp. storage systems. The process is transparent to end users, with all key management functions being handled by Decru's appliance, said SwapDrive CEO David Steinberg. "It's given our users a lot of peace of mind," he said, noting that DataFort also boosts SwapDrive's ability to attract higher-end customers that need more robust security.
Vormetric Inc. in Santa Clara, Calif., also sells encryption technology designed to safeguard data on devices such as PC disks, said Van Nguyen, director of IT security at a Mountain View, Calif.-based high-tech firm that he asked not be named. The company, which has more than 300TB of stored data distributed across offices in 30 countries, uses Vormetric's CoreGuard products to protect its own intellectual property and that of its customers.
"It protects our data while it's stored, while it's in transit and while it resides on a developer's workstation," said Nguyen. CoreGuard encrypts and controls access to the data and also logs and audits any attempts to compromise the information, he said.
But using encryption to protect stored data isn't easy, said Dennis Szerszen, an analyst at Hurwitz & Associates in Cambridge, Mass. The process can involve substantial changes in the way data is stored, accessed and backed up, he said. Large-scale encryption can also change how applications interact with one another, Szerszen added. And the management and administration of encryption keys can be another big issue.
"There have been a number of very large logistical issues that have prevented people from taking an interest in this," Szerszen said. Until recently, many IT managers thought that not encrypting data was a better option than encrypting it was, he said.

Encrypting Stored Data 1 2 Next » Recommend Digg Twitter ShareThis Email Print Send Feedback Reprints Additional Resources POLL RESULTS Leading IT Pros Weigh In on Top IT Issues Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz. WHITE PAPER For Best Results, Think Beyond the Box Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now! WHITE PAPER Accelerating the Path to Demand Intelligence with a Demand Signal Repository Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today. White Papers & Webcasts Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs Since the adoption of SOX, much has been learned about IT compliance. Discover how to make SOX efforts more effective in "Sustaining Sox...   Why Compliance Pays This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data... IDC White Paper: CCM for IT Compliance and Risk Management Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these...   Best Practices for Managing Business Risks from the Use of IT (Source: Symantec) Based on exhaustive benchmarks conducted by the IT Policy Compliance, this session highlights the relationship between business risks and use of... Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection Learn how configuration drift can challenge configuration management database (CMDB) integrity and how a configuration audit tool and an effective change management process...   Managing And Protecting Your Ever Increasing Mobile Assets (Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie... The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164 HIPAA requires businesses that handle personal health information (PHI) to set up strong controls to ensure the security and integrity of that information....   Sun OpenSSO Enterprise Webinar (Source: Sun) This webinar replay discusses Sun OpenSSO Enterprise innovation--the single, open-source solution that helps your business solve the challenges around internal access... Configuration Assessment: Choosing the Right Solution Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important industry standards and regulations. Learn why configuration assessment is...   Agile Enterprise Content Management (ECM) for Rapid ROI (Source: IBM) Content rich business processes are a core feature of daily operations at just about any organization today. Very often these essential... All White Papers | All Webcasts Computerworld Reports An Interactive eBook: Enterprise Security The Business Case for Server Virtualization Computerworld Technology Briefing: Intelligent Users Use Business Intelligence All Computerworld Reports Sign up to receive updates on the latest Security resources   White Papers Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection Configuration Assessment: Choosing the Right Solution Addressing Compliance Initiatives with Tripwire and the Center for Internet Security An All-in-One Approach to Web Security Open Source Security Myths Dispelled IT Compliance Interactive Tools Solution Overview: Symantec Control Compliance Suite 9.0 Information Security Brief by Enterprise Strategy Group EMA's 2008 Survey of IT Governance, Risk and Compliance Management in the Real World IDC White Paper: CCM for IT Compliance and Risk Management The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164 Beyond PCI Checklists: Securing Cardholder Data with Tripwires Enhanced File Integrity Monitoring Centralized Data Backup and Your WAN The Hidden Dangers of Spam Best Practices for Backing Up VMware® with Veritas NetBackup™ Symantec Security Compliance Brochure Improving Results for Legal Custody of Information Risk Readiness and Redundancy: PCI Compliance Automation Managing Spend on Information Security and Audit for Better Results Sponsored Links HP StorageWorks products-control, consolidation and confidence. 64-page prescriptive guide to security, compliance, and IT operations. Looking to add Unix/Linux functionality to Windows? FREE guide to saving up to 95% on network hardware costs. Start saving today! Enhance your career with a Boston University online Master's in CIS Find IT jobs in the Healthcare industry on Dice.com Network Tools Made By Engineers for Engineers Live Webcast: Building a More Productive Organization  A User Perspective With the NEW KODAK i700 Series Scanners get full speed at 300dpi! ITwhitepapers.com - Access thousands of white papers on 300+ technical topics. Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Introducing: Project Icebreaker Introducing the new HP ProLiant G6 server family Wait for the upturn, or get ready for it with Capgemini's Technovision study. Download it here. Instantly know your IT service state - anytime, anywhere @ AccelOps.net Try the best rules engine free! Decisions.FICO.com Learn How to Create a High Performance Workplace Thrill Dad this Fathers Day and save up to 66% plus 4 FREE Caramel Apple Tartlets from Omaha Steaks. ESET NOD32 with ThreatSense(R) - Get your free trial now! Join the conversation about the hottest IT trends with Computerworld on Twitter. Create business data you can believe in with data governance Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.