Embed Size (px)
Citation preview
42
Info
security To
day
May/June 2006
co
lu
mn
With the distinction between theinside and outside of an enter-
prise disappearing, and remote usersdemanding access from anywhere atanytime, organizations are turning to amore data-centric approach to security.Encryption is fundamental to this shift.
While cryptography has long beenused to protect data in transmission,it is now used to protect data at rest,in databases, file systems and storagedevices. In addition, cryptography isexpanding beyond privacy enforce-ment to establish the integrity of dataand documents, and to ensure the se-curity of audit information, easingcompliance.
Many of the building blocks for thisnew data-centric security are alreadyin place.
• Public key enabled applications.The 'year of PKI' never happened,but functionality based on publickey cryptography is everywhere.The ability to use digital certifi-cates, signatures and encryptionnow support secure web sites,email messaging, mutual authentica-tion and document protection.
• SSL everywhere.No longer limited toe-commerce, Secure Socket Layer is aubiquitous feature of enterprise appli-cations and networking equipment.
• Plug and play data level protection.Adopting data encryption has oftenmeant modifying software applica-tions, writing custom code andchanging business processes.Today,off the shelf solutions encrypt con-tent transparently within the data-base, filing system and storage fabric.
• Cryptographic bottlenecks.Worriesthat encryption would degrade sys-tem throughput have disappeared,thanks to fast cryptographic accel-erators and offload devices.
• Trusted computing and trustworthydevices.Authenticating users is onlyhalf the problem; it is also impor-tant to know if their terminal or ac-cess device can be trusted.
• Embedded security such as TrustedPlatform Modules (TPMs), provide a'seat of trust' for commercial com-puters and laptops.
Despite these advances, there arestill deployment and managementchallenges. But market factors arecoming into play that will removethese roadblocks.
• Inexpensive tokens for strong au-thentication. Organizations do notwant to rely on password-based se-curity for accessing decryptionkeys, but anything stronger hasbeen prohibitively expensive. Now,competitive pressures are com-moditizing tokens, driving function-ality up and prices down, and USBcard readers in laptops and key-boards are lowering deploymentcosts.
• Security standards with teeth.Unified standards are emerging.Web services led the way by defin-ing both encryption and signing.The Trusted Computing Group(TCG) is revolutionizing PC plat-form security, while the PaymentsCard Industry (PCI) standards de-fine an approach to data privacyand audits.
• Cryptographic management for scalability.The challenge of managing cryptographic keys be-comes more severe as cryptography
proliferates.This drives the need forscalability. Products are emerging tomanage and automate key distribu-tion across disparate applicationsthat run on large numbers of geo-graphically dispersed computingdevices.
• Identity management systems thatlook at devices and people. Earlyidentity management systems haveevolved to also manage rights andentitlements, provisioning and de-provisioning access to business ap-plications. Soon these systems willencompass the identity and rightsof devices and automated systems,not just users.They will also definerights and entitlements in a moregranular way, controlling access toindividual data items, not simply toapplications.
It is becoming clear that enterpris-es will need to lay a cryptographicfoundation for data and content se-curity. But establishing cryptographyas the underlying ‘language’ of secu-rity is just the start. Success dependson the ability to set, manage and en-force fine-grained policies while atthe same time automate the keymanagement function, which is cen-tral to any robust cryptographic se-curity system.
The building blocks are now inplace. Cryptography is convergingwith other security technologies,including identity management systems and strong authentication.This will ensure that only thoseusers and machines that have rightsto view and use the data will beable to unlock it.At the same time,enterprise-wide key management isbecoming a reality. •About the authorDaniel Murton is director of corporate
marketing at nCipher.
Crypto goes into thebloodstreamDaniel Murton
Cryptography is moving to centre-stage as companies seek to secure theirdata at rest and in transmission.
Daniel Murton
"Market factors arecoming into playthat will remove
these roadblocks."
