Page 12 - CDM-Cyber-Warnings-January-2014
P. 12
employees find ways to undermine your efforts. So, here are some of the things you need to consider before implementing an enterprise encryption solution: Access controls need to be robust and flexible Even if you have a great system to automate key management, it's possible to set up your access controls badly. If you rely on your IT department to manually set up permissions, you're adding power users to your network - a regulatory problem as well as a security one. Simultaneously, you're taking accountability away from the employees who actually own and use those resources. Encryption should not be intrusive While advances in computing power mean encryption now has a negligible overhead in terms of processing, it can still have a significant impact on usability. Workers might flinch at the thought of installing a local client to decrypt data, especially on personal devices like smartphones, so choose your solution wisely. Furthermore, employees often respond to overbearing security by finding novel ways to work unsafely - a phenomenon known as shadow IT - like using their own software or personal cloud storage. Minimize Maintenance & Support In the same way installing software on employees' personal represents a burden for your IT department. The chances are your workers want to be able to consume information anywhere, on any machine. Will your encryption solution support this aligned with your corporate security and compliance policies? Similarly, consider the effort and cost associated with migrating systems, or adding encryption to legacy environments. Such action may affect interoperability between critical applications and data, resulting in business interruption and support issues if not properly planned. In summary, factors like these make it extremely important for the enterprise to carry out a risk assessment before encrypting their content, as well as considering factors like employee resistance and legacy infrastructure. In many scenarios, an end-to-end encryption solution that encrypts everything, as proposed by Eric Schmidt won't be applicable - it's more important to identify what data really needs to be secure and consider the impact of how you safeguard it. About The Author Håkan Saxmo, Chief Technical Officer, Cryptzone Håkan Saxmo has 20 years' experience in senior technical roles for development, manufacturing and support within internationally renowned companies, including Jeppesen (a Boeing company), Intermec International, AST and Tandy. For the last 15 years he has held senior leadership roles in Sweden and UK, where he has been responsible for strategic development and quality programs. Håkan has a Masters in Science Electrical Engineering from The Royal Institute of Technology, Stockholm, Sweden. Håkan now leads the design and development teams at Cryptzone, creating solutions that enable organizations to securely connect, collaborate and comply within the digital workplace, thereby improving document security, access control and compliance auditing capabilities. www.cryptzone.com + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *
