Network Computing is part of the Informa Tech Division of Informa PLC
Encryption's Hard Truths
IRVINE, Calif. -- Data Protection Summit -- Encryption is no cure-all for enterprises' data security woes, warned Gordon Hughes, associate director of the Center for Magnetic Recording Research (CMRR) at the University of California San Diego, during a keynote here yesterday.
A recent report from the Ponemon Institute revealed that about two thirds of large U.S. businesses currently have some sort of encryption strategy in place, although Hughes told users not to get carried away with the hype: "Data encryption is not a panacea." (See Encryption Set to Go Mainstream.)
Hughes, who tests ATA and SCSI drives for the National Security Agency, instead urged users to think about the effect of encryption on storage virtualization, data de-duplication, and compression. "If you leave the data encrypted everywhere, it defeats all these functions," he said, echoing CIOs' recent concerns about encrypting virtual data. (See Tales From the Virtual Crypt, What's the Key to Excellent Encryption?, and Vendors Push Virtual Security.)
De-duplication, which is set to be one of this year's hottest storage technologies, also poses some real challenges when it comes to key management. (See Users Look Ahead to 2007, Dealing With De-Dupe Doubts , and New Wave of CDP Rolls In.) "If every user has the same data encrypted with different keys, you're not going to be able to detect the duplicate data."
Hughes also talked about the lack of encryption standards, urging users not to get too excited about short-term results from industry bodies like the Trusted Computing Group. (See Red Tape Trips Up Security.) "It's a great idea, but it's not going to happen instantaneously," said Hughes, highlighting the challenge of getting so many different vendors to work together. "I don't think it's going to happen for several years."
Recommended For You
From infrastructure to app delivery, from data to applications, it’s past time to modernize your practices, processes, and providers to ensure you’re able to take advantage of AI and whatever comes next.
What skills do network managers really need to properly secure industrial networks? What new protocols, frameworks, and regulations are important? And what conferences and certifications can help? Here are five tips to get started.
A full-stack approach to retail edge offers retailers a way to optimize operations and adapt to changes in a post-pandemic world.