Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Securing Data Wherever It Travels

Over the years, IT managers have struggled to ensure data is encrypted while it travels across the network, and as it resides on disk -- whether that's within the data center, on network-attached storage, or in individual workstations. In an attempt to better manage data, some enterprises have tried to create so called "zones of trust" that are designated to handle data at varying degrees of sensitivity.

"These approaches really don't work over the long term, because data is constantly being accessed by users, moved, and replicated," says Pete Lindstrom, research director at Spire Security.

Of course, Lindstrom isn't arguing that users shouldn't access and use enterprise data, but he is suggesting that the weakness in the approaches to encryption and data security is the fact that users must unencrypt data to be able to access and manipulate it. Then that data can often be freely moved to thumb drives, personal notebooks, and even emailed to anybody. Desktop encryption tools, such as PGP, BitLocker for Windows, and open-source TrueCrypt disk encryption, require users to take too many actions and make too many decisions on the data they use to be practical.

"When people are forced to classify data, they classify everything as top secret or everything is marked non-sensitive, and it's part of the reason why organizations will continue to have leaks and breaches," says Christofer Hoff, chief security architect at IT services provider Unisys.

However, the convergence of Data Leak Protection (DLP) and enterprise Digital Rights Management (eDRM) software with document management and enterprise content management applications and eventually into the operating system and networking protocols means enterprises may be able to build a security framework where encryption and access rights to information actually travel wherever data flows.

  • 1