Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Market Analysis: Storage Security: Page 7 of 11

The recent bad press about SHA-1, even though the attacks were mostly contrived in situations where the keys or data had to conform to a certain set of criteria, guarantees that you'll be using one of the new hashing standards. Make sure the product you choose is expandable--in security, the only certainty is change.

Costly, but Prudent

Overall, there are no real surprises in the cost of data security. Encryption of data costs you in terms of bandwidth and latency, though not as much as you might expect. Access control and authentication cost you in terms of the management hours required to set up and maintain access-control lists, though group-based management does save you time. Choosing a product that mitigates the cost through support for RADIUS is a good idea if you're maintaining a large network.

In fact, not securing your data at rest could end up costing you more than even a fleet of expensive encryption appliances. By the end of next year, failure to encrypt credit-card numbers stored in databases will be considered negligence in civil cases arising from unauthorized disclosures, according to Gartner.

Already, ChoicePoint shareholders are suing after the company's shares plummeted on news that consumers' personal data had been stolen. Identity theft costs U.S. businesses and consumers $50 billion to $60 billion a year, according to the Federal Trade Commission. It's not a stretch to expect more consumers to sue the companies that let their data be pilfered. What's more, the California Database Security Breach Act, which applies to any business with customers in that state, requires disclosure even if a break-in is only suspected.