Comments on: Encryption: An “unapproachable” subject?

By: johnmandre

johnmandre — Sat, 01 May 2010 09:17:37 +0000

Encrypting email is no easy task. The problem is that even if you can get an encryption package setup on your end you still have to depend on your recipient to get the software configured properly on their end. If they are technical people, this might be possible. However, for non-technical people, forgetaboutit!

Encrypting hard drives and websites is not difficult.

By: The most-watched IT questions this week: March 2, 2010 - ITKE Community Blog

The most-watched IT questions this week: March 2, 2010 - ITKE Community Blog — Tue, 02 Mar 2010 14:23:25 +0000

[...] TechTarget’s SearchSecurityMidmarket team recently asked if encryption was an “unapproachable” subject,” and LabNuke99, XENOPHON99, KevinBeaver, and A5hley all offered their [...]

By: a5hley

a5hley — Thu, 25 Feb 2010 10:54:49 +0000

As far as i know the following are important issues/topics to bear in mind and which probably concern infosec guys when considering encryption methods:

*End-to-end security – whats the point in encryption if the cleartext is exposed somewhere in the lifecycle of the data

*Encryption standards – some older tech’s such as the original DES can be defeated in a relatively short time period

*Key Management – managing a KDC or millions of keys in a asymetric implementation is something to think about, but for both implementations its weakness is still down to the key!!!!!

By: kevinbeaver

kevinbeaver — Tue, 23 Feb 2010 22:43:14 +0000

I recently wrote about this for SearchCompliance.com – encryption is indeed the great security control that nobody’s using.

I find the most challenging part is getting management on board…Many people fear encryption because of the bad reputation it’s had in the past. The encryption vendors have – by and large – solved this problem…it’s time to move on and just do it. The government’s all but forcing it on businesses anyway via HITECH, state breach notification laws, etc.

By: xenophon22

xenophon22 — Tue, 16 Feb 2010 00:51:20 +0000

I would like to add that there are a number of hardware devices that only exist to encrypt communications. As these devices become smaller and more integrated into more customary items, it would not be far-fetched that an individual could update their encryption key on a monthly basis much as you would a password.

For this reason I would say that websites are the most difficult as a so much information can be intercepted in transport and users can be so quickly fooled.

When it comes to laptops or other personal computing devices, these could be encrypted by the user who would only need to know how to install the software and manage their key. A VPN could be maintained separate from public view and encrypted through dedicated hardware.