Encryption: An “unapproachable” subject?

Email encryption
Encryption keys
Midmarket security
In a recent SearchMidmarketSecurity.com article, contributor Mike Chapple says, "Unfortunately, many security practitioners don't fully understand encryption due to the technology's ill-deserved reputation as the unapproachable domain of mathematicians and cryptographers." Do you agree?

And what encryption task do you find most challenging: Securing websites? Encrypting email? Protecting laptop data? Implementing VPNs?


Answer Wiki

Thanks. We'll let you know when a new response is added.

Depends on what level of understanding is required. There is definitely the scientific level that is mentioned in this question, but there is also understanding the risks, management, application of encryption. Often the risks, management and application of encryption can be more challenging than the scientific and algorithm development. That is because these topics involve multiple parties such as the user interface and the management of an encryption system. That would be the user and IT… and then don’t forget the accountants who want you to justify the costs of any particular encryption system.

Managing a secure connection to a website is one thing using SSL certificates but managing endpoint encryption on mobile devices is entirely different. Key management, encryption standards, and user interaction are all elements no matter the purpose of encryption.

Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
    I would like to add that there are a number of hardware devices that only exist to encrypt communications. As these devices become smaller and more integrated into more customary items, it would not be far-fetched that an individual could update their encryption key on a monthly basis much as you would a password. For this reason I would say that websites are the most difficult as a so much information can be intercepted in transport and users can be so quickly fooled. When it comes to laptops or other personal computing devices, these could be encrypted by the user who would only need to know how to install the software and manage their key. A VPN could be maintained separate from public view and encrypted through dedicated hardware.
    2,355 pointsBadges:
  • Kevin Beaver
    I recently wrote about this for SearchCompliance.com - encryption is indeed the great security control that nobody's using. I find the most challenging part is getting management on board...Many people fear encryption because of the bad reputation it's had in the past. The encryption vendors have - by and large - solved this problem...it's time to move on and just do it. The government's all but forcing it on businesses anyway via HITECH, state breach notification laws, etc.
    27,550 pointsBadges:
  • A5hley
    As far as i know the following are important issues/topics to bear in mind and which probably concern infosec guys when considering encryption methods: *End-to-end security - whats the point in encryption if the cleartext is exposed somewhere in the lifecycle of the data *Encryption standards - some older tech's such as the original DES can be defeated in a relatively short time period *Key Management - managing a KDC or millions of keys in a asymetric implementation is something to think about, but for both implementations its weakness is still down to the key!!!!!
    35 pointsBadges:
  • The most-watched IT questions this week: March 2, 2010 - ITKE Community Blog
    [...] TechTarget’s SearchSecurityMidmarket team recently asked if encryption was an “unapproachable” subject,” and LabNuke99, XENOPHON99, KevinBeaver, and A5hley all offered their [...]
    0 pointsBadges:
  • JohnMAndre
    Encrypting email is no easy task. The problem is that even if you can get an encryption package setup on your end you still have to depend on your recipient to get the software configured properly on their end. If they are technical people, this might be possible. However, for non-technical people, forgetaboutit! Encrypting hard drives and websites is not difficult.
    45 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: