Security

Xerox technology allows users to designate levels of encryption

Encryption technologies, once relegated to military and government installations, are evolving and becoming more common as data security becomes increasingly important to IT professionals. One of the neatest developments is a technology developed by Xerox that allows users to encrypt certain portions of a document in order to control access.

Encryption technologies, once relegated to military and government installations, are evolving and becoming more common as data security becomes increasingly important to IT professionals. One of the neatest developments is a technology developed by Xerox that allows users to encrypt certain portions of a document in order to control access. The new system allows people to see only the parts of a document that pertain to their jobs, and the encryption and redaction is based on the user who is accessing the document. The best part of this technology is that the user who generates the document will have the ability to designate the levels of encryption and redaction without having to involve IT, a boon to people who need to control documents to which even IT should not have access.

Xerox developing new document encryption technology (Information Security Magazine)

Seagate has also announced a full disk encryption system (FDE) that will keep all data on a server in the data center encrypted, even while that data is "at rest," allowing companies with confidential data to dispose their old drives without needing to do expensive and/or time consuming work to ensure that the data is completely wiped from the drive. FDE is already in use at some places, particularly in laptops, and is set to expand pretty dramatically as the TSA has recently announced that it is requiring contractors to encrypt laptop hard drives in response to the loss of two laptops containing data about truck drivers certified to carry hazardous materials. The options available to people who want to encrypt their data are laid out pretty succinctly in a recent SC Magazine article.

Seagate Expands Full Disk Encryption To Data Center Hard Drives (Information Week)

TSA Demands Encryption Following Dual Laptop Loss (eWeek)

I have not dealt a lot with encryption technologies lately, because the last time I worked for a large corporation was back in 1997, and it only had three desktops in a DMZ in the data center attached to the Internet. Since then, though I technically work for the government (community college), I have been in relatively low security environments that only require encryption for backups that are shipped offsite. However, I can see a day in the near future where even this environment will require encryption, albeit on a limited basis.

Have you seen more encryption technologies as the focus on secure computing has sharpened? Do you see a need in your environment for some of the newer encryption technologies? Is your shop required by the government to encrypt? What have your experiences been with encryption?

6 comments
Andy Moon
Andy Moon

What kinds of encryption technologies do you deal with on a regular basis? Is it a requirement of the company you work for or is it mandated by a regulatory agency? Do you see more encryption coming down the pipe for you?

apotheon
apotheon

As I pointed out in [url=http://blogs.techrepublic.com.com/security/?p=293][b]Privacy is security[/b][/url], you can't have security without privacy. Encryption is key to that. I use encryption every day, basically all day. I use OpenPGP tools for encryption of important files on my system and communications with others, though I don't need to do so very often. I use SSL and TLS for secure, stateful access to remote servers via the stateless Hypertext Transfer Protocol (HTTP) -- and you probably do too, whenever you log into your bank's website. I use the OTR encryption plugin with Pidgin for secure IMing. I proselytize IM encryption all the time (especially the "forward secrecy" style of encryption used by OTR). The single most common form of encryption I use, though*, is remote access and protocol tunneling via [url=http://blogs.techrepublic.com.com/security/?p=295][b]OpenSSH[/b][/url]. Much of the work I have done over the years would not have been possible without the suite of SSH tools provided by the OpenSSH project. All of us in the IT business owe the OpenSSH project (and, by extension, its parent OpenBSD project) a debt of gratitude, even if we personally don't make use of SSH encryption ourselves -- and, frankly, you probably [b]should[/b] be using it, if you aren't. For instance, if you're using plain ol' unencrypted FTP instead of an SSH suite's SFTP/SCP tools to manage files on a remote webserver, you're just begging for trouble. I don't currently use FDE, though I have dealt with it in the past, and I may soon start using it again -- especially since I'm pondering the practicality of implementing a holistic encrypted operating environment these days. Something like FDE -- or any other large-scale data encryption schemes -- requires some serious thought, and should not be leapt into lightly as things currently stand, but it can be of critical importance if it's the sort of tool that solves your needs. edit: The above information does not represent every way I make use of encryption technologies every day. It just lists what came immediately to mind, off the top of my head. The more I think about it, the more I realize just how ubiquitous encryption technologies are in my day to day life -- and the more I think about how important it is that others at least learn the basics of how to use simple, consumer-level encryption schemes using strong encryption algorithms to protect themselves. [i]* = This is discounting the use of cryptographic hashes in password authentication, software management system authentication, digital signatures, and similar (behind the scenes) applications of encryption technologies -- of course. You're probably using encryption technology without even realizing it when logging in to various systems.[/i]

asgr86
asgr86

To encrypt or not to encrypt is actually the managments problem all that the techies can do is to advice the mgnt, PGP the best and reliable Encryption software. . . . . .

ben@channells
ben@channells

On a daily basis 128Bit AES full disk encryption. 128 Bit DES SSH connections 192 bit SSL connections 128 bit VPN connections 256 bit WAN connections Some Cisco GRE oh and windows EFS Previous jobs did include upto 512bit WAN links with 1024bit Diffie Hellmans

portable
portable

MANY years ago (VietNam era) I was associated with Military encryption. We were taught that no matter what you use, assume "the enemy" can read it. Anything one person can build another can break. All you can do is slow them down. It becomes a value of time issue. If what a Cracker thinks you have is worth the time to break into your system... they probably will. Therefore most home systems probably aren't worth the time, most small business is also probably not worth the time, BUT... Privacy laws will require it (eventually), big business MUST have High Level encryption, and be able to show the strength of their security. There will always be the "newbie crackers" that will attack home and small business just to get practice. It is/will be a crapshoot as to whether it is you they target. Thus the title of my post. Everyone will need it, and I forsee Encryption being an industry like today's Anti-Virus/Malware industry. Good Luck!

DanLM
DanLM

I also encrypt both my PDA and thumb drives. I think when people think of encryption, they should also think of shredding utilities also. When information is destroyed, it should be thoroughly destroyed. A simple delete and empty recyle bin is not an option. Dan

Editor's Picks