Exploitation and data protection
Many IT and BI professionals are dissatisfied with the interoperability and efforts of storage vendors and providers. Vendors have made it clear that they are interested in encryption standards rather than cost and integration challenges. Encryption expansion is good, but it’s not the only or ultimate solution. A critical application will, at one time or another, need access to encrypted data. If an attacker can see unencrypted data in one app, chances are everyone else can too. In an enterprise-wide architecture, beyond a single personal node (unauthorized access is unacceptable), protection is highly necessary.
A renowned news and information outlet conducted a survey. Information Technicians and Business Intelligence Professionals were surveyed. 28% of participants said they want to expand the use of encryption well beyond the minimum standards.
Creating public interoperability standards would give open source communities a level playing field. Compared to commercial product technologies, “open source” (free exchange of technological information; describes practices in production and development that promote access to source materials for end products; Internet; communication pathways and interactive communities) is not Known for having the best managerial skills. The competition has proven to keep everyone on their toes. The resulting survey analysis and conversations with CISOs (Chief Information Security Officers), an emphasis on encryption and compliance is not used correctly and/or to its full extent. Organizations using the best applications encrypt or plan…along with various firewall protection software applications. With the inclusion of VPNs (Virtual Private Networks), email, file, and data systems, a breach can be devastating. These practices do not really solve the problem of protection. Although a risk reduction is obvious.
A Chief Information Security Officer (CISO) is the high-level executive within an organization. The CISO leads staff in identifying, developing, implementing, and maintaining processes throughout the organization to reduce information and information technology (IT) risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. In general, the influence of the CISO reaches the entire organization. Michael A. Davis reports high-level statistics on the use of encryption by 86% of 499 enterprise technology professionals who say they feel fairly secure. His data is based on an Information Week magazine analysis state of encryption survey. Davis also states that 14% of respondents say encryption is pervasive in their organization(s). From the challenges and cost of integration, lack of leadership is the reason for the dismal state of crypto trade shows. “38% encrypt data on mobile devices, while 31% characterize their use as sufficient to meet regulatory requirements.” The compliance approach to encryption prevents companies from having to notify customers of a security breach on their devices. The Davis report goes on to state that “entrenched resistance” is not a new phenomenon. A 2007 Phenomenon Institute survey found that 16% of US companies incorporate enterprise-wide encryption networks, starting with tape backups. “Doing the bare minimum is not safety,” Davis cited. “IT and BI professionals face strong resistance when trying to do more for technology users.”
Many company IT and BI staff are working to increase the use of encryption. Quick and easy access to data interests users more than their attention to security. Even with the use of flash drives, laptops, and other portable media, from the CEO to front-line users, encryption never crosses their minds.
Interoperability (a property that refers to the ability of diverse systems and organizations to work together, interoperate, work with other products or systems, present or future, without access or implementation restrictions) would make crypto management less expensive and easier to use. . Statements from IT and BI professionals support the use of encryption for files and folders (something Microsoft is currently working on) that makes performance and usability easier, while cost reduction is the key to better management. Many professionals continue to want more regulation(s). A violation would require a client notification…this action would allow the interaction between funding and management, drawing more attention to regulatory intervention. “An enterprise-wide initiative as complex as encryption primarily to comply with regulations will typically result in a poorly planned project and will likely end up costing more than a planned compression program,” according to Davis’s report.
Tokenization (the process of dividing a stream of text into meaningful elements called tokens) uses a service where a system is accessed to obtain sensitive information, i.e. a credit card number. The system receives a “unique token identification number”. An example of this is a 64-digit number that is used in applications every time the system calls the credit card number. The action also includes database numbers. This change was implemented in 2007. If the data were to be compromised (attacked or hacked) in any way, the manipulative tech-acoster would have no way of reverting the 64-digit numbers back to the card… performing a read check virtually. impossible. Various systems are designed to destroy the key (number) in an emergency. The action makes it impossible to recover the data stored on the system… inaccessible to everyone. This is the nightmare of CIOs. Many companies are interested in unique, specialized and standardized encryption products. The product operates on a “single encryption platform” whereby a single or central application will manage multiple forms of encryption code keys. This platform promises to increase efficiency and reduce costs while providing security. The caveat to using this model is the use of a simple platform to handle email encryption and a backup function can be detrimental if poorly planned and/or improperly managed. they are related to the generation, exchange, storage and protection (access control, management of physical keys and access) in a given system. Consolidation in the crypto industry is a continuous development. It is an environment created where crypto providers sell multiple products as “uniformed platforms”. r encryption products as some IT and BI professionals believe.
Another security issue is that encryption vendors have difficulty managing vendor-independent code keys. They seem to bump into each other by way of competition and maneuver from last to first in line. Providers experience difficulty getting their separate standards on the same page. They continually fight over the details of operation and compliance and whether “free and low-cost products will push them out” and take over the industry.
A central directory of code keys is easy to manage. Updating and reporting is an essential and vital task for all IT and BI professionals. Microsoft’s Active Directory (AD) could very well be the leading encryption peddler on the block. Microsoft AD installed base systems can be managed through Group Policy Objects that are built into applications and operating system (OS) programs. AD is the most widely used directory by businesses and PC users, while many IT and BI engineers already know how to use and work with it. All of Microsoft’s leading encryption products offer centralized management through AD, as well as its enterprise encryption technologies. What is cheaper than free?
Windows offer(s) offer powerful and portable disk encryption… encryption of email, folders, files and databases is available for free. Who can beat that price?
Users are not prevented from emailing unencrypted versions of folders and files, or transferring data to a portable device connected to the Universal Service Bus (USB) port… it only works if the entity on the other end is using the same or a comparable email application, which many companies do not comply (nobody seems to be following the protocol for the data encryption policy). Interoperability within encryption and key management can be used depending on the type of data storage and implementation, while we wait for standardization to shake its mane fully loaded and unencumbered. Data exploitation, hackers, and other attackers, ie malware, spyware, pop-ups, etc., would have nothing but the hassle and hardship they cause to others. The use of encryption interoperability… may not stop intruders, but it will surely make intrusion difficult, if not impossible.
Businesses, organizations, and personal users need and should take a risk management approach… implement encryption.
Until next time…