 |
|
 |
|
|
|||
| |||
Why You Need Enterprise Data Protection My friend and colleague Bruce Schneier is noted for saying, “Cryptography is hard,” and it is that truth that I turned on its head. Building cryptography good enough to defend against the strongest attacks is necessary, but not sufficient. It’s the start, not the end. Cryptography has to be usable, and usable by people who have real jobs. Cryptography is not magic pixie dust that you can sprinkle on a problem and make it secure. Policy also has to be part of the solution, along with usability, reliability, and transparency. That’s what PGP Corporation has spent the last 5 years doing: making sure cryptography can be used by both individuals and enterprises. It’s good timing too, because organizations are now data-driven. That means an organization has to actively identify which data is most important and then provide easy mechanisms to protect it. Whole disk encryption is powerful because you don’t have to think about it. You just do what you always do, and if a protected laptop is stolen or a flash drive falls out of your pocket at the gas station, it’s a property loss, not a data loss. But protecting laptops is just part of the story; the same sort of protection also needs to extend to servers and handheld devices like a BlackBerry as well. Additionally, this approach has to fit in with the parts of data protection that concern reliability and other aspects of good data security management. Organizations need to have good backups, and even more important, good restores. That’s the only way to ensure owners and authorized users of the data can still use it and that it’s properly scanned for viruses, archived, and indexed. However, any strategy also must work with an organization’s partners and properly manage their need to have subsets of data for their work. This holistic view of enterprise data protection builds on the groundwork we’ve spent years creating and on which we’ll be focused for the next 5–10 years: making sure cryptography continues to be easy to use, manage, scale, and integrate as part of a larger data protection strategy. Cryptography is the core of data protection. It controls access to the data itself. Of course, it’s also important to partner with companies that provide the analysis, archiving, and other information processing functionality that comprises this strategy because we can’t do it all. These next few years will bring an integration of other trends as well. We’ll be integrating PGP software with new hardware systems to provide encryption for such things as disk drives, hardware modules, smart cards, and trusted devices. Web-based computing needs encryption even more than today’s host-based software does. It must be secured because the data is part of the network itself. Such transformations will be exciting for us all. | |||
| |||
