Most IT people are tinkerers, and there's nothing so thrilling for a technology geek than to save his shop some dough by building a homegrown system in-house. But unless your staff consists of cryptographic experts with years of experience, building home-brew encryption or key management systems is just setting your organization up for disaster.
"Failed homegrown database encryption key management deployments are forcing even the largest of retailers to turn to specialized vendors," says Ulf Mattsson, CTO of Protegrity. "What is dangerous is it looks so easy at a distance."
4. Leaving Backups Unencrypted
If you encrypt your databases but leave backups of that data unencrypted, then you're setting your organization up for a fall.
"In this day and age, with all the stories of tapes falling off the back of trucks and laptops being lost, there is no excuse," says Nishant Kaushik, chief architect at Identropy.
Alan Wlasuk, CEO of 403 Web Security, agrees, stating that encryption of back-ups should become a matter of course for all databases.
"Back up all databases in an encrypted format 00 even if they have no value," he says. "Database backup will end up in places you would never imagine; it is easier to sleep if you know they are safe from prying eyes."
5. Using Out-of-Date Cryptographic Algorithms
Part of the reason why Gawker was so embarrassingly breached last December was because the password information exposed was "protected" by encryption using decades-old encryption technology. This is hardly a unique practice. Many organizations encrypt their data, but depend on old cryptographic algorithms that are about as secure as a paper mache suit of armor.
"Some older systems continue to use algorithms that have been broken years ago," Wlasuk says. Organizations have to be mindful not only that they encrypt their databases, but that they encrypt with technology that leverages new algorithms.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.