Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

2/8/2019
02:00 PM

6 Reasons to Be Wary of Encryption in Your Enterprise

Encryption can be critical to data security, but it's not a universal panacea.
6 of 7

Encryption Requires Protection
In addition to providing protection to data, encryption requires protection - especially when it comes to the keys used for both ends of the encryption process. As enterprise security specialists, including those at Starwood Hotels and Marriott International have found, losing the keys to an encryption scheme renders that scheme, well, far less secure than it should be.
As has been often noted, security is expensive. The more pieces an organization has to secure, the more its security is likely to cost. And encryption adds to the component count. Whether the encryption is of data at rest or through a VPN, there are, at a minimum, the mechanisms to enact the encryption and the keys to the encryption, which must be (spoiler alert!) stored and protected separately.
An encryption scheme without a solid plan and infrastructure for protecting the encryption mechanism and its keys is incomplete at best and dangerously porous at worst. Encryption key safes are real things and just one of the options to consider as a component in a truly secure encryption plan.
(Image:

Encryption Requires Protection

In addition to providing protection to data, encryption requires protection especially when it comes to the keys used for both ends of the encryption process. As enterprise security specialists, including those at Starwood Hotels and Marriott International have found, losing the keys to an encryption scheme renders that scheme, well, far less secure than it should be.

As has been often noted, security is expensive. The more pieces an organization has to secure, the more its security is likely to cost. And encryption adds to the component count. Whether the encryption is of data at rest or through a VPN, there are, at a minimum, the mechanisms to enact the encryption and the keys to the encryption, which must be (spoiler alert!) stored and protected separately.

An encryption scheme without a solid plan and infrastructure for protecting the encryption mechanism and its keys is incomplete at best and dangerously porous at worst. Encryption key safes are real things and just one of the options to consider as a component in a truly secure encryption plan.

(Image:

6 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
davinoishi
100%
0%
davinoishi,
User Rank: Apprentice
2/12/2019 | 11:35:33 AM
Transparent Encryption
While file and volume encryption have limits, there are transparent solutions available that allow information to remain encrypted even in use.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16695
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVE-2019-16696
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVE-2018-21018
PUBLISHED: 2019-09-22
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVE-2019-16692
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVE-2019-16693
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.