Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

4/14/2008
09:50 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

RSA: Hashing Out Encryption

Vendors at RSA 2008 rolled out tools that make encryption easier to use and manage

SAN FRANCISCO -- RSA 2008 Conference -- The conference that once was just a gathering of a few cryptographers is now a major event that drew more than 17,000 attendees last week. And the technology that started it all -- encryption -- showed it has grown a lot, too.

The big themes among encryption vendors exhibiting and rolling out new products here included managing encryption across the enterprise, making encryption easier to use, and a shifting focus from the nitty-gritty of encryption keys to the data itself. These themes aren't exactly new, but they were more front-burner than in years past, thanks to a busy year of high-profile data breaches, PCI mania, and laptop-theft paranoia.

With the pioneers of encryption chatting it up in the annual Cryptographer's Panel here as a backdrop, encryption vendors on the exhibit floor rolled out next-generation encryption management products and tools that help make encryption less a technology of complicated algorithms and key pairs and more of a mainstream business security strategy. But that doesn’t mean encryption is streamlined -- organizations today typically run a patchwork of separate encryption systems for various elements in their networks, from their files to their laptop hard drives.

Around 21 percent of U.S. enterprises surveyed in a Ponemon Institute and PGP study released this month say they currently have a consistent encryption strategy implemented across their organizations, which is an increase from last year, when only 16 percent did. Nearly 75 percent have an encryption strategy that's based on a type of data or application or is enterprise-wide, according to the study.

The number one reason for adding encryption: data breach prevention, with 71 percent of the vote, up from 66 percent last year, the study said. The most common encryption today is laptop encryption, which 20 percent of respondents use most of the time.

"Separate encryption systems all handle keys differently, and it's a policy" mess, says Gretchen Hellman, senior director of marketing for Vormetric, which specializes in policy-based encryption, access control, and auditing. Hellman is also the daughter of Martin Hellman of Diffie-Hellman algorithm fame.

RSA, the security division of EMC, here released its RSA Key Manager for the Datacenter product, which aims to centralize and integrate the lifecycle management of keys in the enterprise -- including in the database, file servers, and in storage systems.

"Multiple point encryption solutions, each with their own approach to encryption key management, increases management complexity and the risk of lost or stolen keys," said Dennis Hoffman, RSA's chief strategy officer, vice president, and general manager of its data security group, in a prepared statement.

According to the Ponemon-PGP study, organizations plan to spend 34 percent of their overall budget for encryption on key management (which includes key lifecycle, policy, and reporting), and 45 percent expect those systems to save them money on their data security costs.

Vormetric, meanwhile, rolled out what it calls the Key Security Expert, a tool for providing key security and access control for encryption keys across various encryption platforms in an enterprise. "It's a method to immediately address this ability to secure and control access to keys locally," Vormetric’s Hellman says. "Any third-party encryption key or homegrown solution -- we can control access to it."

Venafi, which sells what it calls systems management for encryption, demo'd its upcoming Encryption Manager V system at RSA, which will come with symmetric key support and enhanced auditing. Paul Turner, vice president of product and customer solutions for Venafi, says the new encryption management platform contains more policy-based management. It also integrates with existing key management tools.

"Most people are not key experts. So we had to make the policies simple," Turner says. Venafi doesn't provide encryption, just the systems management tools for it, he says.

BitArmor, meanwhile, upgraded its DataControl encryption software with support for Vista and Windows Server 2008, and plans to add management for Windows BitLocker Drive Encryption in the third quarter. "There are various types of encryption, but they are all separately focused on the device or app," says Patrick McGregor, BitArmor’s Chief Executive Officer. "We are taking an approach at the data level... we protect data at the core, and the keys are in the data itself. It's persistent encryption, a more elegant solution."

Other encryption announcements here included Voltage Security's new software-as-a-service model for its SecureFile encryption for documents and files, as well as increased systems integrator support for its format-preserving encryption technology, which encrypts data without changing the structure of the data. "Our goal is to make encryption usable," says Dan Beck, director of product management for Voltage, best known for its identity-based encryption technology for email encryption. The idea is to encrypt the data without changing the structure of the data, he says.

And Wave Systems demo'd strong authentication using its Embassy software for managing hardware security. "We don’t do encryption. We are protecting the data," says Lark Allen, executive vice president of Wave Systems.

Wave showed tools that support the next-generation Intel Centrino 2 with vPro, with TPM v 1.2. It also demonstrated management of the Seagate Momentus 5400 FDE.2 line of full-disk encryption drives.

So is encryption now considered mainstream? Bruce Schneier, chief security technology officer for BT, says encryption today is "surprisingly mainstream," even though you can't really see it. "People don’t buy encryption, they use it," he says of end users. "It's in their browser, their VPN" connections. "And when it becomes ubiquitous, it disappears" into tools and products, he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • PGP Corp.
  • RSA Security Inc. (Nasdaq: EMC)
  • Vormetric Inc.
  • Voltage Security Inc.

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Data Leak Week: Billions of Sensitive Files Exposed Online
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
    Intel Issues Fix for 'Plundervolt' SGX Flaw
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    The Year in Security: 2019
    This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-5252
    PUBLISHED: 2019-12-14
    There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
    CVE-2019-5235
    PUBLISHED: 2019-12-14
    Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
    CVE-2019-5264
    PUBLISHED: 2019-12-13
    There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
    CVE-2019-5277
    PUBLISHED: 2019-12-13
    Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
    CVE-2019-5254
    PUBLISHED: 2019-12-13
    Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...