R E L A T E D   C O N T E N T
Similar articles
IT hound results
News centre
More from Personal Computer World

Free email newsletters




ADVERTISEMENT

Encryption 'not enough to prevent data loss'

You have to protect the keys too, warns security expert

Clive Akass, Personal Computer World 11 Feb 2008
ADVERTISEMENT

Encryption alone is not be enough to prevent disasters like the loss of the personal information of 25 million benefits claimants late last year, according to a leading security company.

There were many calls for sensitive data to be encrypted as a matter of routine following the loss by the HM Revenues and Customs in Newcastle of two disks containing the data. Other instances of data losses have since come to light.

Modern encryption can be regarded as unbreakable but if its use becomes common the attention of criminals will shift to the other weak links – people, and the keys used to encrypt and decrypt the data, said Richard Moulds, executive vice president of strategy at NCipher.

‘Most of the information that is lost today is not actually as a result of attacks at all, it's as a result of information just simply being mislaid or lost. Clearly information needs to be encrypted as it goes over the internet because the internet's a wild and scary place,’ he told a NetEvents forum in Barcelona.

But an enormous amount information in lost offline ‘because back up tapes fall off the back of a truck, or laptops get left in taxicabs.’

Even if the information is lost the people responsible may have to take action on the assumption it has been stolen which can be almost as bad, Moulds said. His company made sure that even if data is stolen it is rendered useless.

This meant having a regime in place not only to encipher data but also to protect the keys. “There have been cases where people have left the keys on tapes holding the encrypted data. It may seem that searching out a key from a mass of data is like searching for a needle in a haystack but it can be done. Keys by their nature have to be random, and there are ways of identifying them.”

Encryption of sensitive data on laptops is not secure enough in itself he said. The key should be held on some form of smart card, with some kind of biometric to ensure that only an authorised person is using it.


All Hacking and Cyber-crime
Tags: Ncipher, HMRC

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
VB6 Developer/Programmer
| Hays Information Technology
Our client is a large and growing organisation based near Glasgow city centre. With attractive offices, and a great work ethos, they are searching for two Software developers to join their expanding IT team. The role ... more >
Brilliant Business Analyst role based near Warwick
| Hays Information Technology
I am searching for a degree-educated professional who is flexible with a proven track record of taking ownership of tasks and delivering to challenging deadlines. You must be able to demonstrate the ability to work ... more >
Business Analyst- Front Office, Emerging Markets
| Hays Information Technology
Leading investment house is urgently seeking to hire experienced business analyst to join emerging markets front office project. The project is focused on interested rate derivatives, rates exotics and fixed income products areas. The project ... more >
Informatica Developer
| Computer People
Informatica Developer is required by global insurance company. Suitable candidates MUST have extensive development skills with PowerCenter 8 +, strong low level design, coding and testing skills in Informatica. Having worked within the Insurance sector ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093