R E L A T E D   C O N T E N T
Similar articles
IT hound results
News centre
More from Personal Computer World

Free email newsletters




ADVERTISEMENT

Encryption 'not enough to prevent data loss'

You have to protect the keys too, warns security expert

Clive Akass, Personal Computer World 11 Feb 2008
ADVERTISEMENT

Encryption alone is not be enough to prevent disasters like the loss of the personal information of 25 million benefits claimants late last year, according to a leading security company.

There were many calls for sensitive data to be encrypted as a matter of routine following the loss by the HM Revenues and Customs in Newcastle of two disks containing the data. Other instances of data losses have since come to light.

Modern encryption can be regarded as unbreakable but if its use becomes common the attention of criminals will shift to the other weak links – people, and the keys used to encrypt and decrypt the data, said Richard Moulds, executive vice president of strategy at NCipher.

‘Most of the information that is lost today is not actually as a result of attacks at all, it's as a result of information just simply being mislaid or lost. Clearly information needs to be encrypted as it goes over the internet because the internet's a wild and scary place,’ he told a NetEvents forum in Barcelona.

But an enormous amount information in lost offline ‘because back up tapes fall off the back of a truck, or laptops get left in taxicabs.’

Even if the information is lost the people responsible may have to take action on the assumption it has been stolen which can be almost as bad, Moulds said. His company made sure that even if data is stolen it is rendered useless.

This meant having a regime in place not only to encipher data but also to protect the keys. “There have been cases where people have left the keys on tapes holding the encrypted data. It may seem that searching out a key from a mass of data is like searching for a needle in a haystack but it can be done. Keys by their nature have to be random, and there are ways of identifying them.”

Encryption of sensitive data on laptops is not secure enough in itself he said. The key should be held on some form of smart card, with some kind of biometric to ensure that only an authorised person is using it.


All Hacking and Cyber-crime
Tags: Ncipher, HMRC

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
C++ Market Data Developer - Unix - Java - SQL
| Aston Carter
C++ Market Data Developer - Unix - Java - SQL My client are a top financial software house based in the city. They are currently seeking a C++ developer to work in their market data ... more >
Python Developer - Start Up - Django - Perl
| Aston Carter
Junior Python Developer - SQL - Functional Programming - Javascript - Django - Perl - Ruby - MVC My client are a startup software house that specialise in online gaming. The team is small and ... more >
Software Administrator - Salesforce legend required - London
| Aston Carter
Required: Salesforce CRM, Excel My client are Britain's leading financial spread betting firm and are the world's leading trading platform for private investors. This is an excellent opportunity for Salesforce Administrator to join a leading ... more >
C# Developer, Hedge Fund, Algo Trading, London
| Aston Carter
C# Developer, Hedge Fund, Algo Trading, London The role is working for a boutique derivatives trading company who focus on options high frequency algorithmic trading. They are looking for a bright junior Microsoft .net developer ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in England and Wales with company registration number 04038503