R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from Personal Computer World

Free email newsletters




ADVERTISEMENT

Encryption 'not enough to prevent data loss'

You have to protect the keys too, warns security expert

Clive Akass, Personal Computer World 11 Feb 2008
ADVERTISEMENT

Encryption alone is not be enough to prevent disasters like the loss of the personal information of 25 million benefits claimants late last year, according to a leading security company.

There were many calls for sensitive data to be encrypted as a matter of routine following the loss by the HM Revenues and Customs in Newcastle of two disks containing the data. Other instances of data losses have since come to light.

Modern encryption can be regarded as unbreakable but if its use becomes common the attention of criminals will shift to the other weak links – people, and the keys used to encrypt and decrypt the data, said Richard Moulds, executive vice president of strategy at NCipher.

‘Most of the information that is lost today is not actually as a result of attacks at all, it's as a result of information just simply being mislaid or lost. Clearly information needs to be encrypted as it goes over the internet because the internet's a wild and scary place,’ he told a NetEvents forum in Barcelona.

But an enormous amount information in lost offline ‘because back up tapes fall off the back of a truck, or laptops get left in taxicabs.’

Even if the information is lost the people responsible may have to take action on the assumption it has been stolen which can be almost as bad, Moulds said. His company made sure that even if data is stolen it is rendered useless.

This meant having a regime in place not only to encipher data but also to protect the keys. “There have been cases where people have left the keys on tapes holding the encrypted data. It may seem that searching out a key from a mass of data is like searching for a needle in a haystack but it can be done. Keys by their nature have to be random, and there are ways of identifying them.”

Encryption of sensitive data on laptops is not secure enough in itself he said. The key should be held on some form of smart card, with some kind of biometric to ensure that only an authorised person is using it.


All Hacking and Cyber-crime
Tags: Ncipher, HMRC

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Datblygydd Delphi - Oracle - Delphi - Oracle Developer
United Kingdom | S4C
  Datblygydd Delphi - Oracle - Delphi - Oracle Developer Datblygydd Delphi - Oracle Mae S4C yn gwahodd ceisiadau ar gyfer y swydd uchod a leolir o fewn y Gyfarwyddiaeth Darlledu a Dosbarthu. Dylai fod ... more >
IT Assistants
Strasbourg, France | Council of Europe
Posts of IT Assistants, Strasbourg, France The Council of Europe, based in Strasbourg, France, is a political organisation founded in 1949 to promote greater unity among its member States. Today its membership numbers 47 States ... more >
Forensic Analysts
United Kingdom | MI5 Security Service
Forensic Analysts Working for MI5 you will use your expertise to protect the UK from terrorism, espionage and other threats to national security. You'll be joining a team that provides essential technical analysis and capability ... more >
Network Analysts
United Kingdom | MI5 Security Service
Network Analysts Working for MI5 you will use your expertise to protect the UK from terrorism, espionage and other threats to national security. You'll be joining a team that provides essential technical analysis and capability ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503