Cracking The Data Encryption Code

Page 1 of 3

Two things jump to mind when it comes to encryption: It's a must-have for secure military installations, and it's a huge headache to implement among everyone else.

Encryption's reputation as a difficult, often unmanageable technology that can thwart productivity and frequently deliver negative ROI has hindered adoption in all but the most secretive government facilities. Most agency CIOs and the solution providers that serve them know just enough about encryption to steer clear of it if they can.

But the tide may be turning in encryption's favor as more agencies are required to safeguard their data and make improvements to decades-old technology for less daunting encryption rollouts.

Indeed, privacy regulations and stringent data-protection statutes are forcing organizations to tighten security, especially around information gathered on citizens. Compliance measures demand that data be not only rigorously secured but also readily accessible to key individuals and quickly available to oversight bodies.

Hence, more civilian agencies that work with government data are thinking broadly about how to plug encryption into centralized backup- and disaster-recovery efforts. Rather than just reactively adding encryption capabilities to particular storage applications or hardware devices, organizations are injecting encryption at the operating-system level. Many are also designating encryption as a vital part of sweeping enterprise architecture initiatives.

"We are now seeing moves toward platforms that can encrypt data at different parts of the lifecycle," says Paul Stamp, a senior analyst at Cambridge, Mass.-based research firm Forrester Research. "There is a real emphasis on building encryption into the data-handling process."

Specifically, encryption is creeping into efforts such as database development, along with file- and content-management endeavors. Mobile technologies, especially those tied to telecommuting and business-continuity plans, are also more likely to include encryption--which entails the scrambling of textual and other data into a format undecipherable without algorithmic keys to unlock the coded information.

"Encryption products have generally been add-ons or specialty products for many years. However, now we're seeing encryption being built into the OS and directly into the hardware-storage devices," says Lark Allen, executive vice president of Wave Systems, a Lee, Mass.-based company that delivers services and trusted-computing applications.

For example, Microsoft's Windows Vista OS features BitLocker, an encryption feature built on Vista's Trusted Platform Module 1.2, a microchip that facilitates secured application sharing. BitLocker is designed to provide both internal and mobile workers with access to encrypted data.

BitLocker will afford encrypted protection for third-party developers building applications on the Vista product line. Further, BitLocker is designed to avoid precluding authorized users from accessing encrypted data by presenting a simple recovery process that encrypted systems tend to lack.

"Microsoft has offered similar functions before, but where they've fallen down is in the off-loading of key management and other key aspects," Allen says.