Where To Start[/b]
Okay you think it's about time you started to secure your private data. Now whether your concerns are protecting it while at rest (stored on your hard drive or server) or whilst it's on the move either by email, ftp file transfer or portable media the answer will be to encrypt it.
Hands up all those of you that understand encryption. Or should I say have enough knowledge to evaluate the various products that are out there waiting to part you from your hard earned cash. Let me just count... That's one, two, three, four... Oh! So that's just four of you. Right I can see our first problem. How are we going to decide which of the products fall into the category of "snake oil" and which deserve a closer look.
Not Convinced By My Argument So Far?
Fair enough let us delve a little deeper into the subject. Do you know which algorithms might be best to look for in a product? Fine, you know about AES (Advanced Encryption Standard) and you think AES 256-bit might be the way to go. Sound choice but did you know it is almost irrelevant how good the algorithm is if it has not been properly implemented. Secure implementation is a non-trivial step to be taken when building an encryption product, when you buy encryption software you place an awful lot of trust in the company that has produced it that they haven't inadvertently created a weakness by poor implementation.
Getting Some Help
Well you could start by doing some research of your own, reading material is plentiful on the web. But once again which articles do you trust and which are just sales bumph? If you have the time and the inclination you could sign yourself up to one of the many data security courses on offer, some by leading Universities, but unless you are considering a career in data security I doubt that you will find the drive. You might conclude you need to talk with a consultant or consultancy.
Certification is King
We're potentially back to square one! Which consultancy do we trust? You can check how long they have been in the business, who their major clients are but ultimately it comes down to certification. The consultancy should have consultants that are properly trained and suitably qualified. Even better the consultancy as a whole should hold some accredited certification. Look for such marks as CLAS Consultant (Awarded by CESG), or those holding MScs or BScs in Information Security. Some of the best course on offer are those by the Royal Holloway College, University of London.
Cut Out the Middle Man
You maybe aware that some encryption products come with an independently awarded certification, such as; the NIST's FIPS standards or CESG's CAPS. Why not merely select one of these accredited products and be done with the consultant? The answer to that question is that as with all certification bodies they issue differing levels of certification for differing requirements. It is therefore sometimes easier to work with a consultant who has had prior experience with the various solutions and can advise which best suits your requirements.
In Summary
If you haven't already started to deploy encryption software to protect your most valuable data then it's about time you did. We all have data worth protecting and I strongly advise you do so before you fall victim to fraud or most likely identity theft. At the very least carry out some risk assessment, the potential problem could be far larger than you think.
If you are interested in learning more about cyber security then visit http://www.softbox.co.uk/cybersecurity
Okay you think it's about time you started to secure your private data. Now whether your concerns are protecting it while at rest (stored on your hard drive or server) or whilst it's on the move either by email, ftp file transfer or portable media the answer will be to encrypt it.
Hands up all those of you that understand encryption. Or should I say have enough knowledge to evaluate the various products that are out there waiting to part you from your hard earned cash. Let me just count... That's one, two, three, four... Oh! So that's just four of you. Right I can see our first problem. How are we going to decide which of the products fall into the category of "snake oil" and which deserve a closer look.
Not Convinced By My Argument So Far?
Fair enough let us delve a little deeper into the subject. Do you know which algorithms might be best to look for in a product? Fine, you know about AES (Advanced Encryption Standard) and you think AES 256-bit might be the way to go. Sound choice but did you know it is almost irrelevant how good the algorithm is if it has not been properly implemented. Secure implementation is a non-trivial step to be taken when building an encryption product, when you buy encryption software you place an awful lot of trust in the company that has produced it that they haven't inadvertently created a weakness by poor implementation.
Getting Some Help
Well you could start by doing some research of your own, reading material is plentiful on the web. But once again which articles do you trust and which are just sales bumph? If you have the time and the inclination you could sign yourself up to one of the many data security courses on offer, some by leading Universities, but unless you are considering a career in data security I doubt that you will find the drive. You might conclude you need to talk with a consultant or consultancy.
Certification is King
We're potentially back to square one! Which consultancy do we trust? You can check how long they have been in the business, who their major clients are but ultimately it comes down to certification. The consultancy should have consultants that are properly trained and suitably qualified. Even better the consultancy as a whole should hold some accredited certification. Look for such marks as CLAS Consultant (Awarded by CESG), or those holding MScs or BScs in Information Security. Some of the best course on offer are those by the Royal Holloway College, University of London.
Cut Out the Middle Man
You maybe aware that some encryption products come with an independently awarded certification, such as; the NIST's FIPS standards or CESG's CAPS. Why not merely select one of these accredited products and be done with the consultant? The answer to that question is that as with all certification bodies they issue differing levels of certification for differing requirements. It is therefore sometimes easier to work with a consultant who has had prior experience with the various solutions and can advise which best suits your requirements.
In Summary
If you haven't already started to deploy encryption software to protect your most valuable data then it's about time you did. We all have data worth protecting and I strongly advise you do so before you fall victim to fraud or most likely identity theft. At the very least carry out some risk assessment, the potential problem could be far larger than you think.
If you are interested in learning more about cyber security then visit http://www.softbox.co.uk/cybersecurity