Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : This is the first post in a new series. If you want to track it through the entire editing process, you can follow it and contribute on GitHub Title Cracking the Confusion Encryption and Tokenization for Data Centers, Servers, and Applications . The New Age of Encryption Data encryption is long a part of the information security arsenal. From passwords, to files, to databases we rely on encryption to protect our data in storage and on the move. It s a foundational element of any security professional s education. But, despite the long history and deep value of data encryption, adoption inside our data centers and applications has been relatively, even surprisingly, low. Today we see encryption growing in the data center at an accelerating rate thanks to a confluence of reasons. The trite way to word it is, compliance, cloud, and covert affairs . Organizations need to keep auditors off their backs, keep control over data in the cloud, and stop the flood of data breaches, state-sponsored espionage, or even their own government snooping. And thanks to increasing demand, there s a growing market of options as vendors and even free and Open Source tools look to meet the opportunity. There have never been more choices, but with choices comes complexity, and outside of your friendly local sales representative, guidance can be hard to come by. For example, given a single application collecting an account number from your customers, you could potentially encrypt it in different places the application, in the database, in storage, or use tokenization instead. The data is encrypted, but where you encrypt presents different concerns. What threats is it protecting against What is the performance overhead How are keys managed Does it meet compliance requirements This paper cuts through the confusion to help you pick the best encryption options for your projects. If you couldn t guess from the title, our focus is on encrypting in the data center. Your applications, servers, databases, and storage. Heck, we ll even cover cloud computing infrastructure , although we covered that in depth in this paper. We ll also cover the role of tokenization, and it s relationship with encryption. We aren t going to cover encryption algorithms, cipher modes, or product comparisons. What we do cover are the different high level options and technologies, like when to encrypt in the database vs. your application, or what kinds of data are best suited for tokenization. We also cover key management, some essential platform features, and how to tie it all together. Understanding Encryption Systems When most security professionals first learn about encryption, the focus is on keys, algorithms, and modes. We learn the difference between symmetric and asymmetric, and spend a lot of time talking about Bob and Alice. Once you start working in the real world, the focus needs to change. All the fundamentals are still important, but now you need to put it into practice as you implement encryption systems the combination of technologies that actually protects the data. Even the strongest crypto algorithm is worthless if the system around it is full of flaws. Before we go into specific scenarios, let s review the basic concepts behind building encryption systems since this becomes the basis for making decisions on exactly which encryption options to go with. The Three Components of a Data Encryption System ------------------------------------------------ When encrypting data, especially in applications and data centers, knowing how and where to place these pieces is incredibly important, and one of the most common causes of failure. We use all of our data at some point, and understanding where the exposure points are, where the encryption components reside, and how they tie together all determine how much actual security you end up with. Three major components define the overall structure of an encryption system are The data The object or objects to encrypt. It might seem silly to break this out, but the security and complexity of the system are influenced by the nature of the payload, as well as where it is located or collected. The encryption engine The component that handles the actual encryption and decryption operations. The key manager The component that handles key and passes them to the encryption engine. In a basic encryption system all three components are likely to be located on the same system. As an example take personal full disk encryption the built-in tools you might use on your home Windows PC or Mac the encryption key, data, and engine are all stored and used on the same hardware. Lose that hardware and you lose the key and data and the engine, but that isn t normally relevant. Neither is the key, usually, because it is protected with another key, or passphrase, that is not stored on the system but if the system is lost while running, with the key is in memory, that becomes a problem . For data centers, it s likely these major components will reside on different systems, increasing complexity and security concerns over how the three pieces work together. - Rich 0 Comments Subscribe to our daily email digest






Les derniers articles du site "Security Bloggers Network" :

- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry
- Spotify denies hack users subjected to weird music beg to differ
- The Dangerous Game of DNS
- Threat Recap Week of April 22nd
- Is your security appliance actually FIPS validated
- Deploying SAST Static Application Security Testing

---

S'abonner au fil RSS global de la revue de presse

---