Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Meeting Today’s Data Security Imperative | @CloudExpo #Cloud
Encryption strategies are critical for securing data today but must be deployed in a thorough, holistic way

Organizations are experiencing a new emphasis when it comes to cybersecurity. They are moving from securing the perimeter to securing the data within it, which is the result of the proliferation of connected devices in organizations today: smartphones, tablets and the IoT. Organizations used to focus their efforts on keeping attackers outside the perimeter, because just a few years ago, the network perimeter was much more static and limited. Today, the perimeter is everywhere - and constantly moving.

Furthermore, hackers have repeatedly demonstrated their ability to breach network perimeter security. And as the workplace and the devices and applications employees use have become increasingly distributed, the focus has changed to protecting the data and not just the perimeter.

Consequently, IT security teams are setting their sites on pervasive data security. Encryption strategies are critical for securing data today but must be deployed in a thorough, holistic way. Otherwise, data may be protected in one place but not in other multiple locations. That's a false sense of security that can lead to data disaster.

Encrypting for Data Security
As organizations design a holistic data protection initiative, they must look at not just financial data or payment information but also personally identifiable information (PII) that has become so valuable to criminals. This data demands the utmost protection, because while someone stealing your credit card is a problem, you can always cancel your card - you can't cancel your identity or change your date of birth.

In the quest to protect data, organizations are finding that encryption is a good partner. Every organization needs an encryption strategy, starting with the protection of an organization's most confidential or sensitive information. When encrypting this data, it is compulsory that key management is simple and easy. This way, no matter where your data is located, it's encrypted and it's secure.

However, a huge question for the majority of organizations is: Where exactly IS your data? Organizations fall into the trap of protecting data only when it exists in a particular area, but that same set of data exists in potentially many other places. If it's not protected everywhere, it is then vulnerable. Organizations need to understand, discover and know where all their sensitive data is located and ensure data is encrypted at rest, in use and in transit.

Data protection was once an item on a list to check off and then forget about. But in light of the most recent hacks on high-profile organizations, data protection is a boardroom discussion - and we've seen what happens to senior executives who haven't properly protected their sensitive data. In addition, customers are becoming more concerned about the safety of their data.

At this point, enterprises understand that they need encryption - yet some still hesitate. Why? Because encryption can get challenging - but it doesn't have to. Here are five top pervasive encryption techniques to help maximize data protection while minimizing the challenges:

  1. First things first: Start off on the right foot by creating a comprehensive encryption strategy that allows you to understand what data you are encrypting, how you are managing your keys and the underlying policy controls for user access.
  2. Protect what you treasure: Encrypt any data that would be considered sensitive.  And ensure you're encrypting it in all phases of its life cycle - at rest, in use and in transit.
  3. Separation of powers: Create policy controls that enforce separation of duties between network personnel and security professionals. Separating out the security components and the network management components or the application user components is critical to ensuring that only the people who need to access the different systems are able to access them.
  4. Deploy an HSM: Because the goal is to protect sensitive data, use a hardware security module. It has the highest level of assurance to keep your most important keys inside a secure hardware boundary.
  5. Remain vigilant: Vulnerabilities will evolve, so stay safe by continually monitoring your people, processes and security posture. You need to look at your people processes as well to make sure you have some kind of checks and balances in your technology strategy and continue to evolve it to see vulnerabilities.
About Peter Galvin
Peter Galvin is a product and marketing strategist for Thales e-Security with over two decades of experience in the high tech industry. He has worked for Oracle, Inktomi, Openwave, Proofpoint and SOASTA.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Deve...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are repetitive and dull. Utilizing automation can improve your work life, automating away the drudgery and embracing the passion for technology that got you started in the first place. In...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask ...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE