Taking the Rocket Science out of Data Encryption
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  data-security encryption data ibmsecurity security
0 Comments | 5,082 Visits
This post was written by Anne Lescher, Product Marketing Manager with IBM Security Solutions.
One of the biggest challenges is protecting sensitive information, and one of the biggest fears is losing that information to hackers. Who has not worried about losing a backup tape or disc that holds millions of customer account numbers and reading about it in a news story that destroys your company’s reputation?
And yet we are equally fearful of the encryption technology that can protect our most sensitive information. We are afraid of the complex cryptographic algorithms and key exchange protocols, often comparing it to rocket science. We are equally afraid of the performance impact to our production workloads and online customer systems when accessing encrypted data. And finally, we are afraid of losing the encryption keys and thus losing all access to the data itself while trying to protect it.
Most of us no longer have any choice in whether we encrypt our data. As the number of security breaches continues to grow, regulations are increasingly adding more stringent protection controls for retail, healthcare and other industries, governments, and standards groups. These regulations are being enforced and punished with larger financial penalties. And that does not include the damage to your company’s market image and financial losses due to a data breach.
Ideally, we seek solutions that offer strong standardized encryption technology based on interoperable algorithms that can be implemented as transparently as possible to protect our information. Ideally, we desire solutions that support multi-vendor hardware self-encryption storage devices, that can interoperate with software data base access control solutions, and that can be managed by automated encryption key lifecycle management. These solutions must monitor and audit data protection to demonstrate compliance with regulations.
The good news is that there are industry standards groups that cooperate to deliver standardized encryption algorithms and key management interoperability protocols allowing security vendor products to work and play well together to protect your mission critical information.
IBM offers integrated hardware and software data security solutions that include:
IBM’s Tivoli Key Lifecycle Manager solution helps IT organizations better manage the encryption key life cycle. It enables them to centralize and strengthen key management processes with automated simplified capabilities that provide an intuitive user interface for configuration and management. It dramatically reduces operations complexity while facilitating compliance management of regulatory standards such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA). It also extends key management capabilities to both IBM and non-IBM products by leveraging open standards such as Key Management Interoperability Protocol (KMIP) to help enable flexibility and facilitate vendor interoperability.
The good news is that data security solutions can simplify the protection of your essential information. These solutions are a robust combination of integrated hardware and software with automated protection, monitoring, auditing and reporting to help you meet the stringent regulatory data requirements. They can simplify the protection of your data and take the rocket science out of data encryption.