|
Recent high-profile data breaches in the government and business have shined a spotlight on the continuing holes in security defenses at all types of organizations.
ITD: What do you think the biggest barriers are?
 Sturonas: Companies of all sizes cannot afford to have any “gray area” when it comes to protecting sensitive data. They need to have a set of guiding principles, that each employee is trained on, that dictates what information is sensitive to their organization and how it should be shared inside and outside of the corporate firewall. The policy should differentiate between policy for storing and transferring files versus emailing information as attachments or within the body of the message.
Also, as employees become increasingly mobile, and more corporate contractors and remote business users are sending sensitive information and documents via email, enterprises are struggling to strike the delicate balance between productivity, security and cost. Organizations of all sizes are also required to comply with internal and external regulations for data recovery and oversight, which means information must remain accessible at all times. These demands reinforce the need for tools that can protect data, enforce relating policies and demonstrate compliance across the enterprise.
Data security challenges do not discriminate based on organization size, therefore a comprehensive security strategy is as applicable for individual users and public companies as it is for small businesses.
ITD: Are organizations not setting enough budget aside for security solutions, or are priorities just off-base?
Sturonas: Security spending continues to rise each year, but that’s not what we see as the main issue. There are several things that come into play here, including the changing face of the workforce, the policies that are set, and the way data is protected.
Over the last couple of years, there have been some minor improvements in terms of protecting data, but more needs to be done. Data security needs to become more ubiquitous, working across different computing environments. Companies have been focused on securing data at rest within a network, but are still struggling to protect that information as it moves between parties and outside of the firewall. Organizations also need to do more to educate their employees and customers as to the dangers of data theft and how to properly use the security tools in place to stem the tide.
ITD: Because data breaches have come from data centers as well as desktops, how should organizations pursue an overall security strategy to protect their information?
Sturonas: For IT teams within government as well as private organizations, the biggest concern is protecting the data of citizens and consumers. Legislation that is passed today is mostly centered around how data will be vigilantly protected. As an organization looks at how to keep its information secure, it should look to how data flows within it.
Gartner recently cited data security as the number one concern among organizations — and a difficult one. With diverse computing environments within the network itself, different needs and priorities between the data center and the desktop, and the many permutations of partner environments, organizations need adaptive security that crosses operating systems while it secures exchanged information, within or outside the enterprise’s perimeter.
What is needed is a kind of security that is agile, mobile, and pervasive — that frees data to move wherever needed, no matter the infrastructure of the endpoint, and regardless of the means of transmission. In essence, the solution lies in security that attaches to the data and does not rely on perimeters or communications tunnels.
Data-centric security is an approach that fills this need. It offers a flexible and comprehensive alternative to the more traditional security approaches. It can act as a standalone defense or as a complement to both network-centric and communications-based approaches. And since the security travels with the information, files can move across computing environments securely, no matter what transfer mechanism is used. PKWARE’s products present a data-centric approach to security through encryption.
ITD: There are several methods of encryption, what are the pros and cons of the various options?
Sturonas: As government organizations choose an encryption solution, there are several things to keep in mind when evaluating different options:
Ease of Use: If a solution is difficult to use, or not centrally controlled, employees will find ways to circumvent it. The ability of an organization to create and enforce policy surrounding how encryption solutions are being used is a critical success factor. Policy management not only dictates who in the organization is authorized to use encryption, but when and how it should be used. The easier the solution is to use, the better the solution.
“User Proof”: Misuse of encryption by employees is a risk of the data-centric security model. In some cases, employees have encrypted information and upon its exit from the organization, the information becomes inaccessible. To prevent this from happening, encryption solutions should include a contingency or master key feature, which allows the system administrator access to any files being encrypted by users within the organization. An integrated policy manager will also allow the organization to dictate encryption policy through an administrative interface.
Non-Disruptive: Many security solutions do not compliment an organization’s environment. The advantage of using a data-centric security model is that it compliments the security investments that organizations have already made.
Backward Compatibility: In many cases, files that have been encrypted must remain accessible for several years to remain in compliance with regulations and audit requirements, even after they have been backed up. Look for a solution that is standards-based and can open legacy file formats.
Scalability: In order to choose a system that operates as effectively on one computer as on 1 million computers, look for a solution that operates using a hierarchical security model that is compatible with a trusted X.509 standards-based certificate authority.
System Agnostic: Because data moves from platform-to-platform throughout your organization, your encryption solution should work on any major computing platform. As sensitive data moves to partners (customers and vendors), many different platforms need to be supported. The solution should be supported on all major IT operating platforms.
Future Proof Your Solution: Regardless of whether your organization is currently using a PKI environment, the encryption solution that you choose should allow you to operate using any security infrastructure. The only feasible approach to securing information is to take an encrypted, data-level approach to security. Anything less leaves companies, customers and partners at risk.
ITD: What do you feel is the potential for ZIP as a data security technology?
Sturonas: For years organizations have struggled to strike a balance between usability and security. There are many barriers to adoption for security solutions, but perhaps the most pronounced has been end-user awareness and training. SecureZIP is built the ZIP platform, the compression and secure container that is in use by millions of users and thousands of organizations worldwide. SecureZIP’s easy to use interface provides the familiarity of a ZIP solution to help encourage users to incorporate SecureZIP into their daily workflows.
Additionally, because PKWARE provides data security solutions based on the .ZIP standard, they complement existing security environments and provide data portability across all major computing platforms. As a result, it is the only data security solution that is genuinely scaleable; operating as effortlessly for a home or small business user as it does in large, complex organizations.
Managing files efficiently is an inherent capability of ZIP. Users can store any number of files within a ZIP container enabling all files to be secured and compressed in a single process, without the need to handle files on an individual basis. ZIP provides a means to store or transfer a single container, rather than multiple individual files, enabling the user to achieve maximum savings in storage space and email bandwidth.
PKWARE’s ZIP-based data security solutions inherently facilitate the potential for accommodating data and file sharing across new and emerging platforms and file formats.
Go Back
|
