Protecting Your Sensitive Information with Encryption

“Lost or stolen data can cripple a business’s reputation and fnancial standing,” says Than Tran, product marketing manager at PGP Corp. of Palo Alto, Calif. “A business must ensure e-mails containing sensitive information are kept secure and that they comply with privacy laws to assure safe transactions for their customers and the privacy of their employees.”

Tran explains that there are several different methods of e-mail encryption. Endpoint-to Endpoint represents full encryption from the originating device to the recipient device. This method provides the highest level of security by allowing no intervening points at which plaintext data can be read by anyone but the intended parties. The drawback is that this mode also creates the greatest amount of complexity from an implementation, administration, and management perspective. This complexity mainly results from the fact that encryption software must be installed and maintained on the endpoint that integrates with the client e-mail reader software.

“Another variation on this is Gateway-to-Gateway,” says Tran. “It is like Gateway-to-Endpoint, but adds an encryption gateway on the recipient’s side, thus eliminating desktop software and administrative costs on that end as well.”

Finally, there is Gateway-to-Web, which provides access to sensitive data via a Web server, possibly co-located on the gateway itself. The data is typically protected via transport layer encryption, such as Secure Sockets Layer (SSL). This allows secure communication to occur with any recipient, regardless of its architecture or level of sophistication.

“In this scenario, a standard message is sent to the recipient, advising that a secure message is waiting at the gateway,” says Tran. “The recipient retrieves this message via a secure connection, which may also require authentication with credentials delivered by an out-of-band mechanism.”

It is supplemented at the desktop level by PGP Desktop Email, which is managed by PGP Universal, to secure e-mail, data stored on disk, and AIM traffc. It also provides digital signature capability.

“PGP Whole Disk Encryption technology is used for full disk encryption, securing all date including often overlooked temporary, swap, and hibernation fles that include copies of sensitive data, fles and e-mails,” says Tran. “As a business grows and requires more bandwidth/security it is best to then upgrade to PGP Universal Series, a robust and scalable e-mail encryption platform.”

Tran offers some advice for businesses with regard to e-mail encryption.“The challenge for e-mail encryption is to select a solution that will support the growth and changes within the business’s e-mail architecture and will also be leveraged by non-email applications requiring encryption services,” he says. “It is absolutely vital for a company to encrypt not just e-mails but also fles that contain sensitive information with the highest level of protection. It can be a costly and devastating set back to a business, if sensitive data is exposed to unintended personnel.”

Reason? According to Gartner, 84 percent of high-cost security incidents occur when insiders send confdential data outside the company without properly securing the data.“Different companies have different needs and should assess its own risk before deciding to implement a security solution,” says Tran. “Furthermore, it is critical that a business conducts frequent audit of its security procedures, processes and technologies in order to comply with ever changing regulations.”