Link: http://www.centrend.com

You probably have a long list of computer passwords, for when starting up your PC, to accessing your bank account online, or perhaps when checking your e-mail. Passwords are an important barrier to accessing private, sensitive or proprietary information. An electronic password is much like a key, in the physical world, that unlocks a file cabinet. Whoever possesses the key to that cabinet will have unhindered access to its contents. But, what are the situations where computer passwords are just not secure enough?

With the physical key and file cabinet, the concerns we have are that the key could be misplaced or stolen and fall into the wrong hands. It could be surreptitiously duplicated and distributed to unauthorized people. The lock on the cabinet itself can be tampered with or simply broken with brute force. All of these concerns are the same as what we have for computer passwords. All of these scenarios do occur, even with electronic data protected with passwords that are considered strong, and therefore not easily figured out.

Once access to the file cabinet has been achieved, all the information the key was protecting is exposed. But, what if there were a way, even if the lock were to be broken open, to make it so that the contents would be worthless? It would be great if the person who breaks into the file cabinet only finds a mass of unrecognizable shredded up paper. In effect, that is what encryption helps you achieve for your protected electronic data.

Encryption is nothing new, having been around since the ancient Egyptian times in the form of non-standard hieroglyphs, which was a method of symbolic substitution for words and phrases. With encryption, there is a key which enables the data to be deciphered. Modern electronic encryption is capable of encoding data in such a way that it renders it completely unrecognizable, and there are different levels of encryption available to suit the security demand. Encryption technology today also provides us with strong key methods that make unauthenticated use of keys impossible.

So, unlike password protection, an encrypted data file has been altered, so that the key is required not only to access it, but to make it readable as well. This is very important for data that rests on a portable device, such as a laptop computer or smart phone, and media such as CD-ROMs, or plug-in USB drives, because these devices and media can be easily lost or stolen. According to the Federal Trade Commission, 49% of all reported unauthorized data breaches were the result of lost laptops or other devices.

For the protection of its residents, the Commonwealth of Massachusetts has now made it mandatory that portable devices and media are protected with data encryption technology, when personal information is present. Other requirements are that we safeguard and protect our passwords. The keys to the encrypted files, or any other protected files, still must be of adequate strength, kept safe and not duplicated, distributed or left out in the open. For most organizations, encryption technology is a matter of policy for the sensitive, personal or proprietary data that requires the greatest degree of protection.

- Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135