Modern Encryption - So Easy a Caveman Could Do It
By Emmett Jorgensen
One of the obstacles we often face when selling encrypted flash drives involves the "ease of use" argument. Companies want to add security, but are reluctant to inconvenience their users or add costly infrastructure. It's understandable; if a solution is difficult to utilize, users won't use it (or won't use it correctly).
We've all seen those Geico commercials where the offended Neanderthal storms off over his portrayal as a simpleton. We chuckle; maybe think of someone we know that fits that description, then don't give it much of a second thought.
The truth is, this is how IT Admins often treat their users. Maybe it is an elitist view or maybe they don't want to burden their workforce with a cumbersome product that is going to require additional infrastructure and make their already hectic work more complicated.
Which leads me back to encryption and the perception surrounding secure or encrypted products. There is generally a view that if a product utilizes encryption it is complicated, time consuming or a general hassle to use. While this may have been the case ten years ago, modern encryption is an easy to use feature these days.
A recent article in Healthcare Info Security entitled "Encryption: Overcoming Resistance" discusses this perception. According to security expert Melodi Mosely Gates, "information technology specialists have outdated perceptions about the technology". The article goes on to state that "As a result, Gates advises security specialists to launch small-scale pilots of encryption to demonstrate the technology is now practical and affordable."
While it is true encryption has come a long way in the last few years, not all solutions are created equal. Some things to look for in an encrypted product:
Ease of Use (User Side)
- Is it hardware encrypted or is there software that needs to be installed?
- How is the product or solution going to impact performance?
- Can it be managed relatively easily?
Ease of Use (Administrator Side)
- Can you manage keys
- Can you easily reset passwords if necessary
- Encryption: Is it hardware or software encrypted (see below)
- Has it been certified by an independent entity on its security features?
- Is it manageable: can you exercise some level of control when it is not directly in front of you?
Regarding the encryption bullet; there needs to be a distinction made between software based encryption and hardware based encryption.
Current hardware based encryption products hold several distinct advantages over software encryption.
1.) Performance - Hardware based encryption is significantly faster than software encryption.
2.) Security - Hardware based encryption is generally more difficult to break or find vulnerabilities than software based encryption.
3.) Ease of Use - Hardware encryption generally require no administration rights to use, has no software to install, and has less software conflicts.
These are all important things to take into consideration when evaluating the security of product or service.
Adding encryption is a relatively easy and cost effective way to secure your organizations data without adding significant cost or complexity. For organizations dealing with confidential information (healthcare, banking, government) it should be mandatory.
If you haven't looked into it recently, investigate some of the options out there. You might be pleasantly surprised.