Enterprise Security Trends Blog | HP Blogs

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

Top Ten Trends in Encryption, Certificates and Key Management – Part 2

by PaulSchwarz on 08-22-2011 09:41 AM - last edited on 08-22-2011 09:41 AM

In Part 1 of this blog, I described Trends 1 – 5 in encryption, certificates and key management. Trends 6 – 10 are listed below:

 

6. User Transparency – organizations are recognizing that expecting users to enter complex passwords and go through multiple stages of authentication can be counter-productive. There is a trend towards making the use of certificates and keys transparent to the user. An example of this approach is Microsoft DirectAccess which automatically connects a Windows 7 laptop to a central infrastructure using IPSec with both machine and user certificate authentication


7. File and Folder Encryption – there is an increasing interest in encrypting files and folders at the application layer instead of, or as well as, at the network layer or on a drive volume basis. This can extend to Digital Rights Management solutions in which only certain individuals are authorized to view a file

 

8. Self Encrypting Drives – laptop hard drives can be ordered with a self encrypting option, so that there is no requirement for software based encryption such as Microsoft Bitlocker. This is inherently a robust approach as the encryption key is stored within hardware, all data is encrypted, and decryption takes place on the drive, without using laptop processor or memory, resulting in high performance


9. Certificate and Key Management – SSL server certificates are increasingly used not only for applications such as Internet banking and credit card payments, but also for a wide range of back end server to server communications. All certificates have an expiry date, and when a certificate expires, the service fails. There are now tools available to introduce workflow and automate the process of certificate renewal. Similar tools can be used for management of SSH keys

 

10. Hardware Security Modules (HSMs) for Certificate Authority servers – most new implementations of Certificate Authority servers now use virtual machines, however it is important to protect the private keys of the Certificate Authority itself as this is a fundamental point of trust. This can be done by means of a network based HSM to which the virtual certificate authority servers communicate

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Comments
by Trends(anon) on 10-24-2011 07:31 AM
Options

Nice site! I am loving it!! Will come back again ??taking you feeds also, Thanks.



0
by pgp encryption(anon) on 11-25-2011 07:26 AM
Options

I enjoyed every bit of your article. It is very informative and helpful to me as well as to all the commentators. Thanks for taking the time to discuss on this. I will love to read more from you.

0
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
  • After graduation from Oxford University, Paul developed laser technology for NASA satellites, before moving into IT Security at Cable & Wireless in 2000, where he led the development of Internet Security Services. In 2005, Paul joined Vistorm, now HP Enterprise Security Services, as a Security Architect, where he is technical lead for mobile device and endpoint security solutions. Paul is CISSP and ITPC certified, is a CLAS consultant and M.Inst.ISP. He has recently completed the MSc Information Security at Royal Holloway, University of London.
  • A business first, senior executive, with over 20 years of hands on experience in defending banks, governments and corporations against cyberwarfare. My career in security started when I was employed to crack a secure system, which had locked down the boot process, whitelisting of applications and encrypted disks. I linked TeamOffice (an ICL email and collaboration system) with Microsoft Word to send an email which allowed me to do anything the person reading the email could do and send the results back to me, all without there knowledge. Having proved this vulnerability, I worked with Peter Simpson to create Defuse, a tool that blocked inappropriate actions. This successfully blocked Winword Concept, the first known malicous code in the wild. From these begginings I have investigated all aspects of security to provide an holistic approach to security as a business enabler and currently advising organisations on the suitability of the cloud to their needs.