Information security is rightly at the top of the corporate IT
agenda. Companies have new responsibilities to secure and police
their data. And with encryption technology now becoming available
on millions of desktops, they have better technology to prevent
unauthorised access.
But how deep should encryption go into the organisation - and is
there a business case for using it? You need to know how encryption
rights fit into your data protection policy.
Ignore those that want to sell you a public key infrastructure
which you may not need, and pay better heed to those that ask,
"what do you want to be able to do?"
When the Regulation of Interceptory Powers Bill becomes law,
your IT department could be in the role of first-line policing - if
an end-user is investigated you may be asked to produce their
private key. If it has been lost or destroyed, someone could go to
jail.
What all this means is - you need an IT security policy. A
sophisticated approach to security involves risk assessment and
risk management. This will allow you to decide who should encrypt
data and how.
For all IT users' scepticism on security, smart spending now
saves time, money and business confidence in the long-run.