Who should encrypt?



Information security is rightly at the top of the corporate IT agenda. Companies have new responsibilities to secure and police their data. And with...



Information security is rightly at the top of the corporate IT agenda. Companies have new responsibilities to secure and police their data. And with encryption technology now becoming available on millions of desktops, they have better technology to prevent unauthorised access.

But how deep should encryption go into the organisation - and is there a business case for using it? You need to know how encryption rights fit into your data protection policy.

Ignore those that want to sell you a public key infrastructure which you may not need, and pay better heed to those that ask, "what do you want to be able to do?"

When the Regulation of Interceptory Powers Bill becomes law, your IT department could be in the role of first-line policing - if an end-user is investigated you may be asked to produce their private key. If it has been lost or destroyed, someone could go to jail.

What all this means is - you need an IT security policy. A sophisticated approach to security involves risk assessment and risk management. This will allow you to decide who should encrypt data and how.

For all IT users' scepticism on security, smart spending now saves time, money and business confidence in the long-run.

This was last published in March 2000

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close