In today’s hostile computing environments, IT professionals must take decisive action against security threats or face legal consequences, reputation damage, trade-secret loss or business failure.
One way that I encourage clients to enhance the security-posture of their IT investments is through cryptography. Cryptography is the art and science of secret writing. In IT, cryptography is the science of providing security for information. It is used to protect information (and resources) on both open and closed networks.
When properly implemented, cryptography can strengthen the security level of business systems and processes by providing indisputable proofs that data is secure and authentic. Not to mention, the use of cryptography can address a broad array of threats and immediately reduce vulnerabilities.
All hardware, networks, operating systems and applications use cryptography.
Cryptography is a means to enhance the protections provided by existing technologies and processes. For example, existing investments in identity or firewall solutions can be made more secure by using cryptography. To strengthen an existing investment in a VPN, for example, the connection could require the use of client certificates and passwords. This would enable two-factor authentication without the deployment of a brand new system.
Cryptography can also pay big dividends, but only if implemented properly. It is important that the design and implementation of a cryptography solution cover the details. For example, up-to-date algorithms and strong storage of the private key are critically important. The latter is important for both security and ROI. Many deployed devices already have Trusted Platform Modules (TPM) for secure private keys, but they are under-utilized or not utilized at all. As a result, the capital investment the made in devices is not yielding the highest ROI that it could.
Operating a cryptography solution requires experience.
Not only does a successful cryptography solution need to be properly implemented, but properly maintained. The keys, algorithms, implementations and processes involved with cryptography are always evolving. A seemingly benign change in an algorithms’ implementation can lead to a system being less secure. In turn, governance, compliance or vulnerability issues arise. So, in order to keep abreast of the changing security and cryptography landscape, clients must have a plan to maintain and manage their solution.
Simply put, the design, implementation, and operation of cryptography is more than just a point-solution. Most IT vendors simply offer to set up a certification authority server, but Blue Chip offers a more holistic approach. At Blue Chip we…
- Increase the security of public key-enabled applications.
- Train IT staff.
- Enable effective processes.
- Maintain and manage cryptography solutions to ensure secure computing long-term.
Not only does this approach offer a more secure solution, but also a higher ROI.
Interested in learning more about cryptography or Blue Chip's services? Contact us today and learn how we can help you maximize the security and ROI of your existing technologies.