Encryption will play an increasingly central role in the future of mainstream enterprise security. In a more distributed, yet closely unified infrastructure where the emphasis is shifting away from simply securing the enterprise perimeter, cryptography is vital for data-level protection to guard information assets and enforce robust access controls for users, devices and administrators.
According to nCipher, Until now, organizations have set up a perimeter ´security walls´ and regarded everything on the inside as safe. Now the distinction between inside and outside is disappearing, driven by the on-demand business environment and practical needs of mobile data users.
Cryptography is already the de facto way of securing sensitive web traffic and it is now reaching across the entire enterprise as companies start to use industry-standard protocols such as SSL internally – even between servers only a few feet apart.
IT security professionals are also examining the protection of data at rest within the enterprise through the encryption of databases, file systems and storage devices. And applications are increasingly being enhanced to validate data integrity and improve audit ability through the use of digital signatures.
“Securing sensitive information is no longer a simple question of whether to grant a user access to the network, or deny it. Increasingly, CIOs want to define and enforce robust policies that govern not just what information an individual may access, but also other conditions such as when they may access it and from which machines,” says Dr Nicko van Someren, Chief Technology Officer at nCipher.
“As enterprises incorporate smart-cards, trusted platform modules and other hardware-based authentication and encryption technologies into the security infrastructure, they will need sophisticated key management technologies from companies with in-depth experience in hardware-based cryptographic security,” add van Someren.