Encryption may be an excessive precaution

Storage online message: many IT managers who recently attended a security conference warned that, when data is transmitted over the enterprise network, data encryption may become a branch problem facing organizations and enterprises.

Warren Axelrod, Business Information Security Officer of the US trust financial services company, explained in a user discussion group speech this afternoon about enterprise data protection that, in many cases, encryption may be an excessive precaution.

"When people only need to send a phishing attack email or attach a keyboard record software to the email to steal sensitive information, why are they still trying to attack an encrypted file? You must consider the results. Cyber Criminals will launch attacks in the simplest way ."

These opinions were raised by Tom Bauer, a group member, a former Information Security Officer in the pharmaceutical industry, and a security constructor. "Encryption can solve many problems, but it is not an all-powerful or final solution," he said ."

The American Trust Company akcelrod did not explain what form of terminal security measures he used in his organization, but he explained his back-end memory principle. "I believe in data restrictions. His basic requirement is to delete the data once it expires," he said ."

He generally keeps his emails for three years and IRS-related data for seven years. He believes that deleting data is the best way to minimize security risks. "If you do not do this, you must report the data if it is lost," he said ." He said that deleting data also reduces the technical layer in the infrastructure. "If you encrypt the data, you will face many key management problems ."

Like akselrod, other members of the Group also focused on terminal security issues, but they warned that some users had made this too complicated. Kevin Geely, vice president of Ipswitch security file transfer, said: "We have a lot of security products available, they have many good features, such as requiring a password with at least 15 digits, or you cannot use passwords that have been used for the last 10 times." He added that the password will be changed every 90 days. "It's just not practical. That's why we use a 7-digit phone number ."

Other users have also raised security issues brought about by portable media and laptops, which have become a major challenge for IT managers and chief information officers of companies and organizations. Brad Taylor, System Architect at Eplica service providers, said: "For our IT companies, IT is okay to ensure the security of data in databases and storage. But I can take all of my financial data out of my company, and I can copy them to a USB 2.0 disk and then hand it over to anyone ."

Some vendors, including SanDisk, Lexar, and Seagate, have developed their own solutions that can lock data on laptops or USB disks.

In another group discussion today, about 1/4 of the more than 20 attendees admitted they would encrypt their laptop hard disks. Eric Miller, security analyst at Allstate Insurance, said: "We have been doing this all the time. If you open the hard drive of your laptop, you will have a better night's sleep ."