Test and Analysis of several popular encryption software types in today's society

After testing a lot of encryption software on the market, I feel that this industry is really too much... there are only two types in general: one is single file encryption, and the other is environmental encryption! What should I do? Each has its own advantages! The two types of products have different design concepts and functions, and are constantly developing and learning from each other. It should be pointed out that most customers often do not pay enough attention to the choice of data leakage prevention products, and treat them as common software products. In fact, data leakage prevention projects are closely related to existing enterprise information systems, rather than simply encrypting some files or hard disks. According to the application in the past few years, in addition to choosing the right product, the data leak prevention project requires the customer's attention and cooperation, which is no less difficult than the ERP project. If you do not know much about it, the failure rate of the project is almost 100% when you select and implement the product in a rush. There are countless negative cases.
Project risks are divided into the following types:
1. Risk of cracking after Data Encryption
Document encryption controls the application software. The generated document is written into the key when it is saved. However, when the ciphertext is opened on a computer with the encrypted product client, the encryption software automatically decrypts the ciphertext before it can be opened normally. That is to say, the encrypted file still exists in plaintext in the memory, and the plaintext can be directly extracted through the "Read Memory, attackers can bypass encryption and have a low security level. Environmental encryption uses overall protection to encrypt illegal outgoing files. to crack the attack, the only method is brute force cracking, which is quite difficult, high security level.

2. Changes in people's habits
The smaller the usage habits change, the less resistance the project has to push forward. No matter what type of products, once launched, employees will inevitably be constrained by their previous behaviors. For example, in the past, you can use QQ to send files. Currently, all files that cannot be sent or sent are ciphertext. At this point, document encryption products have little changes to people's habits. Employees can freely send non-encrypted files, which is better than the overall protection products, however, the risk is also high, and employees may forge sensitive data into non-encrypted files. However, no matter what kind of products, employees must re-regulate their behaviors in a set way, which requires top-down promotion from the Enterprise.
3. Data Damage Probability

Encryption requires decryption, and there must be a risk of failed encryption and decryption. The resulting result is data corruption, which greatly affects the daily work of employees, resulting in the system being unable to be launched. In this regard, the overall protection products are far better than document encryption, because document encryption directly and frequently performs encryption and decryption on data, resulting in a high data damage rate, encryption of the overall protection products is at the data transmission boundary
The data itself is not processed, and the damage rate is very small. From past project experience, damaged data has almost become synonymous with document encryption products and insurmountable bottlenecks (especially in R & D and manufacturing enterprises with complex terminal environments ), this is not the case for overall protection products.

4. Application System Upgrade risks

As mentioned above, document encryption is encrypted by control software, which will inevitably involve software versions. For example, a document encryption software can now support word2010 and Microsoft will launch word2012 in the future, at this time, developers must add word2012 as a controlled software to implement encryption, and users may need to increase a series of fees for this upgrade. However, environmental encryption does not pose such risks.

5. Management System Change risks
Management System Change Risk Index after the launch of the data confidentiality system, the enterprise's management systems and processes have changed. At this time, the data confidentiality system must be adjusted accordingly. If the adjustment cannot be completed quickly and methodically, it will cause great interference to the normal management and production order of the enterprise. Document encryption products can only take "documents" as the main management dimension, and there is no direct correspondence with the management system. When the system changes, the personnel who are familiar with the document encryption system and management process must make adjustments. This adjustment does not involve standard steps and procedures, which poses a high operational risk. The design philosophy of the overall protection product based on the "Data Risk Management System" is closely related to the enterprise's management process. Any data confidentiality policy must correspond to an explicit or invisible management system. For example, the Black/White List Management and encryption control during external mail are exactly the same as the enterprise's external mail management system. When the enterprise management system and process change, you only need to find the corresponding policy and modify it to complete the corresponding adjustment work, which is simple and fast.

6. Product deprecation risks
Deprecation risks are the risks that enterprises face when they need to uninstall the data confidentiality system and restore it to the status before the system goes online.
For document encryption products, encrypted data is scattered on various terminals on the Intranet in the form of a single encrypted file, canceling data encryption will affect the business system and recover data. This is a complex and long process. The deprecation cost is no less than the online cost. This makes the enterprise's application information system completely held by the encryption system "hold", becoming a huge potential risk, may cause the enterprise to pay a heavy price in the near future.
For overall protection products, all data is transmitted and applied in plain text without any controlled policies. administrators can delete the encryption policies at the data egress at any time, quickly eliminate the impact of the encryption system on the original information system, and the risk of deprecation is extremely low.
Through the comparison of the above six points, we can draw a conclusion that for large and medium-sized R & D and manufacturing enterprises, the overall concept of protection products is more suitable. In the final analysis, the overall protection products focus more on matching and integrating with existing information systems and management systems, and document encryption products focus more on the impact and changes on operator habits. Therefore, the former requires enterprises to make certain investments and concessions.
Ensure the smooth launch of the anti-leak system, but the operation will be smoother and easier to manage and maintain in the future; the latter is more in line with the general customer's opinion on encryption products "do not disclose data, do not affect work", but there is a great potential risk; the former is more like a system, the latter is more like a software, the former is more suitable for the overall management needs of large and medium-sized enterprises, and the latter is more suitable for the rapid application of small-scale enterprises.
The above analysis is mainly based on the design concepts of the two types of products, but good ideas may not be included in the implementation. Therefore, it is very important to evaluate the manufacturer's strength and cases. Is the specific case true, the application environment requires more field visits and exchanges

Test and Analysis of several popular encryption software types in today's society