 |
|
|
 |
|
|
Hot Topic
Encryption
The following information is excerpted from Secure Computing's free educational whitepaper, Effective Corporate E-Mail Compliance. Click here to download the entire whitepaper in PDF format.
E-mail has become the single most important method of communication in today's business environment. However, concerns surrounding corporate communication policy, intellectual property leaks and government regulatory compliance threaten to limit the usefulness of e-mail if violations go unchecked. Securing the safe transit of sensitive information must become a priority for enterprises wanting to ensure that they do not violate the privacy of their customers and business partners, or divulge sensitive information regarding their business, and organizations are increasingly evaluating encryption technologies to secure their business communication. Read more >>
Regardless of the technology selected (gateway-to-gateway or user-to-user), end users often are unaware of the need to encrypt sensitive information, which makes integrating policy-based encryption at the gateway critical.
Encryption - Determining what to encrypt
Companies must protect two types of sensitive information against information leaks. The first is private information, which includes customer data, patients' medical files and records, as well as employee information and records. The second is confidential corporate information, consisting of business and marketing documents, intellectual property and financial information. With the rise in value of information, especially proprietary intellectual property, the loss of confidential information can have a devastating impact on an enterprise's business (and stock price), and may severely damage its image and its customers' trust. In addition, patent laws require companies to protect any patentable information about their product(s) until the time they file for patent protection. If information is leaked before the patent is filed, it will be considered "prior art" and is no longer patentable. Another issue is the protection of trade secrets, as in the case of conflict with another vendor, a company must prove that it did everything it could to protect its trade secrets. Read more >>
Encryption - Contributing to Compliance
Haphazard handling of sensitive information has regrettably become commonplace in today's busy enterprise. From payment processing to healthcare information to corporate financial data, organizations are e-mailing sensitive information back and forth without so much as a second thought to the security of this information while in transit. However, strict federal regulations like HIPAA and Sarbanes-Oxley clearly spell out that businesses must secure this data at all costs, or risk severe penalties. Even without these regulations, the threat of having this information intercepted by a hacker should be enough to convince you that it's well past time to address e-mail encryption.
Effective compliance solutions should be able to determine and use the appropriate type of encryption depending on the content and/or recipient of the message. By doing so, they overcome the complexity of public key encryption systems by making encryption transparent to end-users and automated for administrators. Compliance solutions that offer multiple options for encrypting e-mail ensure that business partners need not have a similar solution deployed. These solutions will allow policies to be set to require e-mail sent to partners be encrypted, and then specify the level of encryption, reducing the need for IT staffs to manage multiple products. While each vendor will offer a different set of options for e-mail encryption, whichever solution you choose for your organization should offer several encryption techniques, including VPN technologies and both "push" and "pull" encryption methods. Read more >>
|
|
|
|
|
