ENCRYPTION TECHNOLOGY
The New Business Environment
By
Jasper Rose
Government
and business leaders must come to terms with the implications of the
War on Terrorism and the cataclysmic events of 2001. People are worried by the terrorist threats
directed at air travel and paper-based mail leading to a definite movement for
less face-to-face meetings and less reliance on traditional mail. Insurance
premiums are rising steeply, thereby forcing organizations to consider
distributed operations. The outcome is a change in the way we conduct business
and far greater use and dependence on electronic communications and networks.
As
organizations move more of their business processes onto these networks to
create new and viable business opportunities or improve efficiency, they are
realizing the implication, that rather than having one security perimeter to
protect, there will be many perimeters with many interconnections. Such
connections are vulnerable to attacks and steps must be taken to minimize the
threat to information during transmission based on a combination of business
needs and network risks.
For
years hackers have been breaking into computer networks. Once we could talk
about the hacker ethic, which said something like, “Information should be
free to all; you can look and explore but don’t touch.” Now, however, we
are seeing an altogether more dangerous phenomenon, the politically motivated
hacker or cyber-terrorist. There is a growing trend for hacker groups to
encourage attacks, as a protest against human rights abuses, lifestyle
choices, environmental issues, or political issues. It is clear that
businesses need to adopt a more diligent approach to network-based attacks on
their critical operations and information. Universal connectivity, coupled
with the reliance on commercial products and service providers, has eliminated
the possibility of absolute protection.
There
are solutions that deliver acceptable security, without exchanging one set of
risks for another that is equally threatening. The answer is defense in depth;
using multi-layer firewalls to keep the terrorists out, authentication to
validate users, intrusion detection and virus protection to discover the
attacks that beat the firewalls, and encryption to protect data. Make no
mistake, when connecting two secured sites with an unencrypted communications
connection, you lose control of the information. Of the choices above, only
encryption can put that control back where it belongs and ensure that, even if
an attacker succeeds in tapping your network, he will not be able to make
sense of the encrypted data accessed. Furthermore, he will not be able to make
meaningful changes to the data nor insert fraudulent transactions.
However,
encryption per se is no silver bullet. Certainly the right encryption must be
implemented, but it must also be managed securely. Without secure management
even the best encryption can be defeated; it will not keep a skilled attacker
at bay. The encryption and the secure management must be totally reliable and
must have little or no impact on network performance. There remains the
question of what form of networks should be used. Should an organization rely
on the Internet and lP security, such as that afforded by the Internet
Protocol Security (IPSec) standard, or are there other solutions? Of course
IPSec is an answer when an organization is faced with dynamic relationships or
low cost connections with customers or partners. But what about those
business-critical connections that carry the bulk of the corporate
information, is there a better solution? Absolutely.
More
organizations are realizing that private networks are much harder to attack
than those relying on the Internet and few private networks are attacked
successfully. The switched structure of private networks based on frame relay,
Asynchronous Transfer Mode (ATM) and point-to-point lines make them difficult
to access. All the high profile hacker attacks involve the Internet. For
business-critical connections, a private network is more reliable and by far
the most secure option, and recent price developments have meant that there is
little, if any, difference in the cost of operating such networks. Guaranteed
Quality of Service means networks relying on technologies such as ATM and
frame relay have an advantage, but even private networks such as these must be
secured using encryption, because you do not know who can access the fibers,
cable or satellites carrying the information.
Business
and government leaders are facing a period of great uncertainty where it is
clear that the level of threats will not be reduced in the foreseeable future.
There will be greater reliance on electronic communications networks carrying
data, voice and video traffic, which in turn will face greater threats from
cyber-terrorists and cyber-criminals and providing a defense in depth approach
to security will greatly contribute to the overall security of your business.
But, in the end, encryption, the tool for secure information transmission for
electronic communications, will play an ever-increasing role in making
today’s world a safer place to do business.
Search
Our Site
Search the ENTIRE Business
Forum site. Search includes the Business
Forum Library, The Business Forum Journal and the Calendar Pages.
Editorial Policy:
Nothing you read in
The Business Forum Journal
should ever be construed to
be the opinion of, statements condoned by, or advice
from, The Business Forum, its staff, workers, officers, members, directors, sponsors or shareholders. We pass no opinion whatsoever on the content
of what we publish, nor do we accept any responsibility for the claims, or
any of the statements made, within anything published herein. We merely
aim to provide an academic forum and an information sourcing vehicle for
the benefit of the business and the academic communities of the Pacific States of America
and the World.
Therefore, readers must always determine for themselves where the statistics, comments, statements and
advice that are published herein are gained from and act, or not act, upon such entirely and always at their own risk. We
accept absolutely no liability whatsoever, nor take any responsibility for
what anyone does, or does not do, based upon what is published herein, or
information gained through the use of links to other web sites included
herein.
Please refer to our:
legal
disclaimer
Home
Calendar The Business Forum Journal
Features
Concept
History
Library
Formats
Guest Testimonials
Client Testimonials
Search
News Wire
Why Sponsor
Tell-A-Friend
Join
Experts
Contact The Business Forum
The Business Forum
Beverly Hills, California U.S.A.
Email:
j[email protected]
Graphics by:
DawsonDesign
Webmaster:
bruceclay.com
�
Copyright bizforum.org, Inc. 1982 - 2009