Encryption for the Enterprise

Handheld devices and other mobile computing options can be the weak link in an IT Security plan


We have become a mobile computing society. Laptop computers now outsell desktop computers. Our handheld devices, which used to be simply phones and contact managers, now have the ability to create, store and transmit data quickly and efficiently.

For many business professionals, these mobile computing platforms are a “must have” and contain a great deal of confidential information. While having this information readily available is an extreme benefit from a productivity standpoint, it poses a serious problem from a security and privacy perspective.
Many business professionals still believe that the data on their personal devices and laptop computers is protected because they are required to login to the device using a username and password combination. Many are convinced that if they use a robust password, no one can get the data off of their laptops; however, if the data is only protected by a Microsoft Windows username and password, it is a trivial matter to break into the computer. First, it is possible to boot the computer using one of the many bootable Linux CD’s in existence, such as Helix (http://www.e-fense.com/helix/). A bootable CD can allow someone to access all files on the laptop’s hard drive and copy them onto a USB device. If the laptop does not have a CD or DVD drive installed, one can simply remove the hard drive from the laptop and connect it to another computer.

One of the best ways to protect data is to use encryption. Encryption uses complex mathematical algorithms to change plain text into gibberish, so it is unreadable. Decryption takes this garbled text and converts it back into readable plain text. As with any other security mechanism, some thought and prior planning needs to be completed prior to implementing any encryption mechanism.

File-Level Encryption
One of the easiest encryption options to implement is to use a file level encryption application like Cryptext. Cryptext is a Microsoft Windows shell extension that allows you to encrypt files and folders simply by right-clicking and selecting “encrypt.” One of the advantages of this type of encryption program is that the files remain encrypted until they are manually decrypted. The principal disadvantage of using a solution that encrypts individual files and folders is that they do not encrypt residual files and deleted files.

For example, whenever you create a file using Microsoft Word, 15 temporary files are created in the background. Several of these files contain the same contents as the original file. If you only encrypt the original file, the data it contains could be recovered from one of these temporary files. Granted, it requires special software and knowledge to recover this type of information, but for those with the knowledge, it is easy to do. Encrypting individual files and folders also does not encrypt deleted files, which can be recovered.

Another thing to consider when evaluating a tool such as Cryptext, is that it is not an enterprise-grade tool. If an individual were to use the software on a corporate computer and the individual were to die or become unwilling to provide the password to decrypt the files, it would be challenging to recover the encrypted data.

This content continues onto the next page...