Thursday, October 2, 2008

Data Security: Encryption with TrueCrypt

The onion analogy is used by security people to describe the many different aspects of a complete technology security program. Application security, network security, operating system security, physical security, people(social) security, etc. A business' technology environment is made up of many components that must each be addressed and analyzed.

The core reasons for comprehensive security can be distilled down to a few items: 1) Availability - keeping business systems running, 2) Integrity - not allowing data to be corrupted/poisoned, 3) Privacy - not allowing data to become public. I'm sure others can chime in other reasons as well, but I use these 3 as my core values with any security considerations. I will however throw in one collateral value that comes from these 3 but is paramount in today's world - corporate image / trust. A company that has lost consumer trust / confidence due to a security breach, even though they have minimized / mitigated any of the 3 core values, will experience severe hardship (and likely legal penalty).

Doom and gloom aside - there is one tool out there that offers some piece of mind for some layers of the technology security onion - TrueCrypt. TrueCrypt is a freely available tool for encrypting data, including entire operating system hard drives. It is a multiplatform tool that runs on OSX, Windows(2000,XP, Vista), Linux and can be ran directly off of removeable media(USB stick, etc). A file / disk encrypted with TrueCrypt can be accessed by any other computer that can run TrueCrypt if the password is known. TrueCrypt can even create 'hidden' encrypted drives that are only detectable by someone who is aware of its existance.

Here are a few common business situations that TrueCrypt can help out with. A lost/stolen laptop who's hard drive has been encrypted with TrueCrypt. A lost / stolen usb drive that has been encrypted. Server(s) stolen from the office / co-location. Securely sending sensative information on a CD/DVDs.

In my office all USB drives are required to be encrypted and catalogued. The next image developed for mobile computers will feature full hard drive encryption as well.

Stumble Upon Toolbar

No comments: