|
A consensus is growing among IT security experts that security must focus on the data itself, instead of its physical location or the infrastructure (on-premise vs off-premise, specific geographic locations etc.). This helps ensure that data will remain safe even if physical access to the device holding the data is gained.
Encryption is one of the most effective data protection controls available today, as part of a defense-in-depth approach, being correlated with good authentication, authorisation and auditing. Data is encoded, using certain algorithms, be it with symmetric or asymmetric cryptography. When data is encrypted, the access is regulated through the distribution of keys, thus the risk is transferred from the content to the keys. While encryption partly shifts the burden of what needs protecting from the data itself (very large) to the keys (very small), some questions arise:
- Which is the main driving force of encryption: compliance with data protection regulation, protection of customer/user data from unauthorised access, protection from government surveillance or deterring theft ?
- When is the best moment to encrypt the data (before or after moving it to data centres? And who should manage and control the encryption keys?
- How to make sure that when moving encrypted data into and out of the cloud, you also benefit from the interoperability of keying methods, without being limited by the provider as regards to the computational/analytics services on that data?
- How to deal with situations where governments ban you from using some types of encryption software?
Discussions will be moderated by Graham Taylor, CEO of OpenForum Europe.
The event will be followed by a reception.
Please register here by Friday noon, 27th of March.
|
