Wednesday, November 25, 2009

So Much Data, So Little Encryption

We surveyed almost 500 business technology professionals and found little end-to-end encryption use. Instead, we're doing only what auditors demand.

If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure--86% of the the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real story. Only 14% of respondents say encryption is pervasive in their organizations. Database table-level encryption is in use by just 26%, while just 38% encrypt data on mobile devices. And 31%--more than any other response--characterize the extent of their use as just enough to meet regulatory requirements.

The reasons for this dismal state of affairs range from cost and integration challenges to entrenched organizational resistance exacerbated by a lack of leadership. The compliance focus is particularly galling. Encrypting a subset of data amounts to a "get-out-of-jail-free card" because it may relieve companies from having to notify customers of a breach. But knowingly doing the bare minimum to check a compliance box isn't security; it's a cop-out.

Admittedly, IT pros often face stiff resistance when they try to do more. "Our IT staff is working to increase the use of encryption, but frankly, users are more interested in quick and easy access to their data and don't really think about security," says one respondent. "The idea of getting data on a flash drive or laptop encrypted never enters the minds of most of the staff, from the director on down."

We say entrenched resistance because this isn't a new phenomenon--back in 2007, a Ponemon Institute survey found that just 16% of U.S. companies take an enterprise-wide approach to encryption. Network Computing examined the state of enterprise encryption at the time and found adoption to be a gradual process, often starting with backup tapes and spreading from there. A piecemeal approach was the norm then, and we're still moving in fits and starts, despite the momentum generated by compliance frameworks such as PCI, which requires encryption of credit card data in transit.

The Interoperability Factor

Part of the problem is that standards efforts have yielded exactly zero breakthroughs where we need them most--in interoperability, which would make encryption management easier and less expensive. We don't expect that situation to get better anytime soon.

When we asked IT pros what would increase their companies' use of encryption, responses ranged from built-in operating system support for creating encrypted files and folders (something Microsoft is working toward, as we'll discuss) to improved ease of use and performance, lower cost, and better key management. A few desperate souls wished for more regulation, or even a breach that would require notification of customers, to use as leverage for gaining funding and management buy-in.

"I'd like to think that it would only take the force of will to do the right thing," says a network director at an educational institution. "In reality, it would probably require a breach or exposure to shine the light on the problem."

Our favorite response: "I wish I knew so I could exploit it."

Thursday, November 19, 2009

The Genesis Key announces a reseller agreement with EHI-INSM, Inc., for SecurVoice© Privacy Edition

Washington, DC., November 16, 2009 - The Genesis Key, Inc. (GK), the market and technology leader in secure communications with SecurVoice©, announced today the reseller agreement with EHI-INSM, Inc. (EHIINSM) for the SecurVoice© Privacy Edition. SecurVoice© is the world’s first completely secure voice, data and video encryption communication solution designed for government and enterprise customers who require communications privacy (ex. Health Care. Legal, Financial Services) and is now available to all corporations, companies and individuals, world-wide, through

The Genesis Key, Inc. is expanding rapidly by partnering with foundation partners whose customers require secure communications. EHIINSM will be providing SecurVoice© Privacy Edition, v1.0, utilizing the VOIP (data channel) function on the Blackberry 8830, 96xx or Tour, running version 4.5 OS and up, which interacts with the SecurVoice© Enterprise servers (SaaS Hosted) running at Rackspace Managed Hosting (a Sarbanes/Oxley, SaaS 70 and Symantec certified MSP), or locally at EHIINSM. Customers may also purchase and install their own Enterprise Servers in their environment. The v2v (Voice2Voice) function will be available in Q110. SecurVoice© was designed to meet the GSA’s FIPS 140.2 compliance validation and the certification process is underway. US customers who require a FIPS certified system may place an order and will be notified when the certification has been completed by the NSA.

“EHIINSM has a vast amount of experience in the IT Security space as well, providing integrated solutions for global enterprise clients, encompassing firewalls, vulnerability analyses, intrusion detection systems, and anti-piracy media protection products (Cerebus Media Security™) for our clients, helping them to avoid critical breaches and proactively assess future concerns in an automated fail-safe manner.” said Mike Stollarie, CEO, EHI-INSM, Inc. “Unlike our competition, who focus only on point solutions, we deliver a synergistic blend of products that deliver a cohesive solution, which is tailored to our client’s requirements. SecurVoice© is a welcome addition to the family.” said Stollaire.

Tuesday, November 3, 2009

Android's Smartphone Battle -

Android's Smartphone Battle -

From: Gartner | November 02, 2009. New Security in android not working yet... Read more at Gartner »

This article was submitted on November 02, 2009 at 08:45 AM PST
  1. SecurVoice by is addressing two distinct customer segments; Consumer Markets first and then Federal and State. Although our products have broad application, we have targeted the Banking Institutions, Financials Services, and Legal Confidentiality corporate market concerns, plus the US Government needs of Privacy (128-bit encryption) as our initial area of focus.

    Strategic and channel vendors with consumer distribution capabilities will be approached first. The proceeds from this raise will be utilized for product development and to build sales, marketing and support resources for these sectors. In the Federal and State initiative, SecurVoice will work to attain both Secret and Top Secret Certification from the U.S. Government and the NSA.

    By W. Steven Garrett Chairman at The Genesis Key, Inc.

    posted 1 day ago

Differences between Rim's solutions, including BlackBerry Enterprise Server and Microsoft Mobile Solutions

Found this free guide discusses the differences between Research in Motion's solutions, including BlackBerry Enterprise Server, and Microsoft Mobile Solutions, including Microsoft Exchange Server. Read as experts compare and contrast administrator experience and user experience regarding various features and functionalities.