Inside the Firewall: Will Bigger Encryption Keys Keep Your BI Data Safe From Harm? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management

Inside the Firewall: Will Bigger Encryption Keys Keep Your BI Data Safe From Harm?

With a solid firewall, you may think your sensitive data is safe, but have you prepared for an attack from within? "Significant numbers of attacks are now coming from inside the firewall," says Yankee Group analyst Jim Slaby.

With a solid firewall, you may think your sensitive data is safe, but have you prepared for an attack from within? "Significant numbers of attacks are now coming from inside the firewall," says Yankee Group analyst Jim Slaby.

Some of the attacks are intentional, but many are not. "A user can inadvertently pick up spyware or a Trojan horse outside the security bubble while, say, working at home or at a Wi-Fi hot spot," says Slaby. "These can give outsiders a back door to security profiles and the location of sensitive data."

It takes sophisticated software at the network edge to detect these threats inside the firewall when the user reconnects at work. "Very few organizations have these edge systems in place," says Slaby. Cisco has Network Admission Control (NAC), "but it's big and complex and not all Cisco products support it yet." Microsoft's Network Access Protection (NAP) won't be ready until Longhorn, the next major Windows revision, is released — in a year or more.

To thwart internal attacks, consider encryption inside the firewall, which offers an additional, application-level layer of security. Most business intelligence vendors offer some encryption capabilities inside the firewall.

Business Objects recently announced new 128-bit encryption for user security profiles, data source locations for sensitive reports and reporting business context. BusinessObjects XI includes the RSA BSAFE, 128-bit asymmetric encryption product.

Rivals Cognos and Hyperion also include encryption for this class of information in their products, but only at the 56-bit level. Both say governmental restrictions on technology exports make automatic inclusion of 128-bit encryption impractical. Meanwhile, MicroStrategy says it has shipped 128-bit encryption with its BI products since 2000.

Business Objects counters that its longer bit length isn't used for document encryption or keycode generation and authentication, so legal restrictions aren't a concern.

All these vendors support 128-bit SSL encryption standards for communicating over the Web.

When it comes to encryption keys, does size matter? A longer key doesn't necessarily buy you more security if your encryption algorithms are weak. Microsoft learned this the hard way with NT 4.0, Slaby points out.

A sloppy security implementation can also trump the numbers. "Strong encryption can be like putting a bank vault door on a tent," says Trent Henry, analyst with the Burton Group. "Often attackers can ignore the cryptographics and find other points of entry."

— Mark Leon

ENCRYPTION PRIMER

KEY LENGTH SUMMARY
DES 56-bit Once nearly uncrackable, now considered inadequate to defend against brute force attacks
TRIPLE DES Effectively 160-bit Three times slower than DES but, properly implemented, is very secure
RES ADVANCED 128-bit Considered virtually uncrackable at present

[ KEY PERFORMANCE INDICATORS ]
Long-Term Web Visitor Tracking

As many as 39% of online users may be deleting cookies from their primary computer every month, says a recent Jupitermedia report. Nearly 60% have deleted their cookies in the past year. Cookies are the primary resource Web analysts can exploit to track behavior of visitors returning to their Web sites over time. Rampant deletion of cookies degrades reliability of this analysis.
Strategic RFID

Most manufacturing companies implementing radio frequency identification (RFID) tagging are doing the minimal "slap and ship" to comply with big customers' mandates: Slap the tag on the finished product and send it on. New initiatives by SAP, Intel, Hewlett-Packard and others are moving us closer to figuring out how to use RFID more strategically, in asset management and SCM.
Risk of Patent Violations

Do you have insurance against open-source patent violation lawsuits from companies such as SCO? This might lower your premium without raising your expenses much: Black Duck Software's protexIP software is now available as a hosted service, so if your environment doesn't require investment in the installed software, you can still check your systems to ensure they're legit.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Commentary
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll