Gartner: Keep encryption simple and standardised to cut cost and complexity

Businesses should consider self-encrypting drives (SEDs) for new installations that hold significant volumes of sensitive data, says Gartner.

Businesses should consider self-encrypting drives (SEDs) for new installations that hold significant volumes of sensitive data, says Gartner.

This hardware-based encryption method has little impact on the performance of the drive and allows for easy redeployment or retirement of disks because simply erasing the encryption key makes all data on the disk inaccessible.

SEDs ensure that laptop or desktop computers using them are always encrypted automatically as the process is transparent to the user.

However, businesses opting to use SEDs for encryption should also use third party key management systems to ensure data can always be recovered, Gartner analyst Eric Ouellet told attendees of the Gartner Security & Risk Management Summit 2011 in London.

There is growing demand for SEDs in laptops and datacentres, but Ouellet warned that the technology, although fairly mature, is not readily available.

SEDs form a very small proportion of the annual output of hard disk manufacturers, he said.

Highlighting the pros and cons on several other encryption methods, Ouellet said businesses should choose the one that meets their specific requirements without unnecessary complexity.

"Try to standardise on a single approach to encryption for the whole business to enable consistency across the different systems in the business, which will help keep complexity to a minimum and reduce the cost of deployment and support," he said.

A single encryption method will also enable IT to use a single key management system, further reducing complexity and cutting cost.

But businesses must also check that any system they are considering will work for every stage of the data lifecycle and that encryption keys will always be available over a long period of time.

Ouellet also recommended that organisations centralise all sensitive data to reduce the scope of encryption system deployments.

"The most common reason encryption projects fail is that organisations do not have an effective data classification program," said Ouellet.

Using tools such as data leakage prevention systems can be useful in helping organisations to identify sensitive data on the network and endpoint devices, he said.

The most effective encryption systems are those that are transparent to the user and require little or no interaction with users or administrators, said Ouellet.


Read more on IT risk management