Encryption is safe bet, says SafeNet

Encryption is the only thing that can give peace of mind to CIOs and CISOs, says Dave Hansen, president and CEO of security firm SafeNet

When all else fails, encryption is the only thing that can give real peace of mind to CIOs and CISOs, says Dave Hansen, president and CEO of security firm SafeNet.

“The reality is that data leaks, but when it happens, there is less reason to worry if the data is encrypted,” he told Computer Weekly.

One of the biggest challenges facing organisations, says Hansen, is how to secure data as economic constraints are accelerating moves to lower-cost cloud-based services.

“Failure to encrypt virtual servers and data stores is a problem waiting to happen," he said. "It is important that virtual images and servers are encrypted, yet few organisations are doing it.”

This is why Hansen believes authentication, encryption and key management are good markets to be in as this shift takes place, putting SafeNet in a good position to solve important security challenges.

Strategic partnerships

The information security and cloud veteran has his eye on strategic partnerships, just months into his leadership role at SafeNet to ensure the company is able to make the most of its core technologies. 

A key partnership is with VMware around SafeNet’s technology that enables virtual machines to be encrypted and access to be blocked to everyone except the owners of the data.

Hansen believes the technology will go a long way to easing security concerns, which have been one of the biggest barriers to adoption of cloud-based services, infrastructure as a service (IaaS), in particular.

READ MORE ABOUT ENCRYPTION:

Fear is one of the biggest barriers

Apart from cost, one of the biggest barriers to adoption of encryption by the enterprise has been fear of managing encryption keys.

This is another area where Hansen claims SafeNet is well-positioned. “We are continually working at making it easier and less intrusive,” he says.

SafeNet is set to demonstrate its latest successes in this regard for the consumer space at RSA Conference 2013 in February, with the promise of taking these advances into the enterprise space.

SafeNet’s research and development is mainly focused on enabling encryption and key management for new and future platforms, says Hansen, like cloud and mobile.

SafeNet aims to be at the heart of enterprise

A recognised innovator in the security industry, his aim is to put SafeNet at the centre of the enterprise, managing all encryption keys across multiple security technologies.

“I want to explore things like dynamic federation and find ways to enable authentication for new services adopted by an enterprise,” says Hansen.

Currently SafeNet is focused on helping businesses to secure web services like those offered by Amazon (AWS) in a way that is independent of the service provider.

“The service providers do not have to be involved – the organisation that owns the data manages their own encryption keys,” says Hansen.

Although the risk profile goes up slightly if a service provider manages the keys, he recognises this as a potential route to market.

“We would like service providers to be involved, to use our technology to offer security as an additional service to their customers,” he says.

Companies need to get more comfortable with encryption

Before that happens, however, he believes companies will have to become more familiar and comfortable with encryption for data in the cloud, and that they are more likely to start experimenting with the technology in private clouds.

Another problem that many businesses will have to tackle, says Hansen, is the fact that it is now easy for business units to procure cloud-based business systems without going through the IT department.

 “I see this happening in many companies, with finance departments among the worst offenders. The problem is that IT usually only find out this is happening when there is a data breach,” he says.

The migration to the cloud is largely unplanned and consequently many companies are unaware of how many web-based applications are services are being used by the business.

“I know one company that had around 27 web-based applications officially, but it turned out that in reality more than 900 were in use throughout the business,” says Hansen.

He believes this is an important problem that businesses have to tackle, along with data leakage through personal web-based applications by looking at all connections made through the corporate network.

Hansen also emphasises the importance of security awareness among employees of any organisation. He believes in mandatory training at least once or twice a year.

Read more on Cloud security