Langa Letter: Easy Encryption - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:07 PM
Fred Langa
Fred Langa

Langa Letter: Easy Encryption

Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.

A recent change in federal privacy laws is causing huge numbers of IT departments to examine the steps they take to keep data secure. Although the specific law affects organizations that store or process medical records--hospitals, insurance companies, human-resource departments, and so on--the change actually touches on an even larger issue, that of keeping any kind of private information truly private, as this reader letter suggests:

Fred, I do medical research and am being asked for recommendations about keeping medical data secure. As you probably know, a new set of regulations took effect on April 16 pertaining to privacy of medical records. These are the so-called "HIPAA standards " I'm glad that the new regulations are inspiring people to pay closer attention to this topic and would like to respond to their questions. Very frequently, researchers use portable media (notebook computers, mainly, but also Zip disks and PDA's) to transport their data, and most statistical-analysis software doesn't claim to offer even a modicum of security. So I'm asking for advice. Specifically, what measures do you and your readers recommend to secure sensitive data that resides on a notebook computer? There are several software products that encrypt individual files and create encrypted virtual drives. Which of these products do you recommend, if any? --Paul Falzer

Any form of encryption--file-, folder-, partition-, or disk-level--can substantially improve your data security by helping to ensure that only you (or those you authorize) can access the protected data. But picking both the right type of encryption, and then picking the right tool, takes a little digging: As with most things technoid, there's no absolute right or wrong answer. What's right for one circumstance may not be optimal in another. File Versus Disk Encryption
For example, I personally prefer file- or folder-level encryption tools to whole-disk solutions. Although I have a number of sensitive business records on my system that need high-level protection, most of what's on my hard drive isn't worth worrying about. For me, a tool that encrypts everything on a hard drive would simply waste time and CPU cycles in processing these nonprivate files. I prefer to pick and choose exactly what gets encrypted and when.

I also prefer file- or folder-level encryption because, unlike whole-disk methods, a single failure in the encryption system cannot take out the entire PC. For example, a whole-disk encryption tool may encrypt system files, and also may require that special low-level drivers be loaded at boot time. (This is especially the case with "virtual disk" systems that create an encrypted file that must be mounted, like a disk drive, for use.) A problem with either of these kinds of whole-disk encryption systems might render all your files inaccessible. In contrast, file- or folder-level encryption can be constrained only to data that really needs protection, leaving boot- and system-level files untouched. This way, a problem in the encryption system will at least leave your PC able to boot and run, so you can perform whatever backup, restoration, or repair is needed to recover the damaged files.

Another drawback to disk-level protection is that it usually operates in an "all or nothing" mode: Once you've unlocked the encrypted disk, all files on the disk are open and available for use. This means that anyone with access to the PC, either physically or electronically, also may have access to everything on the disk, just as if it were never encrypted.

In contrast, more granular encryption, such as at the file level, prevents this problem because opening any one encrypted file leaves the others untouched: Anyone with physical or electronic access to a PC can access only files that have been unlocked, leaving the others secure.

File-level encryption also makes it easy to move, E-mail, or copy the data without compromising its security: The encrypted file remains encrypted until the decryption tool is explicitly invoked. Disk-level tools (and some folder-level tools), especially those that try to be ultra user-friendly and "transparent" to use, may automatically decrypt files when moved, copied, or emailed. I much prefer a form of encryption that requires a deliberate action before the data is decrypted.

The tool I use most is File2File, a free Windows utility by Cryptomathic. Like many current encryption tools, it uses AES, the "Advanced Encryption Standard" with a 128-bit key. Assuming you use a good passphrase--no less than seven characters long, containing at least one number and one symbol character (e.g., punctuation), not containing your name or user name or any simple variation thereof, and not a common word or name (nothing found in a dictionary)--128-bit AES provides reasonable security for most routine needs. (For more information on generating secure passwords. see the resources at Passphrase FAQs or see the section called "Passwords And Availability" on page two of XP Professional's "Remote Control".) Cryptomathic also offers many other security tools, including more advanced E-security suites and toolboxes.

But those are my preferences--yours may be different, and you may need more or less security. Let's take a look at some specific options, up to "military-strength" ciphers:

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll