New Laws, New Technologies Sell IT On Encryption

Amid seemingly endless reports of lost laptops, some states have written laws that give companies a break if they encrypt data, letting them go without reporting a loss. Yet encryption can be costly and complicated, which has companies exploring not just what's available today but what's on the horizon that could make it easier and more effective.

Some big changes on the way involve desktop encryption. Windows Vista BitLocker Drive Encryption is the future of encryption for Microsoft users. The data protection feature is scheduled for inclusion with the Enterprise and Ultimate versions of the forthcoming Windows Vista operating system, as well as in Windows Longhorn server. It's designed to protect data on PCs and servers that have been lost or stolen, or whose hard drives missed out on a thorough scrubbing before being decommissioned or resold.

BitLocker encrypts all user and system files, as long as the hard drive where the data resides is original to that PC. That way, thieves can't plug stolen hard drives into their own PCs to access drive data. BitLocker locks the normal boot process unless users supply a PIN, much like an bank-card PIN, or insert a USB flash drive that contains the decryption key.

Those using a PC that features Trusted Platform Module 1.2, a chip attached to the PC's motherboard that performs local key storage, don't need a USB drive to supply the key, says Stephen Toulouse, senior product manager in Microsoft's security technology unit. That way, if thieves remove the hard drive from the computer and motherboard, they can't use the data. TPM is expected to make its way onto PCs shipping this year, including machines from Dell and Hewlett-Packard.

When it comes to lessening encryption's slowdown of the network, CipherOptics will by the end of this month introduce a 10-Gbit IPSec encryption product to accommodate the growing demand for 10-Gbit Ethernet connectivity as voice, storage, and corporate E-mail networks clamor for their share of the same high-speed connections. CipherOptics SG10G-B lets IT managers allocate bandwidth to encrypt different types of network traffic.

Then there are the more theoretical security approaches in the works. IBM envisions a system using the principles of quantum physics to foil packet sniffers that hackers use to intercept information across computer networks. It requires making the data elements in fiber-optic lines as small as physically possible--the size of a single photon, to be exact. Since the state of one photon influences others, if a packet sniffer diverts even a single photon, the whole message chain shuts down. Through their AlphaEta cryptographic schemes for optical systems, Northwestern University research- ers are working on a related system to speed transmission times by sending more than one photon at a time. Another group, led by Acadia Optronics, the U.S. Defense Advanced Research Projects Agency, and the National Institute of Standards and Technology, is working to amplify photon signals so an experimental quantum cryptography system could work at speeds up to 1 Mbps.

Perhaps the most important factor that would help encryption win IT hearts and minds is an easier way to securely exchange keys between networks. KoolSpan looks to do just that with a net-work appliance that handles key management on one end and gives users USB tokens that plug into PCs and decrypt data on the other end. Says Tony Fascenda, CEO of KoolSpan: "The exchange of keys is the bane of any encryption system."

Return to main story, Encryption Works Wonders, But Causes Its Own IT Headaches