Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, May 15, 2008

Three-Layer Encryption Method Awarded Patent

Eruces Data Security has secured a patent for its three-step encryption and key management scheme, which is designed to lock down data through its lifecycle.  The security firm’s so-called Tricryption technology first encrypts the data itself with symmetric keys, and then encrypts the keys and stores them in a central key repository.

“It stores the keys separately from the data items and encrypts the links between them,” says Oggy Vasic, senior vice president of software development for Eruces.  The authentication and authorization part of the key process is aimed at protecting data from outside attacks as well as for preventing insider attacks, such as a malicious employee snooping into the database or siphoning information off of a storage device, he says.

Jon Oltsik, senior analyst for information security at the Enterprise Strategy Group, says the Tricryption technology approach could provide a more cohesive way to manage encrypted data replication.  “The value I see is the potential for a single encryption service for multiple applications like encrypting storage, file systems, databases, and applications,” Oltsik says.

Technology alone won’t win this battle, it will take security standards, partnerships, and enterprise sales, and marketing,” he says.

Encryption expert Nate Lawson, principal with Root Labs, says Eruces’s approach in part is based on its central key server handling all keys.  “They’re saying [they] only hand out a few keys at a time, so therefore it’s hard to get access to [their] keys,” he says.

Eruces, meanwhile, plans to expand its OEM strategy—Crossroads Systems, for example, OEMs Tricryption for its TapeSentry and SecureVTS storage products.

Posted on 05/15