Charles Smith, Consultant for Critical Infrastructure & Security Practice, offers tips for transporting data securely.
Transporting Data Securely
In our January 2013 newsletter, Stephen Santee gave some excellent guidance in setting up a Mobile Media program. This was followed up in February 2013 with Carrie Straka providing statistics of the dangers of malware and mobile media. However, what is a way to securely transport data and protect it in case the medium of transport is compromised? The answer is encryption. There are many types and levels of encryption available. Once the type and level of encryption are selected, there are several ways to transport your data using encryption. They include but are not limited to:
Secured Tunnel
This method is used when you have a lot of data going back and forth over an unsecured network such as the internet. It creates a private "tunnel" of information between communicating parties. This is mainly used by people that work in a home office and have a need to connect back to a corporate network.
Example Technology: Virtual Private Networking (VPN)
Possible Drawbacks: (Depending on how it is implemented) Slows down overall communication; a limited number of connections can be made
Secured Email
This method is used when you need to send secure messages over an unsecured network. This allows the entire email, including attachments, to be protected. This is commonly used to share information securely between two companies that have a non-disclosure agreement in place or between executives within the same company.
Example Technology: PGP Email Plug-in for Microsoft Outlook
Possible Drawbacks: Both parties must be using the same software and method of encryption as solutions are not standardized well
Secured Files
This method is used when protected information is contained with files. These files, once protected, can be transported by any normal means.
Example Technologies: Microsoft Document Encryption, Adobe Document Encryption, Compressed Files Encryption (zip, rar, etc.)
Possible Drawbacks: (Depending on how it is implemented) Can be easy to break in and steal information; Parties communicating must share and keep up with encryption password
Secured Transfer
This method is used when you have bursts of data to transport over an unsecured network such as the internet. It creates a private "tunnel" of information between communicating parties. This is mainly used to upload and download files on an as-needed basis.
Example Technologies: Secure copy (SCP), FTP over SSL (FTPS), SSH file transfer protocol (SFTP), FTP over SSH
Possible Drawbacks: Both parties must be using the same software and method of encryption as solutions are not standardized well.
Secured Media
This method is used when you cannot transport data over a network and it must be physically transported. The media is protected so that if it is lost, no data can be recovered without the appropriate passcode or key.
Example Technologies: IronKey, McAfee Encrypted Drive, Encrypted USB Flash Key with PIN access
Possible Drawbacks: Most solutions require software to either be installed or temporarily executed to encrypt and decrypt data; this software may not work on all platforms (ex. Windows, Linux, Mac, etc.). Other solutions that have a physical keypad overcome this limitation but require the user to remember and transport a PIN safely.
The Invensys Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with the selection of appropriate encryption and transport method for all your Critical Infrastructure data needs.
No comments:
Post a Comment