The increasingly heavy reliance on a highway as dangerous as the Internet can mean only one thing: The practice of encrypting everything is likely just over the horizon.
The Internet just in the past year has become a dangerous place indeed. This is ironic since during that same year, more people than ever are using the Internet for a growing list of purposes from personal dating to bill paying. Apart from hard statistics that document the increase in malware and phishing schemes, it seems every time I run a virus check lately, I find something has latched onto my system. With identify theft and data loss/leakage on the rise and compliance regulations directing us to follow ever-better security practices, the days of allowing data to remain unencrypted may soon be coming to a close.
To get an idea of how lax our standard security practices are, all we have to do is go to Microsoft Password Checker and plug in a password or two to see how pathetically weak they are. I plugged my online banking password into the tool the other day, and it came back as only moderately secure. I tacked on a couple of dollar signs to the end of it, and it bumped it up to "strong," but it still wasn't "very strong." Did I have a nice long password with lowercase and uppercase letters, numbers, and characters? Well...not exactly. My passwords wouldn't last five minutes under a brute-force attack from a tool like Ophcrack (a fast password cracker that uses pre-populated rainbow tables to accelerate the process).
Let's face it, we all know we're living dangerously, but we don't want to bother to do what it takes to tighten things up. Why not? We're in a hurry, and it's far too inconvenient. Besides, who can remember those esoteric passwords? (I finally see a good reason to get a tattoo.) I truly believe that some IT people don't push for tighter security because they don't want to deal with users who forget or lose their passwords. Heaven forbid one should encrypt her C: drive and forget the pass phrase. Not having a backdoor could be career-limiting when that drive belongs to the CEO.
It seems inevitable to me, and probably to most readers, that the days of fooling around with security and assuming that, because we're part of a larger herd, we won't be targeted are very close to being over. We're dreaming if we think we don't have anything to steal. Today's air of casualness is like the $2 gallon of gas. It was only yesterday that it was here, and it was so easy and affordable. Today, however, is a new reality.
I know the practice of broad-based encryption is coming because the other day I got an encrypted press release. At first I didn't realize what it was. After I figured it out, I wondered, why would someone encrypt a press release? The whole idea is to make it easy for people to read the information and to broaden an audience by sending it to as many people as possible. It turned out that it was a mistake, and the sender hadn't meant to encrypt it after all. It happens that the company is starting to encrypt everything, and the person just forgot that it is counter-productive to encrypt a press release.
So there are a few things then that shouldn't be encrypted, and a press release definitely falls into that category...I guess. The thing about encryption, though, is that if you encrypt only your important documents, then an intruder knows exactly where to start looking when trying to crack your encryption. So you're far better off encrypting everything and leaving the sensitive information obscured in the blizzard.
Multiple operating systems and the whole interoperability landscape make encrypting drives, folders, files, networks, email, and instant messaging a daunting task. Requiring people to encrypt all their data and communications when the tools to do so are often awkward to use and difficult to master does not make for a popular IT department. Sometimes, however, you just have to do your job whether you win the Miss Popularity contest this month or not. Letting your CEO leave town with an unencrypted laptop while knowing he will be placing it onto the airport X-ray conveyor belt where it will be out of sight in a large crowd for several very long minutes is nothing less than a disaster waiting to happen. It also represents a point of failure for the entire team.
I think one way to start getting people used to the idea of encrypting data is to do it gradually (others, I'm sure, will say it's better to jump right in with an entire encrypted communication infrastructure such as what PGP Corporation offers). I'm certain that most people don't understand what encryption is and why they should bother with it. This attitude probably includes senior management. Having encryption available is one thing; using it is another. To get people started down the straight and narrow road, they have to first understand a fundamental principle of cryptography: the idea of "keys," same-key and public/private keys. Once they get that, it will all be downhill from there (so to speak).
One way to get users interested is to send them to Hushmail and have them open a free account. For no cost, they can practice sending each other encrypted emails and get used to entering pass phrases to open them. It's easy enough to be fun but challenging enough to get your attention (I actually locked myself out--as in permanently--of a test email that I sent myself after trying too many times to input an incorrect pass phrase).
Another free tool, which is quite fun yet very powerful, is TrueCrypt. It runs on Windows and Linux and creates a virtual hard drive while reading and writing encrypted files on the fly. Pretty fancy. Use it to encrypt your CEO's laptop or that USB drive you know he's going to lose the minute he gets off the plane in Miami.
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online