Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Inside the Firewall: Will Bigger Encryption Keys Keep Your BI Data Safe From Harm?Inside the Firewall: Will Bigger Encryption Keys Keep Your BI Data Safe From Harm?
With a solid firewall, you may think your sensitive data is safe, but have you prepared for an attack from within? "Significant numbers of attacks are now coming from inside the firewall," says Yankee Group analyst Jim Slaby.
4 Min Read
With a solid firewall, you may think your sensitive data is safe, but have you prepared for an attack from within? "Significant numbers of attacks are now coming from inside the firewall," says Yankee Group analyst Jim Slaby.
Some of the attacks are intentional, but many are not. "A user can inadvertently pick up spyware or a Trojan horse outside the security bubble while, say, working at home or at a Wi-Fi hot spot," says Slaby. "These can give outsiders a back door to security profiles and the location of sensitive data."
It takes sophisticated software at the network edge to detect these threats inside the firewall when the user reconnects at work. "Very few organizations have these edge systems in place," says Slaby. Cisco has Network Admission Control (NAC), "but it's big and complex and not all Cisco products support it yet." Microsoft's Network Access Protection (NAP) won't be ready until Longhorn, the next major Windows revision, is released — in a year or more.
To thwart internal attacks, consider encryption inside the firewall, which offers an additional, application-level layer of security. Most business intelligence vendors offer some encryption capabilities inside the firewall.
Business Objects recently announced new 128-bit encryption for user security profiles, data source locations for sensitive reports and reporting business context. BusinessObjects XI includes the RSA BSAFE, 128-bit asymmetric encryption product.
Rivals Cognos and Hyperion also include encryption for this class of information in their products, but only at the 56-bit level. Both say governmental restrictions on technology exports make automatic inclusion of 128-bit encryption impractical. Meanwhile, MicroStrategy says it has shipped 128-bit encryption with its BI products since 2000.
Business Objects counters that its longer bit length isn't used for document encryption or keycode generation and authentication, so legal restrictions aren't a concern.
All these vendors support 128-bit SSL encryption standards for communicating over the Web.
When it comes to encryption keys, does size matter? A longer key doesn't necessarily buy you more security if your encryption algorithms are weak. Microsoft learned this the hard way with NT 4.0, Slaby points out.
A sloppy security implementation can also trump the numbers. "Strong encryption can be like putting a bank vault door on a tent," says Trent Henry, analyst with the Burton Group. "Often attackers can ignore the cryptographics and find other points of entry."
— Mark Leon
ENCRYPTION PRIMER
KEY LENGTH | SUMMARY | |
|---|---|---|
DES | 56-bit | Once nearly uncrackable, now considered inadequate to defend against brute force attacks |
TRIPLE DES | Effectively 160-bit | Three times slower than DES but, properly implemented, is very secure |
RES ADVANCED | 128-bit | Considered virtually uncrackable at present |
[ KEY PERFORMANCE INDICATORS ]
About the Author
You May Also Like
More Insights
