CrossNodes Briefing: Encryption Products - Page 2
Looking for a Corporate Answer
Even if normal transmissions do not warrant encryption, network managers need to worry about e-mail messages. These frequently carry sensitive corporate data and require protection. An emerging standard, S/MIME, uses a 40-bit symmetrical code for all messages. The message also carries a digital signature, and the receiving station must receive this signature before its decrypts the message. The system, which is being adopted by several e-mail providers, uses a 40-bit key.
International companies also must beware of national laws. Some large keys cannot be exported to foreign offices, so the network manager must implement the best possible encryption that falls within the legal guidelines.
Networks that do not require high throughput will find software-based encryption software adequately protects transmissions. Networks that require more throughput, however, will require a different approach. Vendors market individual cards that reside in each workstation as well as network appliances. Both devices can help alleviate the bottleneck that complex encryption can create.
Individual cards install in the workstation. These can help balance transmission loads across the network, but they still use server time. Appliances run alongside the server. Although they also require some server processing, they offload many of the encrypting and decrypting tasks.
Some products enhance the integrity of the encryption by changing keys at regular intervals during a transmission session. By substituting keys on an on-going basis, it makes it hard for anyone to intercept the number of packets needed to decipher an unknown key. This, combined with large keys, represents one of the more secure methods available.
Companies sending large amounts of data generally recognize the need for encryption, but the process can slow communications. Each packet must be encrypted and decrypted, and that takes processor cycles. As a result, companies need to assess their risk. If a company sends financial data or sensitive information, encryption becomes a requirement. However, a company that sends generic information may elect to forgo encryption.
Gerald Williams serves as director of quality assurance for dolphin inc., a software development company. williams has extensive background in technology and testing, previously serving as editorial director with national software testing labs (nstl), executive editor with datapro research, and managing editor of datapro's pc communications reference service.
Next week as a companion to this article, our CrossNodes Product Briefing will specify vendors who provide encrypttion solutions.