Secure Encrypted Communications, Essay Example

Information security management has become extremely prevalent as more and more of individuals information and vital data is stored, transferred and used in information technology systems.  With the ease of access and use of personal information there is also a rise in the need for laws and regulations governing the use, access and security of that data.  Accompanied by the laws and regulations there are also specific techniques and best practices that can be implemented at each level of access to mitigate the risk of security breach and provide control over the integrity of the information.  Additional security through the use of Public Key Infrastructure (PKI) with focuses on both symmetric and asymmetric encryption focuses.  Each area of information security has specific focal points for ensuring data security and includes risk mitigation as a keystone to data integrity.

Despite the increase in network and data center security with the most up-to-date and technically advanced security modules, there is still the potential for a security breach posing a threat to the network.  Criminals and other people with malicious cyber intent are currently exploring and creating new ways to bypassing or superseding security software in order to gain access to classified material such as banking information, personal data, competitor’s intellectual property or other information that may provide a potential advantage or gain to the criminal.  The potential loss of data integrity or corruption to personal medical information is a direct violation of HIPAA and requires a significantly higher level of security and awareness to ensure protection.  Information security requires a high level of rigor regarding safeguarding the information, ensuring it is used appropriately and serves its intended purpose.  To ensure that these key areas are focused upon there are rules, policies, regulations and laws that support the environment to create an environment that can adequately safeguard the private information, but the rules and regulations to not prevent or necessarily deter threats.  Through the use of symmetrical and asymmetrical data encryption a concerted effort of data protection is possible.  Data is a powerful tool and protecting that information falls into the responsibility of many parties.  They need to protect their data from competitors, hackers, cyber criminals and many more. (Calder, 2008).  The focus is on the mitigation by prevention, detection, correction or acceptance of the physical and logical vulnerabilities associated with networks and data.

In order to fully grasp the potential of encryption of data and both it benefits and potential downfalls, it is important to know the types of encryptions. Within the realm of symmetrical encryption, there is a long and time-tested history of its use.  Symmetric encryption is a widely used data encryption technique.  In this version of data encryption, the data has a key applied to itself which only the sender and receiver would know. This would allow the sender to encrypt the message, in other words put it into a code, which only the recipient has the ability to decipher. This key allows easy communication between the sender and receiver if both have the key.  While this is an easy and valid way of encrypting data, there are potential hazards to exchanging data with a single key.  Information shared numerous times over a large network or even over the internet has increased exposure to risk and someone cracking the key and obtaining the information that is supposed to be encrypted. With symmetric encryption’s potential for risk exposure there was a need for another type of data encryption that could provide a different type of protection if the information warranted heavier security. Asymmetric encryption utilizes a two-key foundation.  The first key is a public key and as the name states, it is for the public to use.  This allows anyone to encrypt a message using that key and send the information to the recipient.  This is where the two-key system comes into play.  The second key is a private key. This key is held only by the recipient but is necessary to have in order to decrypt the initial public key message. The file that is encrypted by the public key is decrypted by using the private key only with a match from the public key. This keeps the private key away from the exposure to external threats but still allows for the heavier yet slower encryption of the message (Cappelli, 2012).

With the use of symmetric and asymmetric encryption, the keys are packaged with the message.  The process to package the message includes the use of digital certificates to label the package. This package is then labeled so that the recipient knows who send the message. These labels or identifications are the certificates.  Certifications are identification issued by a certification authority. These authorities act as the authentication verification validation.  The digital certification carries the public key to the recipient.  Since the digital certification is labeled with a label issued by an authority the recipient knows the key is valid and trustworthy. With digital certificates there is also another layer of encryption and security (Zimmie, 2004).  The digital certificate utilizes a private key in which the recipient must have the public key to authenticate. This allows for encrypted communication by providing a redundant level of authentication. The advantages of the digital certificates include security the data transfer.  Encrypting a message with a file which includes sensitive data allows the message to only go to the intended recipient to open. This protects the data and ensures it is authentic.  Digital certificates also allow for the transfer of financial data including individuals’ personal banking and financial information to go over networks and the internet in a protected format. This facilitates commerce, provides access remotely to financial data and allows increased flexibility for information exchange over long distances. This increased flexibility extends not only to data transfer through hardwired networks and internet connections but also extends to wireless communication. This extends the utilization of information to even greater distances and functions by utilizing cell phones, tablets and laptops anywhere service extends. With all advantages there are inherent disadvantages. With the increased encryptions security there is a literal price that must be paid.  In order to utilize the digital certificates organizations must purchase the capability.  This is normally an increased monthly expense the business must incur as part of their business operations.  Digital certificates are necessary in most instances to encrypt data so their cost becomes a mandatory overhead of doing business.  While the inherent nature of digital certificates is secure, the external variables cause the digital certificates to lose some of their capability to protect.  These include human intervention and lack of security could compromise the digital certificate.  It is also important to know that the systems software, infrastructure, security tools, policies, procedures and maintenance all play into which digital certificates are usable.  This could cause issues between systems and information exchange if the digital certificates are not in sync among sender and receiver.

Through the use of public and private keys using PKI there is a critical functionality to manage those keys.  If the private key is ever obtained the security of the entire encryption is compromised and all of the information could be destroyed, copied, or changed. There could be hundreds of thousands of keys a key manager may have responsibility of and it would only take one to lose key information. Taking care of multiple keys becomes tedious task which becomes a challenge. The challenge also extends to the data’s availability and application. The more secure the data the more effort it takes to retrieve or send that data. A user may have less access to key information based on the security encryption of the system.  The usability may decline and the application of data for use may be degraded.

Data encryption provides a way to secure information over various networks and the internet.  This increased capability to exchange information has made great impacts on global information exchange but with the increased capability there are also increased challenges.  Both symmetrical and asymmetrical encryptions have their place in the world of information security but they also have their vulnerabilities.  Even with the increased protection of digital certificates the threats to information is present.  Increased capability comes with increased responsibility in information security.

References

Calder, A., 2008. ISO27001/ISO27002: A pocket guide IT Governance Publishing.

Cappelli, P. (2012). How to get a job? beat the machines. Time: Business & Money. Retrieved: http://business.time.com/2012/06/11/how-to-get-a-job-beat-the-machines/

Zimmie, K., 2004. Secure and mature: combining CMMI SCAMPI with an ISO/IEC 21827(SSE-CMM) appraisal. Retrieved from http://www.sei.cmu.edu/library/assets/zimmie-secure.pdf