|
As businesses continue to rely more on digital communication channels, especially via the Internet, it becomes increasingly important to protect the privacy of communicators. Cryptography, used in securing data, is certainly not a new concept and neither is its application in digital communication. What is a recent phenomenon, however, is the sophisticated requirement criteria imposed on messaging security solutions. This white paper reviews the five most common current approaches to messaging security. While the five approaches discussed here are not the comprehensive list of available solutions, they are the basis for most variations of messaging security solutions available today.
Throughout this document, the term "sender" specifies the entity that initiates the transmission of secure data and it refers to a human user, an application, or both. Similarly, the term "recipient" specifies the entity that is on the other end of the transmission of secure data and it also refers to a human user, an application, or both.
CRITERIA
The main purpose of messaging security is privacy of data. Achieving this objective on a practical enterprise scale requires strong security, ease-of-use, and wide reach. The following is a list of seven criteria that are essential to realize these three requirements.
Data Encryption
Encryption of data provides protection from unwanted third-party access to the data. This is achieved through proper implementation of an encryption algorithm, such as AES, with strong authentication and access control.
Sender Control
Enterprises are sending internal data to external destinations. The data is owned by the sending organizations. As the owners of the data, the sending organizations reserve the right to determine who, when, and what can be accessed. In addition, the sending organizations must be able to audit the successful delivery and authorized access of the data. Many regulations require that an organization have a record of access to its confidential data.
Ease-of-Use
Ease-of-use up to this point has been the biggest obstacle to successful messaging security system deployment. A successful solution must be easy to use by all affected parties: easy to use by end users, easy to maintain by IT administrators, and easy to implement and deploy by IT developers and system integrators.
Efficiency
A successful messaging security solution must be efficient enough to scale as the needs for the usage grows. This means two things: predictable scalability and economy of scale. The usage statistic must be an accurate proxy to reliably predict the required system sizing. As the number of users grows, the average cost per user should decrease to achieve economy of scale.
Extensibility
A successful messaging security solution must be able to extend the security resource to multiple applications. Confidential data reside and travel through many different applications, including email, instant messaging, and file transfers. The organization must be able to leverage its investment in the messaging security solution for usage for multiple applications.
Expandability
Much of business communication of sensitive data takes place between an organization and its partners, vendors, and key customers. Because daily business requires dynamic changes in business relationships and each organization has its own information security policies, secure communication channels must be easily expandable to other organizations and also be easily modifiable to accommodate changes. This ability to let different authentication systems work together is known as Federated Authentication. A successful messaging security solution must offer this expandability.
PASSWORD-BASED APPROACH
Password-based approach relies on a shared password between the sender and recipient. In a typical exchange, the sender secures the intended data with a password. The sender then sends the secured data to the recipient. Through a separate means, or "out-of-band" channel, the sender separately sends and shares the password with the recipient. The recipient uses the shared password to open the secured data.
Advantages
Password-based solutions are relatively easy to use in that familiarity of passwords helps appease potential apprehension from end users in using encryption. Password-based solutions are also very simple to develop.
Limitations
For a messaging security solution, its absolute strength of security is measured by its weakest part of the solution. For password-based solutions, the shared password is the weakest link and this makes password-based solutions the least secure approach among the five approaches..
|
