Encryption has gotten a bum rap for years in the industry. It is too hard. It is too slow. I will lose all my data. I have nothing to hide. I can’t see what my employees are doing. Bunk.

It is time to start encrypting; and not just encrypting in the business world, but it is time to encrypt your home machine too. Sure encryption can cause issues, but as anyone familiar with computers can attest, turning on a computer can cause issues. Planning is the key to minimizing the impact of introducing encryption into your corporate network.

A very brief tutorial: While this is not the only way to introduce encryption, it is a primer. Encryption is the mixing of data with a secret key so that it is unreadable without the key. There are actually 2 keys usually associated with encryption, a public key, and a private key. To keep it simple, let’s just accept as fact that the public key is used to encrypt data and the private key is used to decrypt data.

Key management is probably the biggest issue that needs to be addressed prior to pushing out encryption. You need to have the right pieces in place to ensure that people get the right keys issued to them, administrators can decrypt data if the user key is unavailable, and that you are not giving keys out to the wrong people. For the corporate user, keys are usually managed through certificate services. In the Microsoft world, their certificate services ties nicely into Active Directory making all the key management decisions fairly easy. Of course, there are other offerings out there for key management, both commercial and open source.

Fast forward to a point where you have key management under wraps and everyone has a set of keys. What can you use them for?
• Full disk encryption. Encrypt everything on your workstation
• Partial disk encryption. Just encrypt your data on your workstation
• Secure email. Encrypt your email prior to sending it on the wire
• Digital signature. Sign your electronic documents to prove to the recipient that you sent it and it hasn’t changed in transit.
• Encrypt the data between your machine and the rest of the machines on the network

What does all this get the company? Data theft is reduced. With full disk, or partial disk encryption if a laptop/workstation is lost or stolen, the data on that drive is inaccessible and secured. Your network is no longer susceptible to sniffers or people eavesdropping on your network connection. Your email cannot be read by anyone except the intended recipient.

What about your home machine? Same benefits apply and hopefully key management will be much easier with only one computer to worry about. But why go through the hassle at home? There is probably information on your home machine that you would not want exposed to a broad audience of people. Some of which could include: Tax returns, bank statements, address list of your family including birth dates, family photos and wills. While none of these items may seem damaging of they were exposed, they are still personal items that most people would not like to see others reading.

Now is the time. Look into encryption. Set it up. Secure your keys. Most people will now forget that they are even encrypting because most of it takes place behind the scenes. Sleep better at night.