Unfortunately, operating system and application vendors haven’t made it easy or seamless to create a comprehensive encryption strategy. Existing laws and guidelines often conflict with one another or fail to provide prescriptive guidance. Nonetheless, all companies in the business of storing sensitive data should implement encryption policies anchored to a comprehensive encryption strategy.
“In order for encryption to be used consistently, it has to be implemented by default and be as transparent as possible,” says Stephen Roll, product manager at Iron Mountain, a data protection company. “For example, when we back up data over the Internet, the encryption is done prior to the transmission. It’s protected while being transmitted and is already encrypted with 128-bit AES before it hits the storage media.”
No room for compromise
Any data that can be used to identify an individual, group, company, or entity should be protected against unauthorized access during creation, transmission, operations, and storage. Confidential information is especially at risk during transmission across untrusted networks, such as the Internet, and when stored on portable computing devices: laptops, data backups, USB flash memory drives, PDAs, and other small form-factor computer equipment.
A comprehensive encryption strategy must consider all the ways the data can be input and output, as well as how it’s stored. Hackers increasingly favor client-side attacks. They’ll get a trusted employee to unknowingly install a Trojan or key logger, which they then use to access the data. Certain malware can also gain access to data as it traverses the network. The data may be compromised while it is stored online or physically archived. An end-to-end strategy even must enforce protections for data sent to business partners and third parties.
Even a minimalist approach requires that the following areas be encrypted: wired and wireless network transmissions, hard drives, floppy disks, CD-ROMs, DVDs, backup media (tape, WORM drives, and so on), e-mail, IM, peer-to-peer technologies, PDAs, databases, USB keys, passwords, and active memory areas.
More Info you can read: http://www.idooencryption.com/