The University's Role in Advancing Data Encryption, Part 1
Oct 27, 2007 1:30 AM PT
Technological advances are making adoption of network and data encryption more practical than ever, spurring its use in enterprises. Sixty-six percent of respondents to a Ponemon Institute survey said they were hatching strategic plans to meet their organizations' encryption needs, and 16 percent of them already had enterprise-wide encryption strategies in place.
University and college IT environments share many similarities with those of enterprise-size organizations. College campuses can effectively serve as proving grounds for new encryption technology given the mobile, itinerant nature of their user base, influxes of visiting users, their tight IT budgets and the fact that they have been relatively early adopters of large-scale wireless networks.
Like many large organizations, campuses are targets for all types of unauthorized network incursions, equipment and data theft. Nearly 30 percent of all reported security breaches in 2006 involved educational institutions, according to the Identity Theft Resource Center.
A growing number of higher education institutions are making use of data and network encryption, as well as conducting research and offering courses in encryption technology.
Breakthroughs in Policy and Key Management
"When you couple the amount of sensitive information flowing through a university network on desktops, laptops, USB drives and other mobile devices, with the high volume of foot traffic coming in and out of administrative offices, the risk of losing sensitive information or having it stolen is quite high," Ram Krishnan, senior vice president of products and marketing for GuardianEdge, told TechNewsWorld.
"Many universities have applied encryption technologies to protect themselves and render sensitive financial, student and legal data unreadable in the event of a breach," he added.
The development of scalable policy and key management solutions has been one of the biggest advances in network and data encryption, providing the impetus for more usage among a wide variety of organizations than before, explained Jim Doherty, CipherOptics' chief marketing officer.
"Acting as a 'Cipher Engine' new technology allows network-wide encryption to scale up to enterprise-class networks. Prior to this breakthrough, network-wide encryption was nearly impossible to manage on large networks because the number of encryption policies and Security Associations (SAs) required grew exponentially with every site added to the network," he told TechNewsWorld.
"Previously, every pair of endpoints had to negotiate its own set of keys. This breakthrough allows encryption keys to be created, distributed and managed from a central location, allowing all end points to use the same key, rather than having to negotiate a unique key for every pair."
This system also enables key features of modern networks that allow dynamic routing schemes and "any-to-any" connectivity to be preserved, Doherty added.
"With traditional link encryption, a static 'tunnel' was created in the network -- another by product of the key negotiation -- which de-optimized network performance. Because of this, companies had to choose between security and performance. With recent breakthroughs in policy and key management companies no longer have to make that choice," he noted.
Encryption in Academia
"Much like Moore's Law, PGP has seen huge advances in encryption technologies over the years -- specifically the ability for encryption to work faster and easier in a network while still being transparent to the end user. We have also seen huge advancements in compression times and cycle speeds. Organizations can now save on network and storage bandwidth," added PGP President and CEO Phillip Dunkelberger.
Excellent encryption research is being carried out at universities such as Indiana University, Massachusetts Institute of Technology (MIT), Stanford University, University of California at Davis and the University of Maryland, Dunkelberger noted, as well as outside the U.S. at Bristol University, Cambridge University, Katholieke Universiteit Leuven, the Weizmann Institute of Science, the Swiss Federal Institutes at Zurich and others.
Generally speaking, universities' use of encryption, research programs and curriculum development are only at a nascent stage, and these issues need to delved into more deeply, he continued.
"PGP saw a crying need for people to be focused on this in the academic arena -- where the most innovative minds can focus on the growing problem of protecting data," said Dunkelberger.
Finding the funds to make use of encryption, undertake research and develop encryption courses and curricula has been a major stumbling block for colleges and universities, however. PGP's roots grew out of an academic institution, and the company understands the importance of collaborating with leading colleges in researching innovations in encryption, Dunkelberger elaborated. Those roots stretch back to the original Pretty Good Privacy encryption software introduced in 1991 by Alan Zimmerman and drawing on research work done at MIT.
"Many universities and other academic institutions lack the available funds to protect their data through encryption," Dunkelberger said. "As we have seen over the past few years, many educational institutions have been plagued by data breaches through lost or stolen laptops, internal mishandling of the data, and other costly mishaps. Not having the adequate means to protect the data of students, faculty and alumni through encryption and key management will lead to a decline in information sharing and ultimately, Internet commerce."
Industry-Academia Programs and Research Cooperatives
PGP, for its part, is working with leading universities on encryption research in product design.
"PGP is granting several leading universities the funds to deploy data protection solutions. PGP is dedicated to making encryption solutions better, faster and more accessible to this community who lacks the money, communications and tools to address this need."
The company in July announced the first partnership of its kind with Oxford University, one that includes creation of the PGP Scholarship at the Oxford Internet Institute. Access to PGP's encryption software for curriculum development and internship support is included in the package. PGP executives, technologists and advisory members will also participate in Oxford policy forums.
"The company's generous donation will enable a high-caliber student to pursue his or her goals in our doctoral program. Support from industry leaders such as PGP Corporation has been invaluable in keeping OII (Oxford Internet Institute) at the forefront of Internet-related research," said William H. Dutton, director of the OII and professor of Internet studies at Balliol College at Oxford University.