On a daily basis your information, sometimes sensitive information, is being disclosed to persons whom you do not wish. This is normally completely unintentional.

Consider now what is happening throughout your enterprise. Employees are exchanging PC held data by a variety of means are used, including:

• placing data on shared LAN servers for the other party to access
• copying data to floppy and sending it or handing it to the other person
• transmitting data across a network

These are all common 'business as usual' or 'how we work' scenarios. In all these cases and more, however, the data is in clear, ready to be read when intercepted (by accident or design) by a third party.

Often, the third party will stumble across the data unintentionally. Usually, this will not matter, but sometimes it might!

In most cases, the impact of unwanted disclosure upon your enterprise will be negligible.... but again, NOT ALWAYS. The risk of serious disclosure (an individual serious event or multiple less serious events) is always there.

What Data?

Consider all the types of data that you own: personnel information, financial details, customer details, future plans... the list is endless.

You DO have data therefore which is important and which you definitely do not wish to be disclosed to other parties (either internal or external).

But how do you encourage Bill to ensure that the report/data he is sending to Bert is not susceptible to disclosure? How do you make this simple and part of 'business as usual' 'how we work'? The answer is a lot simpler than you may think!

DES Encryption!

Pre-requisite: Life has to be simple for Bill. If it is difficult or slow for him to secure the data he is about to pass on, he will not do it. And there are so many Bills and Berts and so much data that enforcing an approach in every case will present serious difficulties.

The only realistic route therefore is to enable Bill to click on the sensitive data entity/file (be it Excel, Word or whatever), input a password and auto-encrypt it. Simple... but it enables the data to be passed without fear of disclosure. On receiving it, Bert will click on the file or directory, input the password that Bill has given him (for instance by telephone) and decrypt it for use. Again simple, but secure.

Recommended Reading

• Intranet Security - essential!
• Cryptography & Network Security - excellent!
• Secure Electronic Commerce - popular
• Cryptography Decrypted!
• An Introduction to Cryptography
• Secure Information Networks
• RSA Security's Official Guide to Cryptography
• Progress in RSA Cryptology
• Evaluation of the Data Encryption Standard
• Number Theory and RSA Cryptography
• Cryptography : Theory and Practice