Encryption Key to Identity Management

Security is like a Ding-Dong

by / November 15, 2006
Every government agency has to deal with managing identity, and protecting sensitive data. From passwords to employee information to agency information, securing information should be a top priority.

According to John Bennett of Oracle, 84 percent of North American enterprises suffered a security breach in the past year, which is a 17 percent increase over three years. What can be done about keeping information secure?

The most important thing in identity management is planning security policies -- having a specific plan of access (who can access what, and when/ how). Without this, the agency is setting itself up for a security breach, and that can be both costly and embarrassing.

Bennett uses this simile to help explain security: think of identity management like a Ding-Dong. The high calorie (but admittedly tasty) treat is a creamy filling, covered in a chocolate cake, sealed in a foil wrapper. The foil is like the network perimeter security; chocolate is the majority of information, which is important to the agency but not of value to hackers and identity thieves; the creamy filling is the sensitive data most coveted by identity thieves.

To protect the sensitive "creamy filling" encryption is the key. If sensitive information is not encrypted, it can be visible to hackers using hex editors. Information such as SSNs, health history or credit card numbers could all be there for the taking. If, however, it is encrypted, such information is safe from would be identity thieves.

Gina M. Scott Writer