Executive Decision: What to Encrypt

Improper Encryption Use Slows Down Organizational Processes
SafeNet CEO Chris Fedde says top executives, not chief information or chief information security officers, should have final say on what data to encrypt."You get input from a compliance officer, from IT and CISO, but in my way of thinking, it's an executive decision on the breadth of security requirements of a company," Fedde, chief executive officer of SafeNet, a provider of encryption products and services, says in an interview with Information Security Media Group.

Not all information should be encrypted, Fedde says; indeed, encrypting the wrong data could hamper organizational performance. "If you encrypt things that don't need to be encrypted, you run into a lot of issues: It's harder to share information; it can slow down your processes," he says.

In an interview with GovInfoSecurity.com's Eric Chabrow, Fedde discusses:

  • How encryption has evolved and is being used differently today than a few years ago. Earlier, encryption mostly was used to protect data in transit; now, it's widely used to safeguard data at rest.
  • Why, despite the recent rash of publicity surrounding website hacks, many organizations don't know they've been breached. "People don't recognize the threat is real, and the target could very well be them," he says. "They don't have an appreciation for how imminent, how insidious. how right in their own back yard this problem could be."
  • How encryption can keep the most sensitive data securely stored on a public cloud, including classified military secret. Data, if encrypted, isn't vulnerable at rest, but only when someone does something with the information. "If you're gong to make a blanket statement about the government using clouds with classified information, the answer is no because you really don't want to run applications in the cloud," he says. "There are other layers and other complexities to protecting information when you're running applications, so doing those in the cloud, at least with technologies today, would not be appropriate for classified information."

Fedde became SafeNet president in 2006 and chief executive officer this past May. He rose through the ranks, serving as director of corporate product management and business development, general manger of the enterprise security division and chief operating officer. He holds a bachelor of science degree in electrical engineering from the University of Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.