Data Protection is Paramount for Survival
- Details
- Hits: 43404
Data Protection
Thesis Statement
“With competitors on one’s heels, data protection is paramount for survival. You wouldn’t want your competitors getting your top secret information.”
Introduction
The security of information is vital to any organization and even individuals. One can breathe freely knowing that no one will interfere with their data and even use it against them. There is nothing as discomforting as the thought that someone can access your data and use it to gain advantage over you, or even worse, use it against you. Therefore, I intend to provide a solution to ABC institute of Research in order that their data remains secure and inaccessible to their rivals. The solution I give must take into account the extent to which the information ABC is dealing with is classified. In this regard, I will look into various ways of data protection in order to provide the best solution available.
Symmetric or asymmetric
The problem of ABC is whether to use symmetric or asymmetric keys in securing information. The choice must be the one that best keeps the institute’s information secure with the very least risks involved. The process of keeping data secure is called cryptography (Benz, 2001). This is done through encryption so that data is not meaningful unless it is decrypted. This means that the data cannot be meaningful in its encrypted form. Two methods of encryption are available, that is, symmetric and asymmetric.
In symmetric encryption, the encryption and decryption keys are of the same value (Benz, 2001). This encryption is also known as shared secret cryptography or shared key cryptography because it uses a single key that is shared among the people who should access the information (ibid). Czagan (2013) says confidentiality is achieved in this encryption by the fact that the key is unknown to no one else except those whom it has been shared.
Symmetric encryption has its pros and cons. The advantage with this type of encryption is that it provides authentication as along as the key stays secret, it allows very quick encryption of data and allows encryption and decryption with the same key (Benz, 2001). However, the drawback with this encryption is that if the key is revealed, the interceptors can immediately decrypt anything that was encrypted using the key. In addition, an imposter can use an intercepted key to produce bogus messages by impersonating the legitimate sender (ibid). Benz therefore advises frequent changing of keys, which he views as not plausible especially with large groups. Another disadvantage is that distribution of keys can prove problematic if the keys change frequently. Benz suggests a face-to-face key exchange, which in my opinion is not possible especially if the information to be shared covers a wide geographical area, for instance the whole world.
On the other hand, the asymmetric encryption uses two keys for encryption and decryption. Czagan (2013) identifies them as the public and private key. The public key is available to everyone but the private key is only available to the owner (Czagan, 2013). A message encrypted with the public key can only be decrypted with the private key.
The asymmetric encryption has its own advantages and disadvantages as well. The benefits of using this encryption is that only the person’s public key is exchanged and each group do not separate keys and it solves the problem of distributing keys since the public key can be shared by anyone (Benz, 2001). The problem with this encryption is that only few public key algorithms are both secure and practical, some algorithms are only suitable for key distribution, it is slow, and only three algorithms work for both key distribution and encryption (ibid). Benz suggests the use of a hybrid of symmetric and asymmetric. This she identifies as Pretty Good Privacy (PGP). This encryption is recommended because it combines the convenience of public key with the speed of conventional encryption (Benz, 2001). This is one of the many advantages of PGP.
Conclusion
To conclude I would advise ABC to use the hybrid system (PGP). This is because it will be more convenient for the institute and provide data security required.