by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 30, 2016
in the recent incidents would not have been feasible, as many of OPM’s sys- tems would not have worked if they were encrypted.” The National Institute of Standards and Technology offers general guide- lines for creating a data encryption architecture. “That is a requirement for many, many government organiza- tions,” said Steve Pate, chief architect at security firm HyTrust. “It makes sure that nobody is using an algorithm that’s easily breakable.” In general, though, each government agency has some leeway about how it implements encryption to address its own data security risks, said Scott Gordon, FinalCode’s chief operating officer. “Certain agencies, such as defense and intelligence, require stron- ger encryption, like the use of Suite B algorithms, and they are exploring the use of quantum-safe crypto technolo- gies,” he added. Other data challenges Data in motion, data at rest and data in use each require a different approach to encryption. Agencies should begin by identifying where their sensitive data is located and prioritize based on highest risk because encrypting everything everywhere is usually not financially practical. Data in motion is often the easiest to get a handle on, and most agencies are already encrypting it, Irvine said. However, they should check their web- sites and File Transfer Protocol sites — particularly those that have been around for a while — to make sure that communications are encrypted. Cates said email systems and cloud storage providers might also lack encryption. Data at rest requires full-disk encryp- tion on mobile devices and file-based encryption on servers. The latest hard- ware makes such encryption faster and easier, but legacy systems are the single biggest obstacle. Encrypting data in use remains a challenge, however. “Data in use can- not be easily encrypted,” Irvine said. “If I send a virus to your PC that gives me control of your PC, I can get access to everything. Right now, there’s no answer to that.” There are also emerging technologies to keep an eye on, said Ted Hengst, prin- cipal at PTH Ventures and a 25-year vet- eran of the U.S. Army, where he served as CIO at the U.S. Special Operations Command at MacDill Air Force Base. Wearable devices and the Internet of Things will present new encryption challenges. “It all needs to be encrypt- ed,” he said. “Otherwise, it provides a backdoor into the network.” On a positive note, however, he said government agencies are beginning to take encryption seriously. “Five or 10 years ago, encryption, networks and cybersecurity were the domains of the CIO, and they were the only ones who cared about it,” Hengst said. “It was a fight every year to protect the networks. It’s now an executive issue. It’s first and foremost on senior government [leaders’ minds] how to protect not only the agency but the people who use that agency.” n An expanded version of this article appears in the May issue of FCW’s sister publication GCN, which focus- es on technology, tools and tactics for public-sector IT. 32 May 30, 2016 FCW.COM ExecTe c h The state of data encryption SOLUTIONS STATUS MISSING PIECES Data in motion Secure Sockets Layer, Should be in place Some legacy websites, HTTPS, virtual private everywhere policy enforcement, user networks training for VPNs Data stored on user devices Full-disk encryption, password Should be in place Policy enforcement, locks, two-factor authentication everywhere user training Data stored on servers File-based encryption, Partially complete Legacy systems, large tokenization, format-preserving databases, key encryption management Data in use Tokenization, format-preserving Mostly incomplete Legacy systems, legacy encryption, decrypting data in applications, lack of least usable units technology 0530fcw_031-032.indd 32 5/3/16 2:06 PM
May 15, 2016
June 15, 2016