Locking up Linux: Creating a Cryptobook


Cryptographic storage solutions are an essential part of securing confidential information from exposure to the wrong individuals. Crypto systems are designed to safeguard intellectual property, trade secrets or personal information. They can take on many forms, offer varying levels of functionality, and contain any number of features to suit a variety of operating circumstances and environments.

The cryptographic methods, algorithms and implementations available today are more plentiful and better designed than their predecessors. Best of all, the number of workable open source solutions available in the market means that there is plenty of opportunity to provide the proverbial "ounce of protection" without having to spend much money at all.

In December 2005, the Ponemon Institute administered its National Encryption Survey to self-proclaimed information security and privacy specialists. Of the 6,298 respondents who participated in the survey, only four percent had enterprise-wide encryption in place. From that same survey, three top trends emerged that explain the apparently strong resistance to adopting formal encryption policies:

  • 69% cited cryptographic performance issues
  • 44% cited implementation complexity
  • 25% cited deployment cost as a problem

Organizations are beset on one side by numerous means of exposure and compromise, and on the other by federal prosecution for neglecting to safeguard sensitive or confidential information, as was the case with shoe discounter DSW Inc. The FTC leveled charges against DSW, claiming unnecessary risks to sensitive information, failure to employ adequate security measures to restrict access to such information, and insufficient means to curb network connectivity among in-store and corporate computers. In the DSW incident, 1.4 million credit and debit cards and 96,000 checking accounts were exposed to criminal access, with fraudulent activity reported on some of those accounts by the time a settlement was reached between the parties.

The hardware and software technology for drive encryption solutions is more accessible than ever. Increasingly cheap USB key fobs are used in lieu of smart card implementations (which are also a possibility, because so many laptops now feature smart card readers). Consumers are becoming increasingly aware of the threats posed to personal privacy, identity, and credit, which is undoubtedly reinforced by the wholesale theft of information from entities entrusted with such information.

Consumers also recognize that the need to secure sensitive identity information online is matched equally by the need to protect against offline attacks. After all, unwanted access to sensitive information doesn't always occur across the network. This issue is especially pertinent for an unprotected laptop that might be left in the hands of administrative staff for configuration changes, or in a technical service department for repairs.

Join our discussion on this topic