Wave Systems Corp. (fka WAVXQ)

[Vacationhouse]

OT:nCipher Predicts Cryptography Will Be the Foundation of Next Generation Security and Highlights the Top Ten Enablers for This Evolution
As the Traditional Perimeter is Re-Evaluated Data-Centric Protection and Mutual Strong Authentication of Users and Devices Takes Center Stage



This article is courtesy of
http://www.marketwatch.com/tools/quotes/newsarticle.asp?guid={D7E677BB-57D8-4F97-BDDC-3044B08E1E6F}&...


7/25/2005 8:00:02 AM



CAMBRIDGE, England, Jul 25, 2005 (BUSINESS WIRE) -- nCipher plc (UK:NCH), a leading provider of cryptographic IT security solutions, today announced its vision for the future of enterprise security. Specifically, nCipher expects a future in which cryptography plays a central role within mainstream enterprise security. This perspective envisions a widely distributed, yet closely unified, security infrastructure where the emphasis has shifted from the naive approach of simply securing the enterprise perimeter, to using cryptography for data-level protection that guards information assets wherever they are vulnerable and enforces robust access controls for users, devices and administrators.


Enterprise security currently finds itself at a crossroads, in part because regulatory compliance demands are changing the way organizations approach privacy and data protection, and also because the current security model is unable to cost-effectively adapt to today's 'on-demand' business environment. Until now, the usual approach was for organizations to set up a perimeter 'security wall' and regard everything on the inside as safe. Now the distinction between inside and outside is disappearing, driven by the practical needs of mobile data users and partners: the proportion of users connecting via open and unsafe networks is increasing, and the scale and scope of business-to-business communications is exploding.

History shows that the most successful approaches to security keep things simple. As software applications, computing devices and data networks all seek to bolster security within their sphere of influence, there is a significant risk that such a fragmented approach will cause costs to spiral out of control and expose security loopholes and weak points. It is essential to establish a more unified approach to protecting electronic assets, wherever they flow, whenever they are stored and however they are processed - in turn enforced by access controls that rely on strong authentication of users, provide auditable non-repudiation guarantees and are governed by properly separated policy controls.

Cryptography is already the de facto way of securing sensitive web traffic and it is now reaching across the entire enterprise as companies start to use industry-standard confidentiality protocols such as Secure Sockets Layer (SSL) internally, even between servers only a few feet apart, using mutual authentication at both ends of the connection before sharing information between them. To complement these efforts to protect data in motion internally, IT security professionals are also examining the protection of data at rest within the enterprise through encryption of databases, file systems and storage devices. Finally, applications are increasingly being enhanced to validate data integrity and improve auditability through the use of digital signatures.

The use of cryptography is becoming ubiquitous, made possible for the first time by some of the following 'top-ten enablers' for strong cryptographic security:

1. Inexpensive tokens for strong authentication - In the past, using anything stronger than passwords for authentication has been prohibitively expensive for anything other than 'premium' users. Market volumes and competitive pressures are now commoditizing authentication tokens and driving functionality up and prices down.

2. Ease of deployment for authentication tokens - Deploying hardware tokens inevitably involves the expense of supplying token readers and client software. The arrival of USB tokens and the inclusion of card readers in laptops and keyboards is minimizing and sometimes removing this cost completely.

3. Trusted computing and trustworthy devices - In order to share protected data, authenticating users is only half the problem: it is also important to know if their computing device can be trusted. Embedded security capabilities such as Trusted Platform Modules (TPM) provide a 'seat of trust' within an increasingly wide range of devices.

4. Security standards with teeth - Unified approaches are only possible through standards. Web services standards led the way by defining encryption and signing to boost security. The Trusted Computing Group (TCG) is revolutionizing PC platform security. The Payments Card Industry (PCI) standards define an approach to data privacy and then back it up with audits.

5. Public key enabled applications are already here - The so-called 'year of PKI' never came, and yet somehow functionality based on public key cryptographic techniques is everywhere. These capabilities to use digital certificates are now part of the IT fabric, supporting secure websites, email messaging, mutual authentication and document level protection.

6. Identity management isn't just about users - It used to be about reducing the cost of forgotten passwords, but now identity management systems are focused on provisioning devices, as well as users, across the enterprise leading to easier roaming and fine-grained access controls.

7. Plug and play data level protection - Adopting data encryption has often meant writing custom software applications and changing business processes. Today, off-the-shelf solutions exist to transparently encrypt valuable content within the database, filing system and storage fabric.

8. SSL everywhere - no longer limited to e-commerce connections, the SSL standard is a ubiquitous feature of enterprise applications and networking equipment enabling almost any connection to be protected, removing the need to run expensive private networks.

9. No more cryptographic bottlenecks - Concerns that the use of encryption means a severe hit in performance have largely disappeared. Moore's Law has solved the problem in many situations and high performance cryptographic accelerators can meet the needs of the most demanding applications.

10. Cryptographic management for scalability - Managing cryptography and keys requires specialist techniques to prevent security being compromised in the name of scalability. The challenge is to satisfy both goals through automation and architectural strength.

"Securing sensitive information is no longer a simple question of whether to grant a user access to the network, or deny it. Increasingly, CIOs want to define and enforce robust policies that govern not just what information an individual may access, but also other conditions such as when they may access it and from which machines," says Dr Nicko van Someren, Chief Technology Officer at nCipher. "As enterprises incorporate smart-cards, trusted platform modules and other hardware-based authentication and encryption technologies into their security infrastructure, they will need sophisticated management technologies from companies with deep experience in hardware-based cryptographic security."

nCipher is a leading provider of cryptographic IT security solutions and its own experience in working with some of the world's most security-aware organizations has led the company to the view that the widespread reliance on cryptographic security will create a serious key management challenge.

"It is clear that the traditional perimeter model of security is being reappraised. The future of enterprise security calls for strong authentication, device- and content-level security together to augment existing network level technologies. We are looking forward to helping our customers to securely and efficiently manage the infrastructure complexities which result," adds van Someren.

About nCipher

nCipher is a leading provider of cryptographic security, enabling our customers to meet the challenges of verifying identity, protecting data and complying with security regulations. nCipher's solutions provide a unified approach to cryptographic management providing strict access controls and high assurance trusted processing, overcoming traditional issues of scalability, performance and weak platform security. The world's leading organizations work with nCipher to protect security critical systems such as web site infrastructure, online banking and payment processing networks, PKI, web services, databases and digital rights management schemes.

nCipher is the winner of the Microsoft Security Solution of the Year award 2004. The company is listed on the London Stock Exchange (UK:NCH) and is a member of the FTSE TechMARK and FTSE4Good indices with offices in Cambridge, UK; Boston, Washington, Hamburg and Tokyo. For more information on nCipher, visit www.ncipher.com

SOURCE: nCipher plc