Information Security Media Group: Executive Decision-What to Encrypt?

Wednesday, June 29, 2011

SafeNet CEO and UI engineering alumnus Chris Fedde (BS 1973 electrical engineering) says top executives, not chief information or chief information security officers, should have final say on what data to encrypt.

"You get input from a compliance officer, from IT and CISO, but in my way of thinking, it's an executive decision on the breadth of security requirements of a company." Fedde, chief executive officer of SafeNet, a provider of encryption products and services, says in an interview with Information Security Media Group.

Not all information should be encrypted, Fedde says; indeed, encrypting the wrong data could hamper organizational performance. "If you encrypt things that don't need to be encrypted, you run into a lot of issues: It's harder to share information; it can slow down your processes," he says.

In an interview with GovInfoSecurity.com's Eric Chabrow, Fedde discusses:

  • How encryption has evolved and is being used differently today than a few years ago. Earlier, encryption mostly was used to protect data in transit; now, it's widely used to safeguard data at rest.
  • Why, despite the recent rash of publicity surrounding website hacks, many organizations don't know they've been breached. "People don't recognize the threat is real, and the target could very well be them," he says. "They don't have an appreciation for how imminent, how insidious. how right in their own back yard this problem could be."
  • How encryption can keep the most sensitive data securely stored on a public cloud, including classified military secret. Data, if encrypted, isn't vulnerable at rest, but only when someone does something with the information. "If you're gong to make a blanket statement about the government using clouds with classified information, the answer is no because you really don't want to run applications in the cloud," he says. "There are other layers and other complexities to protecting information when you're running applications, so doing those in the cloud, at least with technologies today, would not be appropriate for classified information."

Fedde became SafeNet president in 2006 and chief executive officer this past May. He rose through the ranks, serving as director of corporate product management and business development, general manger of the enterprise security division and chief operating officer.

SafeNet is a global leader in information security, protecting data at rest, data in motion, data in use, software and license management with the broadest range of security solutions in the world. The Company protects critical business data, communications, financial transactions, and digital identities through a full spectrum of encryption technologies.