OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Your Data and the P2P Peril - InformationWeek article

Probably, one of the scarier articles I have read.  Portends
more danger for the business environment as an entire generation
growing up using such software migrate into the corporate world
over the years.

While the solutions recommended in the article will help, they
address only part of the problem.  Even Full Disk Encryption (FDE)
is not a solution, as P2P networks operate only when a legitimate
user has booted up the machine (by which time the FDE software is
already decrypting everything for applications).

The only long-term solution with the smallest attack-surface is:
Policy + Enforcement + Education + Application-level encryption
requiring the authentication of users before decrypting content.

Arshad Noor
StrongAuth, Inc.

Link to the article:

Don't miss this side-bar that documents what the writer found
when trolling P2P networks:


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]