When it comes to data security, many pundits point to cryptography and encryption as cure-alls that can safeguard structured and unstructured data. 

Generally speaking, cryptography is a superset of encryption -- much in the way that Java is a superset of JDBC, notes StackExchange. Cryptography can ensure the confidentiality of data, protect data from unauthorized modification, and authenticate the source of the data, according to IEEE

But mastering cryptography isn't easy. Here are six common pitfalls and how to avoid them, the IEEE says:

1. Rolling your own cryptographic algorithms or implementations. "Designing a cryptographic algorithm (including protocols and modes) requires significant and rare mathematical skills and training, and even trained mathematicians sometimes produce algorithms that have subtle problems," the group notes. "Standard algorithms and libraries are preferable."

2. Misuse of libraries and algorithms. Sometimes, developers using standard libraries make incorrect assumptions about how to leverage the library routines, IEEE notes, while adding: "Understanding the nuances of algorithm and library usage is a core skill for applied cryptographers."

3. Poor key management. Watch out for key management systems that fail to allow for the revocation and/or rotation of keys, or systems that use cryptographic keys that are too short or predictable, IEEE says.

4. Randomness that is not random. "In addition to obtaining numbers with strong cryptographic randomness properties, care must be taken not to re-use the random numbers," the IEEE says.

5. Failure to centralize cryptography. Different teams within your organization could implement their own cryptographic routines. Instead,  "best practices indicate getting it "right" once and reusing the component elsewhere," the IEEE asserts.

6. Failure to allow for algorithm adaptation and evolution. Keep up with the latest industry trends, either by having an algorithm expert on-staff or by finding the right consulting expertise to keep your organization ahead of the threat landscape.

"Cryptography is so hard to get right that it always makes sense to work with an expert if you can," the IEEE concludes.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access