I just don't get this one
Here’s another case where I just don’t get what the excitement is all about. In this case, it’s around the announcement of a new technology that identifies sensitive information on its way to a monitor and substitutes some sort of inoffensive pattern in place of the sensitive data. This technology is called Masking Gateway for Enterprises, or MAGEN.
I’m sure that this new technology is very impressive, but I’m also fairly sure that there’s going to be a better way to spend your security budget, like on encryption technology that protects the data both on its way to the monitor and after its displayed. You can even do this while keeping your encrypted data the same format at the unencrypted data, so integrating the encryption into existing applications really isn't that hard. You can encrypt a credit card number using format-preserving encryption, for example, and the encrypted credit card number will look just like an unencrypted one.
I haven’t heard of monitors being a big source of data leakage. What problem is this technology really trying to address?
The two word answer is "legacy applications".
Format-preserving encryption may be good for new apps, but may cost quite a lot to retro-fit to existing apps. And some apps might need partial visibility of the data. I suppose you could create a FPE that also allowed the last four digits of a credit card number to be unencrypted, so a customer service person could check the right one was used. A bit harder to use any form of FPE on people's names.
Were you also thinking of Oculis http://oculislabs.com/ as a neat way of stopping shoulder surfing? And potentially cheaper than privacy filters.
Posted by: Andrew Yeomans | Friday, 07 August 2009 at 06:53 AM