Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

ENISA Issues Guidelines on Cryptographic Solutions

ENISA Details Use of Cryptography For Securing Personal Data

The European Union Agency for Network and Information Security (ENISA) has released two reports that aim to inform and guide decision makers in the public and private sector on the use and implementation of cryptographic protocols for securing personal data.

ENISA Details Use of Cryptography For Securing Personal Data

The European Union Agency for Network and Information Security (ENISA) has released two reports that aim to inform and guide decision makers in the public and private sector on the use and implementation of cryptographic protocols for securing personal data.

As a result of the numerous data breaches that took place in the past period and the recent government spying revelations, the European Union is increasingly focusing on personal data protection.

Last year, ENISA, which is referenced as a consultative body in the European Commission’s data breach notification rules, released a cryptographic guidelines report on securing personal data online. The new reports made available last week, “Algorithms, key size and parameters” and “Study on cryptographic protocols” build upon the 2013 study.

Data EncryptionThe first report is a technical document designed to help those who design and implement cryptographic solutions for commercial organizations. Compared to the previous report on cryptographic protocols, this new study also includes information on side-channels, random number generation, and key life cycle management. The report analyzes cryptographic primitives and schemes and attempts to assess whether or not they are suitable for use today and in the future.

The second report is designed to help decision makers in governments and corporations when it comes to choosing the types of protocols they use for protecting personal data. According to ENISA, the main problem with many cryptographic protocols is that they were created many years ago.

“Thus cryptographic protocols suffer more from legacy issues than the underlying cryptographic components. The goal should be to work towards a better cryptographic protocol infrastructure which does not exhibit such problems,” the report reads.

Advertisement. Scroll to continue reading.

The list of recommendations for researchers and organizations includes the development of cryptographic and security protocols by cryptography experts rather than networking and protocols experts, and the creation of automated tools that can be used to verify the implementation of a protocol to ensure it meets security requirements. ENISA also advises against the “optimization” of well-known protocols for achieving specific application needs since even minor changes can have a negative impact on security.

“What is highlighted is the need for certification schemes in all phases of the technological life-cycle. ’Security by design or by default’ built in processes and products, are basic principles for trust,” said Udo Helmbrecht, ENISA’s executive director. “Standardising the process is an essential element in ensuring the correct application of the data protection reform in the service of EU’s citizens and its internal market. ENISA’s guidelines strive to provide the correct framework in securing online systems.”

 

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.