DSNews delivers stories, ideas, links, companies, people, events, and videos impacting the mortgage default servicing industry.
Issue link: http://digital.dsnews.com/i/894814
70 I N D U S T R Y I N S I G H T / D A R R E N K R U K Long before Darwin's theories and his book Origin of the Species was released, humans realized that the key to survival was adaptation. When the environment changed, those who were able to change along with it survived, those who were not perished. In today's age of electronic communication, virtual meetings, cyber wallets, and cyber terrorism, the validity of the statement is acknowledged, and the realization that companies need to be more vigilant protecting their electronic environments. ose companies in high-profile industries such as finance, aerospace, military, and others–including housing and mortgage servicing—need to be more aggressive as the risks are generally higher when handling and storing confidential data. CRYPTOGRAPHY HAS A LIMITED LIFECYCLE Given the massive data breach Equifax experienced recently, implementing encryption algorithms—or the process of transforming plain text into encrypted text for the purpose of securing electronic data when it is transported over networks—based on the lowest strength encryption that has not yet been exploited may not be the wisest course of action. It does not make sense to base security protocols on the lowest level of Federal Information Processing Standards (FIPS). If companies are adopting new controls based on today's industry encryption standards, they should have a valid reason for doing so, and understand the implications of that decision. After all, the time involved in the decision-making process can be quite extensive. ere is research that takes place to evaluate the issue, requirements and design, RFPs, testing, implementation, and more. is can be a costly process and companies should not exhaust all the time and resources necessary only to adopt algorithms that are here for a short period. ey should be implementing protocols that will not be deprecated for at least the next eight to 10 years. is is one of the reasons why certifying authorities such as Verisign, awte, and others limit the number of years users may purchase a website certificate. Major institutions may only implement certificates whose expiration date is two years or less. When implementing encryption algorithms, companies should consider the effective lifetime of those controls, also taking into consideration the possible time it would take to exploit them. Current standards, such as FIPS, which were developed years ago, are meant as guidelines for security compliance. ose new to security may reference these standards as a rough posture assessment of their systems but Adapting to new information security threats is critical to survival.