Many businesses today depend upon encryption standards that date back to the late 1990s. These standards are now considered insufficient for protecting sensitive, confidential or private data, according to the National Institute of Standards and Technology. Over the last many months, we have seen security researchers publish information disclosing various weaknesses in these standards.
The purpose of this research paper, which focuses on encryption standards related to data in transit, is twofold. First, it provides high-level information needed to help make sense of the issues created by the use of old encryption standards. Second, it provides recommendations for building a strategy for adopting stronger encryption standards, which will help reduce a company’s security risk and the effort spent patching its systems.