Follow the data

Michael Vergara, director of product management at RSA Security Inc., said he warns customers that it takes time and effort to secure information on an open network using cryptographic technologies.

The challenge for federal officials is understanding the data and how it flows through an agency. "I tell people: 'I can easily secure your data, but you have to tell me which data is valuable and which data is not,' " Vergara said. "That by far is the harder problem."

To help make that easier, security experts at the National Institute of Standards and Technology are revising a draft document that, when completed, will tell federal officials when they must use encryption to ensure data privacy and use digital signatures to guarantee data integrity.

"That's going to be a biggie," said Ed Roback, chief of NIST's Computer Security Division. But until that document, Special Publication 800-53, is completed and its recommendations become requirements, he said, federal officials are on their own in determining when they need to use cryptographic technologies.

One trend security experts expect to see grow is the use of cryptographic technologies inside agency firewalls, where, according to the experts, most federal information security breaches occur.