FIPS 140-2…just a buzzword?
I recently received an inquiry from a reporter that read like this:
“Are you comforted, or left cold when you hear a product has FIPS 140-2 validation that guarantees it’s implementing encryption modules correctly? Assuming secure data transmission or storage is important in the use case, is this buzzword bingo or a valuable asset?”
My reply to this inquiry was uncharacteristically short:
“Today, fully validated FIPS 140-2 cryptography modules come free or bundled with your OS, your Java runtime, several application packages and some hardware components. These implementations are typically available for your own applications through well-documented APIs.
“Not using FIPS 140-2 cryptography in the year 2010 is like opening a savings account at a bank without the FDIC’s $250K-per-account guarantee. You could do it, and it might work, but why take the risk when a safer option is available for no extra charge?”
And so it shall remain: Ipswitch File Transfer products use FIPS 140-2 cryptography to protect data-in-transit and data-at-rest, and will continue to do so until FIPS 140-3 becomes the new law of the land.
About jlampe:
Jonathan Lampe is VP, Product Management, of Ipswitch File Transfer. He developed the first editions of the MOVEit managed file transfer software and continues to guide the File Transfer division as it continues to pursue its mission of moving your most valuable data. He holds a computer science degree and an operations degree from Northern Illinois University, an MBA from the University of Wisconsin-Madison and two security certifications: ISC2's CISSP and SANS' System and Network Auditor.
You can leave a response, or trackback from your own site.
Leave a Reply
