... but keeping track of the decryption keys is much trickier. Yet you'll need to do just that in the coming years if Barbara Nelson is right. "The challenge of the next decade is managing the security of data at rest," suggests the CEO of NeoScale Systems Inc. in Milpitas, Calif. Information resting on tapes, CD-ROMs and other backup media is a snap to scramble so bad guys can't read it. More of you are encrypting stored data to comply with regulations such as California SB 1386, which is designed to protect consumers' personal information. But how do you know whether you'll be able to read the data when you need it later? In some cases, that may be decades into the future, such as with patient information you need to protect. Dore Rosenblum, vice president of marketing, claims that NeoScale's Crypto-Stor Key Vault appliance can, among other tricks, create encryption keys, distribute them off-site for business continuity, archive them safely for years, share them with trusted sources and delete them when necessary. Rosenblum says NeoScale has an open application programming interface so it can connect to any data-storage device and follows industry standards for encryption. The Key Vault will be available next quarter, he says, starting around US$25,000. It could be a key to protecting your data.

Protect your end users ...

... from themselves for free. In 2005, Gartner Inc. estimated that 2.4 million Americans fell prey to phishing attacks. A few of them may work at your company. Alex Hernandez, director of advanced product development at CipherTrust Inc. in Alpharetta, Ga., says his company this week is releasing a free tool-bar plug-in for Microsoft Outlook and Lotus Notes users that puts a red warning icon on messages from suspicious locations. Unknown sites will be flagged as yellow, and safe messages will be given a green light. The TrustedSource Toolbar queries CipherTrust's online database of Web sites that are known to be sources of spam, phishing attacks or other malware operations. Hernandez says a plug-in for Web mail clients will be ready "in a few months." Can't beat the price.

Open-source code is good ...

... but not perfect. Coverity Inc. in San Francisco released its first analysis of the source code for 31 open-source projects -- everything from popular software such as Linux, Apache and MySQL to lesser-known tools like Amanda for backup and the audio player XMMS. Ben Chelf, Coverity's chief technology officer, explains that the company's Prevent analysis product explores "all possible paths through the code" to look for defects. He says the flaws per 1,000 lines of code varied from .055 to 1.23. He concludes that the research is "good evidence that open-source software is generally of high quality." In an upcoming analysis of Linux, Coverity intends to analyze various releases of the operating system down to the individual driver level. Coverity has been chosen by the U.S. Department of Homeland Security to study open-source tools for potential security holes.