Skip to main content

Deployment Plan for Cryptography - Redback Operations

Author: Ali Demirovski

Weeks 1-4: Initial Analysis and Training

For cryptography to be successfully deployed into the redback operations, the teams must analyse where there is a need for cryptography, and which areas would need it the most. In the opening weeks of the coming semesters, it would be vital for:

  • All teams to analyse their data collection and determine whether there is a need for any cryptography methods to be used within their teams. This can also be seen from the audits which were conducted on each of the projects which had analysed their data collection.
  • All teams to ensure that there is a company wide understanding of how important data protection is, so training on data protection/collection should be provided. As the audits have already been completed on the current teams, it would be a quick process for the company to analyse those existing audits and provide training to current team members on data protection to decide whether any data protection is needed.

Weeks 5-7: Software Selection and Testing

From the work conducted through weeks 1 through 4, there should be an understanding on if data protection is needed, and where it would be needed to be implemented. Going forward into the middle of the semester, now it would be important to:

  • Look through all the recommendations which were made in the implementation plan for cryptography and determine which encryption software would be appropriate for each given team. Each software can be tested to see which encryption software would be most beneficial for each team.
  • Determine whether the chosen encryption software follows all the encryption standard which are listed within the implementation plan to ensure it can be deployed into the company correctly. A list of the encryption software includes:
  • VeraCrypt
  • BitLocker
  • Nord Locker
  • AxCrypt More detail of each software can be found in the implementation plan for cryptography; however, even more research is needed for each team to make the appropriate decision as each software would cater differently to each of the different projects.

Weeks 8-11: Deployment and Training

After having analysed the different encryption software’s, this stage of the trimester would include deploying the chosen software into each teams’ systems of data they have collected. For this stage to be successful, it is important:

  • For all teams to ensure that the deployment has run smoothly, and that the important data that needs protection like private customer data is being encrypted correctly.
  • For teams to ensure that all members of each team are being trained on how the new software works and that they understand the importance of the software, and it should be treated with care.
  • For all members that once they are trained on the new software, they can use the new software and its tools so work within the team is able to continue alongside the new software. It would be useful for the teams to also implement classification levels to certain data that they have collected to ensure that not everyone is able to access any of their data. This is something that the teams will need to consider heading towards the end of the trimester, which data needs to be privatised/confidential, and which data can be left open to everyone.

Future Trimesters: Monitoring and Continuous Improvement

Going into the future trimesters, it would now be the time for the teams to analyse the success of the encryption software, are all essential data collections being protected, are all team members able to access the tools and manage the software with ease, is the software complying with the Australian encryption standards? The teams asking these questions will allow them to properly see how successful the deployment of cryptography went throughout the company. Additionally, it would be useful to:

  • Seek feedback from team members throughout the company to see how well the new software is being perceived and if they could recommend any changes. It would also be beneficial to conduct surveys and interviews throughout the company to seek additional feedback on the deployment, and if they would change anything about the software or the process.
  • Look back on the audits conducted by the GRC team and to see if any improvements have been made from those initial tests prior to the implementation of the encryption software. This would allow for the company to determine which areas they have improved on and where they would still need to spend time on improvement. As more data is collected by each team, the bigger encryption software the company is going to need. This is something that the company should analyse as more data is collected, as the company is only going to continue to grow, and more data is going to be continuously collected. The company could:
  • Conduct a full reanalysis of the encryption software which could result in more improvements being made and increasing the overall scale and security of the software.
  • Choose to go for another encryption software which could meet their needs better of having a lot more data protection throughout their company and dealing with data on a larger scale.

This deployment plan provides a structured approach to introducing cryptographic tools into Redback Operations, ensuring secure data handling and compliance with industry standards.