Share

Related Links

  • Kaspersky Lab
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • HMRC choses CPA-accredited encryption
    HM Revenue and Customs (HMRC) chooses CPA over CAPS for its encryption – both CESG-administered security accreditation schemes – and saves the British tax-payer £2.4 million.
  • ICO and Ofsted agree encryption needed in schools
    As the new academic year begins, two UK regulatory bodies have issued new guidelines that raise the bar for school security: the ICO advises on data protection while Ofsted indicates it will include schools’ e-safety in future inspections.
  • Quantum Key Distribution takes to the air
    An aircraft in flight has successfully transmitted quantum encryption keys to a ground station, bringing closer the time when satellites can be used to provide a theoretically (allegedly) secure communications network.
  • Comment: How Decentralized Encryption Can Impair Security
    To protect digital assets and meet regulatory requirements, many organizations secure sensitive data with point encryption solutions. Vormetric’s Ashvin Kamaraju explains the risks and challenges associated with decentralized encryption key management, and the role of interoperability standards in establishing a centralized key management infrastructure
  • RIM denies handing over BlackBerry encryption keys to Indian government
    Research-in-Motion (RIM) is denying Indian media reports that it handed over encryption keys to the Indian government, enabling access to its BlackBerry secure corporate email and messaging services.

Top 5 Stories

News

Mixed bag of attitudes and success with encryption

13 December 2012

Almost half of businesses worldwide have started using encryption technology to protect critical data, and encryption is now the fifth most used protection technique claims a new report.

According to research from B2B International on behalf of Kaspersky Lab, this shows a sharp rise in the use of encryption technology from a similar survey last year, “where it barely crept into the top ten.”

This increasing use of encryption has most likely been spurred by the rise in major data breaches over the last few years, coupled with strengthening data protection laws and regulations. “In effect,” says Kaspersky, “encryption is the final defensive barrier: even after a criminal has successfully forced his way into the company’s IT infrastructure – this last hurdle makes it extremely difficult to get access to important information.”

But the report also makes clear that there is still a long way to go. “Only one-third of specialists (36%) use full disk encryption (also known as encryption of information arrays) and less than half of those specialists (44%) actually protect critical information. Data encryption on external devices, e.g. USB drives, is used by 32%.”

Sadly, the report makes no mention of two of today’s hottest issues: protection of user passwords by encryption-related hashing technology; and whether and how to encrypt data in the cloud. The first is particularly difficult, with hacktivists and hackers still dumping passwords that have been stored in plaintext, or protected only with weak hash algorithms.

The cloud and encryption is a separate conundrum. The European Commission, for example, is urging business and governments to make greater use of cloud computing. But data protection officials are urging caution – effectively suggesting that encryption would be an important part of using the cloud while remaining compliant. The difficulty is how can you store data in the cloud, encrypt it, and ensure that the encrypted data remains usable?

One problem is the keys. Porticor highlighted the issue in a blog posting yesterday on cloud encryption and PCI. “For example,” it wrote, “an enterprise can easily encrypt a virtual cloud disk, but who’s managing the encryption keys? If the encryption keys are managed by the cloud provider or the security vendor, the enterprise will not achieve compliance (and more importantly – true security).”

Two approaches are typified by SealPath and CipherCloud, both of which will encrypt data in the cloud. The former’s approach is to encrypt the data and manage the keys on its own servers. This makes key management painless to the user, but according to Porticor, is non-compliant with PCI. CipherCloud’s approach is to both encrypt and manage keys locally with the user. This would be compliant and more secure for cloud storage, but throws greater responsibility on the customer – who must both protect those keys and yet still make them available to authorized users.

What the Kaspersky Lab survey shows, both in what it says and what it leaves unsaid, is that interest in encryption is growing; but still has a long way to go.

This article is featured in:
Cloud Computing  •  Encryption  •  Industry News

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×