Encryption News

Encryption Must Advance

By 10th February 2016 No Comments

Technology is evolving at great speed, so much so, that it is often a struggle for many to stay abreast of the latest tech, newest trends and advances in solutions.  The evolution of technology is desirable and while all tech is continuously changing some changes are more necessary than others.  With the evolution of technology so have skills and abilities evolved to match, used both for the good and the bad.  Although vast changes have and are occurring within the technology realm it has been noted that some older solutions have resisted to adapt and have remained relatively unchanged, especially in areas where change is required-one of these areas is encryption.

What has changed?

We are more mobile

We are finding ourselves in an extremely mobile environment, moreover an environment where we are always connected in one way or another and most of the time connected in multiple ways simultaneously (sometimes without even knowing). Research suggests that by 2020 there will be at a minimum of 50 billion devices connected to the internet and for some time already there have been more devices connected to the internet than people. The volume of data being processed and communicated in this manner is huge.  The concern is that this data is mostly very important and sensitive, getting the security wrong is not an option. This mobile and connected way of functioning brings with it multiplicities of risk and security challenges.

The Internet of Things

The Internet of Things (IoT) a relatively new progression in technology, yet taking the globe by storm. This again creates a challenging environment to secure. The security risk is great and must be thwarted as the data communicated via these devices is crucial and often has life-changing potential.  The potential risk to personal safety, privacy and security through unauthorised access and exploitation of this data is a very real risk with very real and wide-spread consequences.

Business environments have changed

The ways in which we conduct business has evolved and the physical boundaries of the business environment have morphed to take on some part of our personal capacity.  Business no longer takes place within the physical realms of the office environment, it occurs anywhere and everywhere (traversing geographical boundaries) on desktop computers, laptops, mobile devices (both business owned and personal) and in the cloud.

Social media utilisation

We now use social media as a means to connect too, both in a personal as well as a business capacity.

The opportunity for attack has increased greatly, hacking is a profitable business

Evolution of technology is enabling innovation and business opportunities that were previously unfounded but this abundant change has impacted our privacy and security greatly.

The now mobile business environment, once undertaken within the confines of a physically secure environment, has opened multiple vectors of vulnerability and security risk.  Evolution has given attackers multiple points of entry and opportunities for attack that may not have been possible before, expanding the attack surface greatly.

Social media has made the work of the attacker that much easier, so much identifiable information is made publically available (through choice) and can be used maliciously.  Many breaches, through spear-phishing scams for example, are initiated in this manner.

As technologies have evolved so have solutions to offer further protection and security. On the other hand, people with malicious intent are also advancing newer and better ways to take advantage. Previously attacks were undertaken to show that it could be done, they were undertaken for the challenge. Now hacking is a profitable business and because the success rate of attack is high and profits extraordinary, attacks are more sophisticated and targeted and attackers are well funded and they are continuously enhancing their ways of attack.

Where is more change needed?

One aspect that has remained, relatively unchanged, is that email communications within business continues to be common practice.  Email is used to communicate all forms of information including sensitive information and documents.  The concern for data privacy and security as well as the increased risk of interception, is encouraging many to use an encryption solution to secure their data.

Volumes of data are traversing boundaries be it geographical, physical and virtual.  Important data is stored in a multiplicity of locations both on premise, offsite locations and in the cloud.  This data must be properly secured, not only for personal and business prerequisites but to remain compliant with strict data legislation and standards.

It has been noted that some older encryption solutions are no longer adequate, which begs the question…should encryption be evolving too?

Should encryption be evolving too?

About 25 years ago the first encryption technology was released to aid in securing email communications. Like other advancements in technology and solutions new encryptions solution have developed, however some older solutions, still in use, have not advanced for many years, if at all.

Some encryption solutions have not progressed enough to keep up with the moving challenges, advancements and requirements to meet the changes in technology and security.  It is necessary to have an encryption solution that has adapted to the times and meets the present day requirements but also has the ability to evolve as further changes are required, this is needed as close to real-time as possible.

Some older technologies were not built with this in mind and perhaps the evolution of these technologies is not practical or even possible.  Times have changed, security and privacy have changed-encryption must also evolve to be compatible with the advanced environment and challenges we face today and will undoubtedly face tomorrow.  Encryption can not remain static and unchanged, if it is to be a successful solution.

With such mammoth changes in technology, many involving data storage, processing and communication of highly sensitive data, how can it be possible and acceptable to not advance encryption solutions? We are handling enormous volumes of critical data, data with unconceivable value.  Hackers know the value of our data asset, yet many of us take our data for granted. The common retort being “why would anyone want my data”? Hackers have advanced methods and resources to obtain our data asset, hence surely we should advance our methods to protect it too.

Requirements for a present day encryption solution

There are a number of necessary components needed from a present day encryption solution and mostly older encryption solutions are not able to offer them.

  • A solution utilising manual key distribution will no longer suffice. Automation is fundamental. A transparent solution where keys are generated automatically and securely without the requirement of manual key exchange is a must.
  • Keys should be automatically generated and distributed. This helps to ensure that they remain private and secure. No visible key exchange should be required. Manual exchange of keys defeats the purpose of a secure encryption solution.
  • Key management must be simple with a centralised view, central auditing and complete accountability. This is fundamental to an effective solution.
  • A solution that is compatible with a current workflow. The solution must integrate effortlessly without causing disruption. It should be easily managed.
  • The solution should support multiple device types and/or clients.
  • A solution that offers end-to-end security for the entire data journey-shared data, data in storage, email communications and attachments and documents on premise and in the cloud.
  • The solution should combine the most up-to-date technologies and be designed and built in a manner that allows for adaptability to meet changing needs.
  • The solution should be easy to use, fast and efficient, initiating minimal change or disruption to normal functioning.
  • A solution that ensures data remains private and secure and thus maintains confidentiality, integrity and availability of the data.
  • A solution that offers security without being cumbersome and becoming an obstruction to users. A solution that users will want to use rather than circumvent.
  • A solution that is new, fast, adaptable and secure.

 

In conclusion

It is extremely important that encryption solutions evolve to meet modern day needs.  Older technologies may have once sufficed but times have changed. If older technologies are unable to adapt, newer and improved ones must be considered if we are to ensure our privacy, security and integrity is upheld.

In the opening paragraph it was pointed out that some changes, in our evolving world of tech, are more necessary than others…an evolution in encryption is one of those extremely necessary changes. We would not settle for an old and out-of-date intrusion technology; antivirus or malware detection solution so why should out-of-date encryption be any different.  It is time to rethink your encryption solution. Make sure that it continues to properly satisfy its purpose.

Galaxkey is a comprehensive encryption solution that encompasses all the vital components that an encryption solution should have.  With the utilisation of Galaxkey, the integrity, confidentiality and availability of data will be upheld.