Is there a downside to encryption?
The pros and cons of data encryption.
Remember the Enigma machine? It was the German typewriter that had been tinkered with to scramble messages, allowing radio communications to pass through allied territory unread. It is one of the world’s most famous examples of encryption.
Encryption as a technology was nothing new when American sailors recovered the device. In fact, the practice of obfuscating communications using a cypher — a special set of rules that defines how to encrypt a message — dates back thousands of years.
Compared to encryption, the technologies that make up today’s network-reliant global infrastructure are just a blip. Even so, the internet era has given encryption technology a new reason for being and has made it a part of each of our daily lives.
Our Encrypted Environment
Storing people’s personal data online means risking a potential breach. In the early days of the Internet, huge quantities of information were transmitted in “plain text,” or unencrypted format. These days, however, it’s much more common to see data transmitted using SSL technology — the https:// you see in your browser — and that’s just one example of encryption at use online.
Don’t be fooled into thinking it’s just text that can be obfuscated, though. You can encrypt data in just about any format. There are codecs to encrypt business documents as well as codecs to encrypt graphics to protect them from resale. Thanks to the Digital Millennium Copyright Act (DMCA), we now have two types of video encryption, one that anybody can use, and a commercial-specific codec designed to combat online video piracy after its rise in the early 2000s.
The medical industry has access to particularly sensitive data, and so the government has enacted the Health Insurance Portability and Accountability act (HIPAA), which providers must comply with by law. These types of countermeasures have become relatively commonplace, as businesses have sought to create an environment where employees are confident about the safety of their private information.
So, the online parts of our modern world increasingly operate using data that is encrypted. Take your iPhone for example — all of the personal information on it is encrypted by default. It’s a built in feature of Apple’s iOS, and it’s also at the core of the FBI’s case against the Cupertino company.
Some Encryption Is Good — Is More Encryption Better?
You might be familiar with the way that Apple has opted not to assist the FBI in reclaiming encrypted data from the iPhone of a convicted killer. The reason for this is the concern that creating a tool to decrypt iOS phones would let the proverbial cat out of the bag. Once such a technology is made available, anyone with an iPhone would lose a great deal of security.
The iPhone example gets mixed responses, which makes sense. Some of us trust the FBI more than others. But it’s not the only example of a complicated situation created by encryption.
The Dilemma for Businesses
Increasingly, companies are making use of technologies like Full-Disk-Encryption (FDE) to guarantee the security of data on company networks. There are a few caveats to this strategy.
One unhappy scenario involves the cypher, or key, that we mentioned earlier. If this key is lost, it becomes nearly impossible to unscramble the data on a device.
A much more common and much scarier scenario involves the adaptation of cyber-threats to cope in an encrypted internet. This means malware hidden in encrypted data is, and has been for some time, being loosed on the world.
About 80% of businesses polled by the Ponemon Institute report facing a cyber attack at least once a year. Of those attacks, half came packaged in encrypted data. Using encrypted code without the proper countermeasures to repel an encrypted attack could be a death wish for unsuspecting businesses.
Future-Proofing Your Network
So, how does one build an encrypted network that’s designed to go the distance — free from hacks and the threat of encrypted malware?
The network security industry has been hard at work cooking up the next generation of SSL-aware firewalls, and some of them can detect malware encrypted using SSL/TLS.
It should be noted that installing such a robust solution comes at a price. This is not a plug-and-play solution. For a quality firewall to work, it takes a good network engineer, or a team of engineers, and the time required to properly set up protection.
If your responsibility is protecting a high-profile corporation that can’t afford to show up in the news, this software is a no-brainer. If you’re getting your e-commerce operation off the ground, look for plug-ins and reputable vendors who specialize in encryption and security. Is your data worth protecting? Your answer should be yes.
► Image by Iiya Pavlov