Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The security industry found its dream enemy in 2013 -- and new technical challenges too

Lucian Constantin | Jan. 2, 2014
Revelations about mass surveillance will fuel encryption adoption in the next year, but implementing it will take care, security experts say.

Bower believes advances in encryption technology during the past decade have made that possible, but others remain skeptical.

"We will continue to see both open source and commercial solutions pop up that claim to be fully secure and immune to any surveillance attempts," said Jake Kouns, chief information security officer at security consultancy firm Risk Based Security. "My concern is that in most cases these services will be for niche users only."

Expecting people to encrypt all communications is unfeasible, but it would be a start if they would at least encrypt sensitive communications, said Carsten Eiram, the chief research officer at Risk Based Security. "Many even fail to do that, which is likely due to people simply considering it too much of a hassle to import and manage keys," he said.

However, this shouldn't deter developers from adding encryption functions. Users will understand their importance and will learn how to use them, Chiesa said.

Encrypting "data in motion" is actually the easy problem, according to Green. "The next frontier is encrypting data at rest. Right now this is difficult, since companies need access to your data if they're going to compute on it — think Google searching your email. We don't have good cryptographic solutions to this problem, and frankly a lot of this data is available in cloud environments where the security is unknown at best."

Most businesses understand they should secure their data using encryption, but when it comes to implementing it things usually come to a halt, Kouns said. "For most small to mid-size businesses, implementing encryption is a daunting task that is too complicated and expensive."

Even with significant problems to overcome, most security experts believe that the trend of building encryption into products and services will continue to increase in both the consumer and business markets.

"Anyone bringing out a new service using consumer and analytic data, whether in the cloud or not, is going to struggle without a data protection strategy," Bower said.

"I expect to see companies continue to invest in this space," Kouns said. "The vendors and services that solve this issue in a simple and cost effective manner are the ones that will benefit the most."

"Encryption can make the difference in a service," Chiesa said. "See for example the old Megaupload and the new Mega: user privacy is the center of the whole thing now."

 

Previous Page  1  2  3  4 

Sign up for CIO Asia eNewsletters.