Need of the hour: In­te­grated En­cryp­tion

Vivek Tyagi, Di­rec­tor-Busi­ness Devel­op­ment, Chan­nel and OEM Sales, SANDISK In­dia

DQ Channels - - Front page - Readthe­com­pletesto­ry­on­www.dqchan­

What’s the first step to im­prov­ing in­for­ma­tion se­cu­rity? Quit blam­ing peo­ple and fo­cus on en­abling tech­nolo­gies like en­cryp­tion.

Ask a se­cu­rity pro­fes­sional to iden­tify the weak­est link in cy­ber­se­cu­rity chain and they will likely give you the same an­swer: hu­mans.

Peo­ple re­spond to emails they shouldn’t open. They ac­cess ser­vices and web­sites they shouldn’t on cor­po­rate de­vices. They in­vite busi­ness part­ners that em­ploy less-than-vig­or­ous se­cu­rity pro­ce­dures into their cor­po­rate net­works

That’s true, but we all make mis­takes. More im­por­tantly, today’s crim­i­nal is so­phis­ti­cated, ded­i­cated and pa­tient. Hack­ers cost con­sumers and com­pa­nies $375 bil­lion to $575 bil­lion a year, ac­cord­ing to a study by the Cen­ter for Strate­gic and In­ter­na­tional Stud­ies funded by McAfee. Core tech­nol­ogy can be com­pro­mised too. In 2014, the FBI warned that hack­ers were tar­get­ing health­care and med­i­cal de­vice com­pa­nies for in­tel­lec­tual prop­erty. Cy­ber-crime is on the rise in In­dia, it has out­paced cor­rup­tion and bribery and be­come the fastest grow­ing fraud risk in In­dia, ac­cord­ing to E & Y.

So what can be done? Se­cu­rity never ends and it’s never per­fect — that’s the ul­ti­mate re­al­ity. But it can be im­proved. And one av­enue for im­prov­ing it will be re­ly­ing in­creas­ingly on au­to­mated en­cryp­tion. En­cryp­tion is ar­guably the best se­cu­rity tech­nol­ogy on the mar­ket and one of the least used. Think of it. Your tax re­turns are prob­a­bly on a drive some­where in your house. Have you en­crypted them? Prob­a­bly not. Could some­one read them if they stole your lap­top and cracked the pass­word? Ab­so­lutely.

Like any­thing else, en­cryp­tion can be hacked, but it of­ten takes money, time and brute force com­put­ing. En­cryp­tion may not have pre­vented the re­cent spate of high-pro­file at­tacks, but it could have pre­vented the sud­den on­rush of em­bar­rass­ing emails, user names and other in­for­ma­tion. The per­pe­tra­tors would likely still be strug­gling with strings of jib­ber­ish.

“En­cryp­tion should be en­abled for ev­ery­thing by de­fault, not a fea­ture you turn on only if you’re do­ing some­thing you con­sider worth pro­tect­ing,” se­cu­rity ex­pert Bruce Sch­neier wrote in his blog.

Un­til rel­a­tively re­cently, how­ever, the cost and com­plex­ity in­volved made en­cryp­tion a non­starter for most. Third-party ser­vices that sim­plify en­cryp­tion are per­ceived by some to be less se­cure. The es­ca­lat­ing ca­pa­bil­i­ties of com­put­ing sys­tems, how­ever, are chang­ing the pic­ture by elim­i­nat­ing per­for­mance and cost bar­ri­ers. For ex­am­ple, the speed and ca­pac­ity of solid-state drives (SSDs) al­lows en­cryp­tion to take place be­hind the scenes.

Coughlin As­so­ci­ates pre­dicts that by the end of the year the ma­jor­ity of SSDs will be ca­pa­ble of self-en­crypt­ing doc­u­ments. Nu­va­sive, a com­pany that spe­cial­izes in spinal care tech­nol­ogy, re­cently im­ple­mented a self-en­cryp­tion pro­gram through SSDs.

Reg­u­la­tory changes are also en­cour­ag­ing adop­tion un­der Sar­banes-Ox­ley, the Health­care In­for­ma­tion Porta­bil­ity and Ac­count­abil­ity Act (HIPAA ), the Health In­for­ma­tion Tech­nol­ogy for Eco­nomic and Clin­i­cal Health (HITECH) Act ,and other reg­u­la­tions. In 2009, Blue-Cross Blue-Shield of Ten­nessee was fined $1.5 mil­lion (and spent $17 mil­lion in re­me­dial ac­tions) af­ter 57 un­en­crypted hard drives con­tain­ing records for nearly one mil­lion pa­tients were stolen from a stor­age closet. An es­ti­mated 249,000 records were in­ad­ver­tently ex­posed last year be­cause of lost or stolen lap­tops, ac­cord­ing to sta­tis­tics from Pri­vacy Rights Clear­ing­house.

Ap­pli­ca­tions for manag­ing en­cryp­tion or set­ting poli­cies are also be­com­ing far more user-friendly. All the in­gre­di­ents needed for “one-touch” en­cryp­tion will soon be dif­fi­cult not to get in a new sys­tem. MoboMoney, a con- tact-less pay­ment plat­form launched by Tech Mahin­dra, has launched a ser­vice that en­ables elec­tronic pay­ments us­ing sound waves in­stead of card swipes. The MoboMoney ap­pli­ca­tion has been de­signed to en­sure a se­cure trans­ac­tion with mul­ti­ple lay­ers of en­cryp­tion

The large web ser­vices, mean­while, are adopt­ing au­to­mated en­cryp­tion. Google em­ploys an en­crypted con­nec­tion for Gmail and is mov­ing to­ward “end-to-end” en­cryp­tion that will ef­fec­tively keep mes­sages en­crypted un­til the in­tended re­cip­i­ent un­scram­bles them. The In­dian Army launched a highly en­crypted cloud sys­tem which will store per­son­nel as well op­er­a­tional data. The ‘Army Cloud’ in­cludes a cen­tral date cen­tre, a near line data cen­tre, both in Delhi and a dis­as­ter re­cov­ery site for a repli­ca­tion of its crit­i­cal data along with vir­tu­alised servers and stor­age in an en­vi­ron­men­tally con­trolled com­plex. You’re also see­ing en­cryp­tion and bet­ter se­cu­rity per­co­late into the mo­bile mar­ket. China’s Qiku has re­leased phones that em­pha­size se­cu­rity. Ear­lier this year, Google showed off its ex­per­i­men­tal Project Vault, a MI­CROSD-SIZED card that keeps mo­bile mes­sages and data se­cure.

Crit­ics and skep­tics will note that even mak­ing en­cryp­tion ca­pa­bil­i­ties free and per­va­sive may not be enough. Still, things can change quickly. If you make en­cryp­tion as easy as click­ing an icon or com­pletely au­to­matic, at­ti­tudes will change. For close to 20 years, a ver­i­ta­ble ar­mada of com­pa­nies tried to pro­mote fin­ger­print scan­ners as a pass­word re­place­ment, but few adopted them. Then Ap­ple put fin­ger­print sys­tems on the iPhone 5. Sud­denly, users adopted the tech­nol­ogy and were ask­ing what took so long.

The In­dian Army launched a highly en­crypted cloud sys­tem which will store per­son­nel as well op­er­a­tional data

Au­thored by VIVEK TYAGI, Direc­torBusi­ness Devel­op­ment, Chan­nel and OEM

Sales, SanDisk In­dia

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.