Here are the encryption stories we’re digging into this week. The narrative continues in Europe where the digital transformation makes encryption both necessary and overwhelming as companies scramble to figure out what to protect. Once established, enterprises still face the challenge of understanding the technology and encrypting it properly, and with quantum computing right around the corner, many wonder if we can keep up. Plus, we look at the shifting landscape of encryption technology and what it means for your enterprise.
Digital transformation could be causing security risk
While Europe undergoes a significant digital transformation, concerns turn to data protection and whether necessary precautions are scaling as fast as the enterprises.
Amid a burgeoning digital renaissance, Thales senior VP of cloud protection and licensing, Sebastien Cano, spoke out and warned that the digital rush is “leaving sensitive data exposed” and that European companies are still not putting data breach prevention at the top of their list, notwithstanding the ever more prevalent breach catastrophes.
Says Cano, “These organisations need to take a hard look at their encryption and access management strategies in order to secure their digital transformation journey.”
In response, some businesses have turned to service provider-managed encryption keys and insuring against possible data loss by using SLAs to keep their providers accountable. Read the full article.
- Marriott Data Breach – 50 Million Reasons Why It’s Critical to Protect Machine Identities
- Breaches Are Like Spilled Milk: It Doesn’t Help to Cry
- GAO Report: Expired Certificate Allowed Extended Exfiltration
Encryption is often poorly deployed, if deployed at all
Not only are companies struggling to adhere to encryption laws, but also to implement them in a meaningful manner. A lot of them just don’t know how.
Sheer “complexity” was cited as probable cause. Speaking in London, Kai Zobel, Thales senior regional sales director, explained “[Organizations] have long lists of what to implement in the next 12 months, but they struggle...because they don’t have enough people to understand the technology...” With each enterprise containing up to thousands of keys and certificates to secure, in addition to a ballooning IoT-scape, cloud-native technologies and data protection - especially in light of GDPR - can be a daunting task.
Thales security engineer Jason Hart contended that nothing much has changed in the past 25 years regarding security posture except for the fact that we have a lot more data to protect. He summed up the kind of thinking-around-corners needed: “You encrypted the data in the database, but what talks to the database?”Read the full article.
- DLP Strategies Protect Human Identities But Ignore Machine Identities
- What GDPR Means for Encryption
- Internet of Things: Getting Smarter About Securing Smart Technology
How quantum computing will impact encryption and cybersecurity
Once GDPR is fully implemented, the digital transformation complete and enterprises finally conquer the beast of encryption-based security – will it even mean anything?
According to quantum computing, maybe not.
Encryption assumes that uber-complex codes take a very, very long time to crack. And if a machine could brute force the algorithm, we cycle out our certificates every so often ensuring we stay one step ahead of the game.
However, according to SecureWorld, “...it is possible to create unique algorithms for quantum computers (e.g. “Shor’s algorithm”) that dramatically reduce the time it takes to break these algorithms.”
As it stands, encrypted keys with long enough key lengths can withstand the tests of time, taking even a supercomputer beyond lifetimes or even centuries to crack the code. With quantum computing, it may not. Read the full article.