The security industry finds a dream enemy -- government spy agencies
Revelations about mass surveillance will fuel encryption adoption in the next year, but implementing it will take care, security experts say
IDG News Service - 2013 was the year we learned we must encrypt our data if we don't want the likes of the U.S. National Security Agency or the U.K. Government Communications Headquarters reading it as it crosses the Internet.
The security industry has the enemy it always dreamed of to help it make the case for encryption adoption, but users looking to secure their data and communications need to be wary of claims made in marketing messages. Securing data in motion is the priority, experts say, and some large Internet firms are already making progress in this area, but encrypting data at rest without losing its usefulness will prove a greater challenge.
"The NSA's surveillance has opened the eyes of many people around the world," Lamar Bailey, director of security research and development at security firm Tripwire said via email. "Security professionals have always known that this style of surveillance is possible with the right resources, but this episode has been a big wake-up call for everyone. Many countries and companies outside the U.S. are now taking a harder, more in-depth look at software and hardware that comes from the U.S., although the silver lining is that mainstream users are now more concerned with encrypting data and reviewing how their information is being shared."
The public debate sparked by the surveillance revelations in recent months has prompted some encouraging responses already: Google has encrypted the links between its data centers; Yahoo is working to do the same and has promised to enable SSL encryption by default for webmail and other services, and Twitter has enabled an SSL feature called forward secrecy, already implemented by Google and Facebook, which makes mass decryption of SSL traffic hard even if the website operator's master private key is compromised.
Some software vendors started developing alternatives to existing communication technologies, with the goal of providing end-to-end encryption and making upstream data interception harder. Secure communications provider Silent Circle launched an effort called the Dark Mail Alliance to develop a private a secure email protocol that encrypts metadata, not just message contents; Pirate Bay co-founder Peter Sunde is working with others on a secure crowd-funded mobile messaging application called Hemlis with distributed infrastructure hosted in privacy-friendly jurisdictions, and BitTorrent, the company behind the popular file-sharing protocol of the same name, is developing a peer-to-peer instant messaging application that encrypts messages directly between users and doesn't rely on central servers.
These and other examples send a clear message: securing the data transport channels to prevent unwanted upstream interception is a priority. The Internet Engineering Task Force, an organization that develops Internet standards, is already working toward this goal. Together with other Internet infrastructure groups, IETF expressed concern that the reported mass monitoring and surveillance by government agencies undermines the trust and confidence of Internet users globally.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!