Recently, I’ve had the pleasure to meet the creator of Pretty Good Privacy (PGP) and pioneer in cryptography, Phil Zimmermann. For all data security experts and vendors, he is an inspiration, especially because his e-mail encryption software became the most widely used in the world, even though he was persecuted by the government, he didn’t have any investors or at least paid staff. It is proof that great products do not need millions of dollars for marketing or large sales teams.
It is interesting how data security evolved since 1991 and how dynamic the industry is today. With new technologies that have emerged and reinterpretation of the old ones, our choices have become more difficult. E-mail encryption is still widely being used successfully. Unfortunately, not only e-mails have to be encrypted to secure data and prevent data breaches.
There is a variety of exit points starting from e-mails, to portable storage devices, smartphones, cloud applications and services, etc. These represent the most popular tools for collaboration and help businesses increase employees’ productivity. So, the paradox of helpful tools, making people’s work easier, but making data security more vulnerable at the same time, require security solutions that are able to minimize threats. They also have to enable organizations to leverage the advantage of mobility and cloud computing.
Take for example USB thumb drives – so small devices that can store up to 1-terabyte of data. Besides the huge storage capacity, the transfer speed is significantly improved, reaching 240 MB per second. Imagine losing one of these small devices with 1 terabyte of data. If data is not encrypted or if the device itself is not encrypted, confidential data can end up in malicious hands and the rest is history. In fact, lost unencrypted USB devices and laptops represent a major cause for data breaches. When organizations empower employees to use such devices, they should also make sure that they are prepared for scenarios like lost or stolen storage devices.
Encryption is a simple, affordable and efficient solution. Our customers always present us their challenge of authorizing encrypted portable USB devices, but having no control on employees’ personal devices. Our solution to this scenario is to use Enforced Encryption with EasyLock to force users to copy data only on an encrypted area of the USB device and, simultaneously, deny the access to other USB devices. This way a lost device isn’t a threat anymore because all important data is kept in the password-protected encrypted software. Enforced Encryption requires Endpoint Protector 4 Device Control solution that can centrally establish the device authorization policies and pushes the installation of the encryption software. It can also be used separately, as an independent solution, as USB encryption, cloud storage encryption, CD & DVD and local folder encryption. It is a versatile solution that ensures a proper use of mobility tools, for both business and home users.
Encryption is even in our pockets, if we think about smartphones, but few of us use it. For the two most popular mobile platforms, iOS and Android, it is built-in. The user has to activate it by enabling the password or pattern protection. For the newest Android version, 5.0, full disk encryption is available and it can be enabled by the user. Apple calls its encryption capability Data Protection and it is available for devices that offer hardware encryption – iPhone 3GS and later, all iPad models and iPod Touch. Data Protection is activated by a passcode, which protects the hardware encryption keys. Apple is one of the most ferocious defenders of encryption in the attempt of the US Government to force mobile devices’ vendors to use backdoors. As Tim Cook said, “Any backdoor is a backdoor for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a backdoor can have very dire consequences.” I agree 100 percent with this statement, especially since it is easy to see that lost unencrypted mobile devices, USB devices and laptops, as well as unencrypted data shared on the cloud represent a major cause for data breaches, exposing millions of private or company records. Just for the sake of discussion, if a backdoor were to be left to mobile devices’ encryption, a precedent would be created, leaving an opportunity to ask for backdoors to other security systems as well. At the same time, the legislation would have to be very clear towards the organizations that are entitled to ask for access through the back door, or else there is a question of where do we draw the line. The Dutch Government also expressed its opposition towards having backdoors to encryption or to have legislation that are restrictive against development or use of encryption products. Their official statement resembles a lot with Tim Cook’s, fighting for individuals’, businesses’ and government’s communication privacy.
At the end, users should take advantage of the built-in security features provided by the device itself or the Operating System and should value their privacy, for their own safety and reputation. As for businesses, they have the possibility of enabling and enforcing encryption on employees’ devices in a centralized manner with Mobile Device Management software. They can set passcode parameters in order to force employees to use strong passwords. On Android, they can directly request the activation of encryption, making sure business and personal data are kept secure, even in the misfortune of stolen or lost mobile devices.
Cryptography has been used since antiquity and it has a long and complex history. The modern encryption is the kind of solution that will be used for many years to come, so you might as well take full advantage of it. Make sure to protect the information that resides on your computers, mobile devices, on the cloud, on portable storage devices and in transit.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.