2014: The year of encryption

Padlock in the middle of digital circuit board Companies are under pressure in the current environment to make sure their encryption is up to scratch

"The solution to government surveillance is to encrypt everything."

So said Eric Schmidt, Google's chairman, in response to revelations about the activities of the US National Security Agency (NSA) made by whistle-blower Edward Snowden.

 Technology of Business

Schmidt's advice appears to have been heeded by companies that provide internet-based services.

Microsoft, for instance, says it will have "best-in-class industry cryptography" in place for services including Outlook.com, Office 365 and SkyDrive by the end of the year, while Yahoo has announced plans to encrypt all of its customers' data, including emails, by the end of the first quarter of 2014.

For many smaller businesses too, 2014 is likely to be the year of encryption. That's certainly the view of Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company.

But he believes the driving force for this will be different: not government surveillance programmes, but the threat of attacks from hackers.

Diamonds and paperclips

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure "hardened" computers.

Dave Frymier Dave Frymier from Unisys says the threat posed by hackers will drive firms to invest in encryption

"When you look at the increasing sophistication of malware, it becomes apparent that you need to establish highly protected enclaves of data. The only way to achieve that is through modern encryption, properly implemented," says Mr Frymier.

"You can split your data into diamonds and paperclips, and the important thing is to encrypt the diamonds, and not to sweat the paperclips."

Prakash Panjwani, a general manager at Maryland-based data protection company Safenet, also believes that the large number of high-profile data breaches in 2013 - including hacker attacks on US retailer Target, software maker Adobe, and photo messaging service Snapchat - means that 2014 will inevitably be a bumper one for encryption vendors.

"Snowden has focused attention on surveillance issues, but the real threat is organised crime and the number of data breaches that are occurring," he says.

"Companies are going to come under extreme pressure from boards, customers and regulators in 2014 to take action so that if there is a data breach they can say, 'We didn't lose any data because it was encrypted.'"

Keeping the regulator happy

A large number of companies already use encryption to protect the data they store on their own systems "at rest", as well as data "in flight" as it is sent over networks to customers, other data centres, or for processing or storage in the cloud.

Hacking for password Using a longer encryption key will make it harder for hackers to access your data

But Ramon Krikken, an analyst at Gartner, believes that the way encryption is used by many of these companies is likely to change in 2014.

"Companies are certainly going to have to take encryption more seriously thanks to the Snowden revelations," he says.

"At the moment many companies are using encryption for compliance reasons, not for security. They are not using it to protect their data, but because it is the easiest way to comply with regulations: encryption is the auditor's and the regulator's favourite check box item."

'Back doors'

Start Quote

You have to decide who you trust, and find out where the vendor gets all the parts of its product from”

End Quote Ramon Krikken Gartner analyst

One question that companies will need to consider is which encryption algorithm or cipher to use to best encrypt their data. It's an important question as some older ciphers can now be "cracked" relatively quickly using the computing power in a standard desktop PC.

And there is a question mark over whether the NSA may have deliberately used its influence to weaken some encryption systems - or even to introduce "back doors" that provide easy access to encrypted data to anyone who knows of their existence.

"The problem is that even if you can inspect the source code, it is certainly not a given that you would be able to spot a back door," Mr Krikken says.

Edward Snowden US whistle-blower Edward Snowden's revelations have made companies take encryption more seriously

He believes it is more important to establish where all the parts of an encryption solution come from.

Start Quote

No-one ever got fired for having encryption that was too strong”

End Quote Robert Former Neohapsis

"If you procure software or hardware from overseas, from a country with a government which does not have your best interests at heart, you need to remember that it may not be as secure as you think," Mr Krikken says.

"So you have to decide who you trust, and find out where the vendor gets all the parts of its product from."

Don't be cheap

Another thing companies need to consider when they implement encryption is how strong the encryption should be. Using a longer encryption key makes it harder for hackers or governments to crack the encryption, but it also requires more computing power.

But Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says many companies are overestimating the computational complexity of encryption.

"If you have an Apple Mac, your processor spends far more time making OS X looks pretty than it does doing crypto work."

He therefore recommends using encryption keys that are two or even four times longer than the ones many companies are currently using.

"I say use the strongest cryptography that your hardware and software can support. I guarantee you that the cost of using your available processing power is less than the cost of losing your data because you were too cheap to make the crypto strong enough," he says.

"No-one ever got fired for having encryption that was too strong."

More on This Story

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

BBC Business Live

  1.  
    09:07: SAP DOWNGRADE

    German software developer SAP has fallen 3.9% this morning in Frankfurt after letting on that 2014 profit will be lower than previously forecast. Services in the cloud are putting pressure on profits.

     
  2.  
    08:50: FORD INVESTMENT Radio 5 live

    Ford is investing about £200m at its Dagenham plant creating about 300 jobs to make diesel engines. Mark Ovenden of Ford is on 5 live. Engines are Britain's strength in vehicle manufacture, he says.

     
  3.  
    08:39: MARKET REPORT

    The FTSE 100 is behaving a bit oddly in early trading. It opened up 8 points this morning then promptly remembered the erurozone is teetering on the edge of a third crisis and there's less global economic growth out there and fell again. Now its up 3 points again at 6313.64 . The situation is a bit worse for Germany's Dax - down 52 points to 8797.85 - and France's Cac-40 - down 23 points to 4010.12.

     
  4.  
    08:28: TAX MARK

    SSE is touting its award of the new Fair Tax Mark, which has been set up to show companies are being open about what tax they pay. Other recipients include Go-Ahead Group , Midcounties Co-operative, Phone Co-op and Unity Trust Bank. Margaret Hodge, chair of parliament's Public Accounts Committee, said she hoped other companies would follow SSE's example.

     
  5.  
    08:16: PONTOON CYCLING
    Computer generated image of the floating cycle route

    Is the floating bike path a sustainable solution or an expensive distraction? We think you probably just need to look at the picture (above) for the answer to that question. But if you really feel the need to read about one of the more outlandish proposals being considered by Mayor of London Boris Johnson then by all means take a look. Some have baulked at the £600m price tag. But no doubt the team behind the 'Thames Deckway' thought "Boris. Keen Cycler, loves things that float (think airports), it's bound to be a winner."

     
  6.  
    08:00: SHIRE FINANCE CHIEF EXIT

    Drugs firm Shire has announced that interim chief financial officer James Bowling has resigned after ten years with the firm. He is joining Severn Trent as CFO and will leave Shire at the end of March 2015. Shire saw more than 30% of its share value wiped out last week after the collapse of a £32bn takeover from US rival AbbVie. Shire will start the search for a new CFO immediately.

     
  7.  
    07:45: SPIRIT PUB OFFER
    The badge of Greene King brewers on a pub wall

    Spirit pub company, which runs about 750 pubs, says Greene King has made a better offer to take the company over. They would get 0.1322 Greene King shares per Spirit share and a cash payment of 8 pence, worth a total of about 109.5 pence. Spirit's board says it may recommend the offer once a few details have been ironed out.

     
  8.  
    07:33: BUDGET GIVEAWAY?
    Chancellor of the Exchequer George Osborne

    Don't expect any traditional tax giveaways ahead of the general election. In a move akin to "good luck, there's no money left", Cabinet ministers have been warned by the Treasury that it is likely they will have to rein in their spending in the run-up to the election because of a shortfall in tax revenues and concerns about the global economy, the Financial Times has reported today. Treasury secretary Danny Alexander has told the Cabinet tax revenues are not recovering as quickly as the economy so he might have to impose new spending controls in the Autumn Statement. Yikes.

     
  9.  
    07:21: BANK OF JAPAN

    Japan's central bank has maintained its economic assessment for eight of the country's nine regions in its quarterly report, saying they continue to recover. The north-eastern Tohoku region cut its assessment from July, to say that the recovery trend is slowing.

     
  10.  
    07:07: IBM NEWS
    chip

    IBM says it will make a "major business announcement" today. Various newspapers including the Wall Street Journal think it will sell off its loss-making microchip-making business. IBM will pay Globalfoundries $1.5bn (£931m) to take the chip operations off its hands, says the WSJ.

     
  11.  
    06:50: UK GROWTH BBC Radio 4

    Peter Spencer, economic adviser to the EY Item Club, tells the Today programme housing investment along with business investment has been responsible for "about half of the economic growth" we have see in the UK since the start of the recovery. But people are beginning to worry about global growth and the UK's economic outlook. Concerns about economic developments at home and abroad has meant there are already signs of "a return to caution by both borrowers and lenders in the mortgage market".

     
  12.  
    06:35: STOCK MARKET TURMOIL BBC Radio 4

    Last week's stock market sell off is on the business agenda today. "Everyone was feeling nervous. We just need a very small straw to break the camel's back I think it was the Ebola virus," James Bevan chief investment officer at CCLA Investment Management tells the Today programme. "We had a lot of other things going on but I think Ebola was the thing that made investors say to themselves 'let's sit this one out'. There has been no real change in the hard economic data." He is worried about bond yields spiking "as they did in 1987" though.

     
  13.  
    06:24: EUROZONE ECONOMY Radio 5 live
    Jose Manual Barroso

    Jose Manual Barroso, outgoing President of the European Commission, has told the BBC he doesn't think another recession in the eurozone is likely. Official statistics suggest a "weaker recovery than anticipated. Elmar Brok, a German member of the European Parliament is on Radio 5 live and says Britain should be "more positive towards the eurozone"

     
  14.  
    06:13: INTERN PAY Radio 5 live

    Christian May from the Institute of Directors is on 5 live talking about employment reform, including reforms to how interns are paid, or otherwise. "It's worth considering it's unlikely to be a silver bullet," he says. There's a chance restrictions could be gamed to allow employers not to pay interns. While 25% of businesses have interns they don't pay, "in this day and age its getting difficult to justify having someone work for them and not paying them."

     
  15.  
    06:03: ETHICAL INVESTMENTS Radio 5 live

    Justin Urquhart Stewart of 7 Investment Management is on 5 live talking about ethical investment. "It's very badly marketed so people don't understand it ," He says. But because such investments strip out companies such as tobacco, alcohol, arms and oil, returns can also be slim.

     
  16.  
    06:01: Howard Mustoe Business reporter

    Good morning. Get in touch via email bizlivepage@bbc.co.uk and twitter @BBCBusiness.

     
  17.  
    06:00: Matthew West Business reporter

    Morning folks. It's a gloomy start to the day with the EY Item Club downgrading its 2015 UK economic growth forecast quite sharply this morning as a result of the global slowdown and uncertainty over interest rates. There's more housing market data out later and the Prime Minister is going to be pushing for more apprenticeships today too. We'll bring you more as it happens.

     

Features

From BBC Capital

Programmes

  • FishThe Travel Show Watch

    Meet the Helsinki market trader who sells fish to the President of Finland

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.