2014: The year of encryption

Padlock in the middle of digital circuit board Companies are under pressure in the current environment to make sure their encryption is up to scratch

"The solution to government surveillance is to encrypt everything."

So said Eric Schmidt, Google's chairman, in response to revelations about the activities of the US National Security Agency (NSA) made by whistle-blower Edward Snowden.

 Technology of Business

Schmidt's advice appears to have been heeded by companies that provide internet-based services.

Microsoft, for instance, says it will have "best-in-class industry cryptography" in place for services including Outlook.com, Office 365 and SkyDrive by the end of the year, while Yahoo has announced plans to encrypt all of its customers' data, including emails, by the end of the first quarter of 2014.

For many smaller businesses too, 2014 is likely to be the year of encryption. That's certainly the view of Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company.

But he believes the driving force for this will be different: not government surveillance programmes, but the threat of attacks from hackers.

Diamonds and paperclips

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure "hardened" computers.

Dave Frymier Dave Frymier from Unisys says the threat posed by hackers will drive firms to invest in encryption

"When you look at the increasing sophistication of malware, it becomes apparent that you need to establish highly protected enclaves of data. The only way to achieve that is through modern encryption, properly implemented," says Mr Frymier.

"You can split your data into diamonds and paperclips, and the important thing is to encrypt the diamonds, and not to sweat the paperclips."

Prakash Panjwani, a general manager at Maryland-based data protection company Safenet, also believes that the large number of high-profile data breaches in 2013 - including hacker attacks on US retailer Target, software maker Adobe, and photo messaging service Snapchat - means that 2014 will inevitably be a bumper one for encryption vendors.

"Snowden has focused attention on surveillance issues, but the real threat is organised crime and the number of data breaches that are occurring," he says.

"Companies are going to come under extreme pressure from boards, customers and regulators in 2014 to take action so that if there is a data breach they can say, 'We didn't lose any data because it was encrypted.'"

Keeping the regulator happy

A large number of companies already use encryption to protect the data they store on their own systems "at rest", as well as data "in flight" as it is sent over networks to customers, other data centres, or for processing or storage in the cloud.

Hacking for password Using a longer encryption key will make it harder for hackers to access your data

But Ramon Krikken, an analyst at Gartner, believes that the way encryption is used by many of these companies is likely to change in 2014.

"Companies are certainly going to have to take encryption more seriously thanks to the Snowden revelations," he says.

"At the moment many companies are using encryption for compliance reasons, not for security. They are not using it to protect their data, but because it is the easiest way to comply with regulations: encryption is the auditor's and the regulator's favourite check box item."

'Back doors'

Start Quote

You have to decide who you trust, and find out where the vendor gets all the parts of its product from”

End Quote Ramon Krikken Gartner analyst

One question that companies will need to consider is which encryption algorithm or cipher to use to best encrypt their data. It's an important question as some older ciphers can now be "cracked" relatively quickly using the computing power in a standard desktop PC.

And there is a question mark over whether the NSA may have deliberately used its influence to weaken some encryption systems - or even to introduce "back doors" that provide easy access to encrypted data to anyone who knows of their existence.

"The problem is that even if you can inspect the source code, it is certainly not a given that you would be able to spot a back door," Mr Krikken says.

Edward Snowden US whistle-blower Edward Snowden's revelations have made companies take encryption more seriously

He believes it is more important to establish where all the parts of an encryption solution come from.

Start Quote

No-one ever got fired for having encryption that was too strong”

End Quote Robert Former Neohapsis

"If you procure software or hardware from overseas, from a country with a government which does not have your best interests at heart, you need to remember that it may not be as secure as you think," Mr Krikken says.

"So you have to decide who you trust, and find out where the vendor gets all the parts of its product from."

Don't be cheap

Another thing companies need to consider when they implement encryption is how strong the encryption should be. Using a longer encryption key makes it harder for hackers or governments to crack the encryption, but it also requires more computing power.

But Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says many companies are overestimating the computational complexity of encryption.

"If you have an Apple Mac, your processor spends far more time making OS X looks pretty than it does doing crypto work."

He therefore recommends using encryption keys that are two or even four times longer than the ones many companies are currently using.

"I say use the strongest cryptography that your hardware and software can support. I guarantee you that the cost of using your available processing power is less than the cost of losing your data because you were too cheap to make the crypto strong enough," he says.

"No-one ever got fired for having encryption that was too strong."

More on This Story

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

BBC Business Live

  1.  
    AEROFLOT RESULTS 08:18:
    Aeroflot

    More airline news. Russia's state-controlled Aeroflot reports a loss of 1.9bn roubles (£35m) for the first half of 2014. That compares to a 45m rouble profit a year ago. The slowdown in the economy and a fall in the value of the rouble against other world currencies are among the reasons.

     
  2.  
    QANTAS 08:03:
    Kangaroo

    Shares in the Flying Kangaroo are up 7.3% at A$139 in the wake of its hefty loss. "We are focused now in the short to medium term on the transformation program," said chief executive Alan Joyce. "We are not actively out there looking for an airline investor." Investors are actively buying its shares though - a new law is opening the doors to foreign investment in the international arm of the airline.

     
  3.  
    AA RESIGNATIONS 07:48:
    AA logo

    There seems to be some upheaval at the top of the AA. Its chief executive Chris Jansen is resigning immediately. The chief financial officer Andy Boland is leaving too.

     
  4.  
    ICE SALES 07:39: Radio 5 live
    Alex Brown of Exeter Chiefs takes part in the Ice Bucket Challenge

    The charity ice bucket challenge appears to be boosting the sale of ice cubes. Tesco says they're up 20%. Paul Doughty, managing director of The Ice Company told Wake up to Money his firm had been busy restocking supermarkets - which saw big sales last weekend. But he explained that this was a bit of a challenge. "At this time of year, we are actually ramping down production, sales get run down over the summer, and we start to reduce our staffing levels in our factories through August."

     
  5.  
    LIVING WAGE 07:31:

    What is is? It is set at £8.80 an hour for London and £7.65 for the rest of the UK. Find out here. The minimum wage - the government's base line, is £6.31.

     
  6.  
    PADDY POWER 07:26:
    Paddy Power pic from website

    Betting giant Paddy Power says pre-tax profits are down 13% at £62m for the first half of the year. The company says many football punters had "dream weekends" in January and March, with 16 and then 17 teams of the 21 most backed winning. "This proved costlier than John Cleese's divorce", says Paddy.

     
  7.  
    HAYS RESULTS 07:16:

    Profits have risen at the recruitment business Hays, which operates in 33 countries. Profits rose 12% in the past year to £132m. Dividends are up 5%. "In many of our global markets, the vast majority of professional and skilled recruitment is still done in-house, with minimal outsourcing to recruitment agencies which presents substantial long-term structural growth opportunities," the company said.

     
  8.  
    LIVING WAGE 07:05: BBC Radio 4

    On the TUC Living Wage story: TUC general secretary Frances O'Grady tells Today that women come off worse because there is low value attached to the jobs women tend to do, such as care working and shop work.

     
  9.  
    LIVING WAGE 06:53: BBC Radio 4
    Care worker

    Today is discussing the Living Wage concept. In many parts of Britain, women working part-time earn less than the Living Wage, says the TUC. Three quarters of part-time women workers in Lancashire do, as do two thirds of part-time women workers in West Somerset. TUC chief Frances O'Grady explains: "The minimum wage is an absolute floor, the Living Wage is the level that means you can take your children on holiday for a week - nothing fancy." The minimum wage is £6.31.

     
  10.  
    QANTAS 06:42:

    Can Qantas solve its huge financial problems? The BBC's Phil Mercer in Sydney says: "The airline's annual accounts have become a horror story of decline as it tries to chart a path back to profit and sustainability". Read more.

     
  11.  
    MALAYSIA AIRLINES 06:32: BBC Radio 4

    Can an airline survive two major plane disasters in a single year? Today says that's the question for Malaysia Airlines. Those who have flown on the airline recently report near empty cabins. Can Malaysian Airlines survive? David Learmount from Flightglobal thinks so. "Malaysia will be given a chance by the government and it will be given some money. People don't like seeing airlines go bust," he told Today listeners.

     
  12.  
    BUSINESS LENDING 06:22: Radio 5 live

    Wake Up to Money looks forward to later this morning when the Bank of England will give us an update on its Funding for Lending scheme - introduced two years ago to encourage banks to lend to small businesses. It's not been a rip-roaring success: a previous report said, despite all that help, the amount of money being lent was down £2.7bn over the first three months of this year.

     
  13.  
    QANTAS 06:12:
    A Qantas Airline plane gets takes off at Sydney Airport in Sydney on August 28, 2014

    Overnight Australia's national airline Qantas reported a huge loss of A$2.8bn for the past year - its biggest ever. That was partly due to writing down the value of its planes by A$2.6bn. Qantas added weak domestic demand, poor consumer spending and rising fuel costs also contributed. Chief executive Alan Joyce tried to put some gloss on the figures: "There is no doubt today's numbers are confronting... but they represent the year that is past".

     
  14.  
    SCOTTISH INDEPENDENCE 06:03:
    Saltire

    Pro-independence business people in Scotland have hit back. 200 of them have signed a letter, appearing in the Herald online, saying that the business case for independence "has been made - and it's strong and ambitious". They add: "The real threat to Scotland is the real possibility of a British exit from the European common market".

     
  15.  
    Rebecca Marston Business reporter, BBC News

    The monitor has been fitted and off we go. You can plug in to us bizlive@bbc.co.uk or @bbcbusiness. Here until 13:00.

     
  16.  
    06:00: Ian Pollock Business reporter, BBC News

    Good morning, the Business Live page will have its finger on the business pulse, just for you.

     

Features

From BBC Capital

Programmes

  • Going through ice across the Northwest PassageThe Travel Show Watch

    Navigating the treacherous Northwest Passage through ice and Arctic storms

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.