Access and Feeds

Security: Encryption is not without Pitfalls

By Dick Weisinger

$145 million of the cryptocurrencies managed by the exchange Quadriga were lost earlier this year on the death of Gerald Cotten. Cotten, who was the founder of Quadriga, was the only person with the crypto keys to gain access to the accounts where Bitcoin and other cryptocurrency were stored.

The story of Quadriga is example of the importance of managing encryption keys. The consequences of lost or compromised keys can be very costly. So, while there are many benefits to using encryption, there are also a number of potential pitfalls to be cautious of.

Richard Moulds, Principal Product Manager (Key Management) at AWS, said that “lot of organizations are new to encryption. Their only exposure to it has been with SSL, but that’s just a session. When you shift to data at rest and encrypt your laptop, if you lose the key you trash your data – it’s a self-inflicted denial-of-service attack. Organizations experienced with encryption are standing back and saying this is potentially a nightmare. It is potentially bringing your business to a grinding halt.”

A Ponemon study for A10 Networks also found that hackers can hide their threats by piggybacking on SSL encryption streams. Encryption conceals data, but it can also hide malware from security tools. Encrypted malware included in SSL web transactions and email might pass uninspected and make it into an organization.

The report found that 80 percent of businesses don’t inspect SSL encrypted contents. The reason why this is not often done is because it requires additional security tools and resources, and it also degrades overall performance.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

three × two =