The most popular and comprehensive Open Source ECM platform
Let us know more
Security: Encryption is not without Pitfalls
$145 million of the cryptocurrencies managed by the exchange Quadriga were lost earlier this year on the death of Gerald Cotten. Cotten, who was the founder of Quadriga, was the only person with the crypto keys to gain access to the accounts where Bitcoin and other cryptocurrency were stored.
The story of Quadriga is example of the importance of managing encryption keys. The consequences of lost or compromised keys can be very costly. So, while there are many benefits to using encryption, there are also a number of potential pitfalls to be cautious of.
Richard Moulds, Principal Product Manager (Key Management) at AWS, said that “lot of organizations are new to encryption. Their only exposure to it has been with SSL, but that’s just a session. When you shift to data at rest and encrypt your laptop, if you lose the key you trash your data – it’s a self-inflicted denial-of-service attack. Organizations experienced with encryption are standing back and saying this is potentially a nightmare. It is potentially bringing your business to a grinding halt.”
A Ponemon study for A10 Networks also found that hackers can hide their threats by piggybacking on SSL encryption streams. Encryption conceals data, but it can also hide malware from security tools. Encrypted malware included in SSL web transactions and email might pass uninspected and make it into an organization.
The report found that 80 percent of businesses don’t inspect SSL encrypted contents. The reason why this is not often done is because it requires additional security tools and resources, and it also degrades overall performance.
