2014: The year of encryption

Padlock in the middle of digital circuit board Companies are under pressure in the current environment to make sure their encryption is up to scratch

"The solution to government surveillance is to encrypt everything."

So said Eric Schmidt, Google's chairman, in response to revelations about the activities of the US National Security Agency (NSA) made by whistle-blower Edward Snowden.

 Technology of Business

Schmidt's advice appears to have been heeded by companies that provide internet-based services.

Microsoft, for instance, says it will have "best-in-class industry cryptography" in place for services including Outlook.com, Office 365 and SkyDrive by the end of the year, while Yahoo has announced plans to encrypt all of its customers' data, including emails, by the end of the first quarter of 2014.

For many smaller businesses too, 2014 is likely to be the year of encryption. That's certainly the view of Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company.

But he believes the driving force for this will be different: not government surveillance programmes, but the threat of attacks from hackers.

Diamonds and paperclips

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure "hardened" computers.

Dave Frymier Dave Frymier from Unisys says the threat posed by hackers will drive firms to invest in encryption

"When you look at the increasing sophistication of malware, it becomes apparent that you need to establish highly protected enclaves of data. The only way to achieve that is through modern encryption, properly implemented," says Mr Frymier.

"You can split your data into diamonds and paperclips, and the important thing is to encrypt the diamonds, and not to sweat the paperclips."

Prakash Panjwani, a general manager at Maryland-based data protection company Safenet, also believes that the large number of high-profile data breaches in 2013 - including hacker attacks on US retailer Target, software maker Adobe, and photo messaging service Snapchat - means that 2014 will inevitably be a bumper one for encryption vendors.

"Snowden has focused attention on surveillance issues, but the real threat is organised crime and the number of data breaches that are occurring," he says.

"Companies are going to come under extreme pressure from boards, customers and regulators in 2014 to take action so that if there is a data breach they can say, 'We didn't lose any data because it was encrypted.'"

Keeping the regulator happy

A large number of companies already use encryption to protect the data they store on their own systems "at rest", as well as data "in flight" as it is sent over networks to customers, other data centres, or for processing or storage in the cloud.

Hacking for password Using a longer encryption key will make it harder for hackers to access your data

But Ramon Krikken, an analyst at Gartner, believes that the way encryption is used by many of these companies is likely to change in 2014.

"Companies are certainly going to have to take encryption more seriously thanks to the Snowden revelations," he says.

"At the moment many companies are using encryption for compliance reasons, not for security. They are not using it to protect their data, but because it is the easiest way to comply with regulations: encryption is the auditor's and the regulator's favourite check box item."

'Back doors'

Start Quote

You have to decide who you trust, and find out where the vendor gets all the parts of its product from”

End Quote Ramon Krikken Gartner analyst

One question that companies will need to consider is which encryption algorithm or cipher to use to best encrypt their data. It's an important question as some older ciphers can now be "cracked" relatively quickly using the computing power in a standard desktop PC.

And there is a question mark over whether the NSA may have deliberately used its influence to weaken some encryption systems - or even to introduce "back doors" that provide easy access to encrypted data to anyone who knows of their existence.

"The problem is that even if you can inspect the source code, it is certainly not a given that you would be able to spot a back door," Mr Krikken says.

Edward Snowden US whistle-blower Edward Snowden's revelations have made companies take encryption more seriously

He believes it is more important to establish where all the parts of an encryption solution come from.

Start Quote

No-one ever got fired for having encryption that was too strong”

End Quote Robert Former Neohapsis

"If you procure software or hardware from overseas, from a country with a government which does not have your best interests at heart, you need to remember that it may not be as secure as you think," Mr Krikken says.

"So you have to decide who you trust, and find out where the vendor gets all the parts of its product from."

Don't be cheap

Another thing companies need to consider when they implement encryption is how strong the encryption should be. Using a longer encryption key makes it harder for hackers or governments to crack the encryption, but it also requires more computing power.

But Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says many companies are overestimating the computational complexity of encryption.

"If you have an Apple Mac, your processor spends far more time making OS X looks pretty than it does doing crypto work."

He therefore recommends using encryption keys that are two or even four times longer than the ones many companies are currently using.

"I say use the strongest cryptography that your hardware and software can support. I guarantee you that the cost of using your available processing power is less than the cost of losing your data because you were too cheap to make the crypto strong enough," he says.

"No-one ever got fired for having encryption that was too strong."

More on This Story

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

BBC Business Live

  1.  
    MARKET UPDATE 08:24:

    After two days of strong gains, the main European stock markets have inched lower in early trade.

    • The FTSE 100 is down 11.11 points at 6,768.20
    • Germany's Dax index is 14.86 points lower at 9,319.42
    • In France, the Cac 40 is down 9.57 points at 4,244.88
     
  2.  
    ARGENTINA DEBT 08:20:
    Cristina Fernandez

    President Cristina Fernandez has proposed laws that will push bondholders to swap defaulted debt for new bonds governed by Argentine law, to try to avoid a US ruling that prevented her government from paying some creditors. Argentina entered default last month after a New York court blocked an interest payment of $539m owed to holders of bonds issued under US laws that was restructured after the country's record 2002 default.

     
  3.  
    INTEREST RATES 08:02: BBC Radio 4

    The Bank of England's Monetary Policy Committee (MPC) has voted unanimously to hold rates at 0.5% for the past three years. Peter Warburton, who sits on a 'shadow' MPC, organised by the Institute for Economic Affairs, tells the Today programme that it looks like the consensus is beginning to crumble, although the latest MPC minutes could still show a 9-0 vote in August.

     
  4.  
    Via Twitter Adam Parsons Business Correspondent

    tweets: "Diego Hernández to become Chief Executive Officer of FTSE100 miner Antofagasta"

     
  5.  
    HEINEKEN RESULTS 07:35:
    beer

    Heineken beat analysts' forecasts for its first-half results, although along with Carlsberg it said it sold less in Russia. The Central and Eastern Europe business was hit by bad weather and floods. Operating profit before one-off items rose 9.6% in the first six months of the year to 1.45bn euros ($1.93bn; £1.16bn),

     
  6.  
    CARLSBERG RESULTS 07:23:
    beer

    Danish brewer Carlsberg has said annual profits will drop because of western relations with Russia. The country generates 35% of operating profit but Russia could enter recession this year. "The overall performance in the second quarter looks fine, but they are downgrading their guidance due to the macroeconomic uncertainty in the Eastern European region. So it is a mixed bag," analyst Morten Imsgard from Sydbank said.

     
  7.  
    BALFOUR BEATTY 07:18:

    Balfour Balfour said it rejected Carillion's latest offer because it failed to address "two key concerns". It said there were "considerable risks" associated with the proposed business plan. It also objected to Carillion's intention to halt the planned sale of Balfour's Parsons Brinckerhoff business in the US, "at a point when it is reaching a successful conclusion".

     
  8.  
    BALFOUR BEATTY 07:08:
    Balfour Beatty worker

    Balfour Beatty has rejected the latest takeover bid from rival Carillion. The offer was sweetened on Tuesday for the third time, valuing Balfour at more than £2bn. But Balfour said the proposal was "not in the best interests" of its shareholders.

     
  9.  
    BHP BILLITON 06:57: BBC Radio 4
    BHP Billiton logo

    On Tuesday, mining giant BHP Billiton announced plans to spin-off billions of dollars worth of assets into a new company. Elaine Coverley, head of equity research at Brewin Dolphin, told the Today programme that it's a sign that shareholders in the sector are demanding more discipline from management and seeking better dividends.

     
  10.  
    STANDARD CHARTERED 06:44: Radio 5 live
    Standard Chartered

    Elaine Coverley, head of equity research at Brewin Dolphin is on Wake Up to Money, this time talking about Standard Chartered. Standard Chartered has agreed to pay $300m (£180m) to New York's top banking regulator for failing to improve its money laundering controls. "It's a blow," she says. "In the past the management were very well respected."

     
  11.  
    JAPAN EXPORTS 06:31:
    Tokyo port

    Japan's exports grew in July for the first time in three months, figures have shown. Exports were up 3.9% from a year ago thanks to higher shipments of cars and electric machinery. However, imports rose by 2.3%, largely due to purchases of oil and gas. This meant the trade deficit came in at a larger-than-expected 964.0bn yen ($9.4bn; £5.6bn) for the month.

     
  12.  
    BALFOUR MERGER 06:16: Radio 5 live

    Elaine Coverley, head of equity research at Brewin Dolphin is on Wake Up to Money. Carillion is back with improved terms to buy Balfour Beatty. "It is getting more hostile," she says. Balfour Beatty shareholders "need to petition the board to look at this offer much more closely", she says.

     
  13.  
    INTEREST RATES 06:10: Radio 5 live
    Bank of England

    A rise in interest rates is "long overdue", economist Peter Warburton tells Wake Up to Money. The minutes from August's meeting of the Bank of England's Monetary Policy Committee are out later and could show some members favoured a rate rise. Mr Warburton thinks several economic indicators suggest rates should already have gone up.

     
  14.  
    PALLADIUM PRICES 06:02: Radio 5 live

    Jim Slade, a director of European Exhaust & Catalyst, is on Wake Up to Money talking about palladium, which is used in catalytic converters. The price of palladium has risen by 25% this year. "There's a lot of debate about Russia and whether they have a huge stockpile or whether it's depleted," he says.

     
  15.  
    06:00: Nick Edser, Business reporter

    Good morning. You can email us at bizlivepage@bbc.co.uk and tweet us at @bbcbusiness.

     
  16.  
    06:00: Howard Mustoe Business reporter

    Hello. Today we can look forward to minutes from the Bank of England's Monetary Policy Committee, plus company results and analysis. Stay tuned.

     

Features

  • OrangemanPunctured pride?

    How would N Ireland's Orangemen feel if Scotland left the union?


  • MarchionessThames tragedy

    Survivors and victims' families remember Marchioness disaster


  • Sheep on Achill IslandMass exodus

    Why hundreds of thousands of people have left Ireland


  • A teenaged mother in the Zaatari campUntold misery

    The plight of Syria's refugee child brides


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.