2014: The year of encryption

Padlock in the middle of digital circuit board Companies are under pressure in the current environment to make sure their encryption is up to scratch

"The solution to government surveillance is to encrypt everything."

So said Eric Schmidt, Google's chairman, in response to revelations about the activities of the US National Security Agency (NSA) made by whistle-blower Edward Snowden.

 Technology of Business

Schmidt's advice appears to have been heeded by companies that provide internet-based services.

Microsoft, for instance, says it will have "best-in-class industry cryptography" in place for services including Outlook.com, Office 365 and SkyDrive by the end of the year, while Yahoo has announced plans to encrypt all of its customers' data, including emails, by the end of the first quarter of 2014.

For many smaller businesses too, 2014 is likely to be the year of encryption. That's certainly the view of Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company.

But he believes the driving force for this will be different: not government surveillance programmes, but the threat of attacks from hackers.

Diamonds and paperclips

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure "hardened" computers.

Dave Frymier Dave Frymier from Unisys says the threat posed by hackers will drive firms to invest in encryption

"When you look at the increasing sophistication of malware, it becomes apparent that you need to establish highly protected enclaves of data. The only way to achieve that is through modern encryption, properly implemented," says Mr Frymier.

"You can split your data into diamonds and paperclips, and the important thing is to encrypt the diamonds, and not to sweat the paperclips."

Prakash Panjwani, a general manager at Maryland-based data protection company Safenet, also believes that the large number of high-profile data breaches in 2013 - including hacker attacks on US retailer Target, software maker Adobe, and photo messaging service Snapchat - means that 2014 will inevitably be a bumper one for encryption vendors.

"Snowden has focused attention on surveillance issues, but the real threat is organised crime and the number of data breaches that are occurring," he says.

"Companies are going to come under extreme pressure from boards, customers and regulators in 2014 to take action so that if there is a data breach they can say, 'We didn't lose any data because it was encrypted.'"

Keeping the regulator happy

A large number of companies already use encryption to protect the data they store on their own systems "at rest", as well as data "in flight" as it is sent over networks to customers, other data centres, or for processing or storage in the cloud.

Hacking for password Using a longer encryption key will make it harder for hackers to access your data

But Ramon Krikken, an analyst at Gartner, believes that the way encryption is used by many of these companies is likely to change in 2014.

"Companies are certainly going to have to take encryption more seriously thanks to the Snowden revelations," he says.

"At the moment many companies are using encryption for compliance reasons, not for security. They are not using it to protect their data, but because it is the easiest way to comply with regulations: encryption is the auditor's and the regulator's favourite check box item."

'Back doors'

Start Quote

You have to decide who you trust, and find out where the vendor gets all the parts of its product from”

End Quote Ramon Krikken Gartner analyst

One question that companies will need to consider is which encryption algorithm or cipher to use to best encrypt their data. It's an important question as some older ciphers can now be "cracked" relatively quickly using the computing power in a standard desktop PC.

And there is a question mark over whether the NSA may have deliberately used its influence to weaken some encryption systems - or even to introduce "back doors" that provide easy access to encrypted data to anyone who knows of their existence.

"The problem is that even if you can inspect the source code, it is certainly not a given that you would be able to spot a back door," Mr Krikken says.

Edward Snowden US whistle-blower Edward Snowden's revelations have made companies take encryption more seriously

He believes it is more important to establish where all the parts of an encryption solution come from.

Start Quote

No-one ever got fired for having encryption that was too strong”

End Quote Robert Former Neohapsis

"If you procure software or hardware from overseas, from a country with a government which does not have your best interests at heart, you need to remember that it may not be as secure as you think," Mr Krikken says.

"So you have to decide who you trust, and find out where the vendor gets all the parts of its product from."

Don't be cheap

Another thing companies need to consider when they implement encryption is how strong the encryption should be. Using a longer encryption key makes it harder for hackers or governments to crack the encryption, but it also requires more computing power.

But Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says many companies are overestimating the computational complexity of encryption.

"If you have an Apple Mac, your processor spends far more time making OS X looks pretty than it does doing crypto work."

He therefore recommends using encryption keys that are two or even four times longer than the ones many companies are currently using.

"I say use the strongest cryptography that your hardware and software can support. I guarantee you that the cost of using your available processing power is less than the cost of losing your data because you were too cheap to make the crypto strong enough," he says.

"No-one ever got fired for having encryption that was too strong."

More on This Story

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

BBC Business Live

  1.  
    MOD CONTRACT 08:28:
    HMS Daring

    It's the second biggest defence contract placed by the government. The MoD has awarded £3.2bn of contracts to run naval bases and maintain warships and submarines. Babcock wins £2.6bn to run Devonport and Clyde, BAE Systems gets £600m to manage Portsmouth Naval Base. Around 7,500 are employed to support 56 warships.

     
  2.  
    FRANCE BUDGET 08:15:
    Michel Sapin

    France's finance minister, Michel Sapin, has been presenting the nation's 2015 budget. He says the budget deficit will meet the European Union's target by 2017. France has made such promises before and then been forced to backtrack. Mr Sapin forecast a gradual economic recovery, with growth on 1.0% next year. Mr Sapin.

     
  3.  
    MARKET UPDATE 08:02:

    After early gains, in Tokyo the Nikkei 225 index closed 0.6% lower at 16,082. Markets in China and Hong Kong are closed for a holiday. A report indicated modest expansion for China's manufacturing sector. The official purchasing managers' index for September came in at 51.1. Numbers above 50 suggest expansion.

     
  4.  
    SAINSBURY'S BOSS 07:52: Radio 5 live

    Tesco is in trouble over mis-stating its profits, how about Sainsbury's? Well Mike Coupe, Sainsbury's chief executive is "100% confident about the integrity of the accounts". He should know - he was finance director before becoming the boss.

     
  5.  
    SAINSBURY'S BOSS 07:46: Radio 5 live

    It is the most challenging environment in the supermarket industry for 30 years says Mike Coupe, Sainsbury's chief executive on Radio 5 live. There is food price deflation for the first time in a generation. Potatoes and milk are 20% cheaper from a year ago. That means customers on average are £5 a week better off he says.

     
  6.  
    CO-OP BANK ETHICS 07:34: BBC Radio 4

    Laura Carstensen, chair of Co-op Bank's Values and Ethics Committee is talking about the lender's new advertisement campaign. A man gets a tattoo about his commitment to Co-op's ethics. What does a fake tattoo say about the company's commitment to ethics, asks presenter Justin Rowlatt? Customers are savvy enough to understand the message, she says.

     
  7.  
    MINIMUM WAGE 07:26: BBC Breakfast
    BBC

    The minimum wage is most commonly paid in the hospitality, retail and care industries says Charlotte O'Brien a lawyer from York Law School on Breakfast. Many workers who think they are being paid less than minimum wage cannot afford to take their employer to an employment tribunal, she says. That's because they now have to pay £390 for a tribunal - or 60 hours work at £6.50 an hour.

     
  8.  
    SAINSBURY'S BOSS 07:21: BBC Radio 4
    CEO

    "It wouldn't be surprising in any business for us to try to sell more," says Sainsbury's chief Mike Coupe. He's talking about that gaffe earlier in the week, where a Sainsbury's store placed a motivational poster encouraging staff to get customers to spend an extra 50p in store, in the shop window. It was a simple mistake, he says.

     
  9.  
    HEADLINES
    • Tesco to be investigated by FCA over profit warning
    • Sainsbury's reports third quarter of falling sales
    • MOD awards £3.2bn naval base contracts
     
  10.  
    SAINSBURY'S BOSS 07:18: BBC Radio 4

    Mike Coupe is doing his first broadcast interview of the day on Today. In the last few months things have changed in the industry, he says. Customers are changing how they shop, he says. Is he worried about the fact Sainsbury's is the most short-sold (bet-against) stock on the FTSE 100, asks presenter Justin Rowlatt? "I'm a very calm individual," he says.

     
  11.  
    SAINSBURY'S RESULTS 07:11:

    Sainsbury's is not expecting sales to pick up in the rest of the financial year. Chief executive Mike Coupe says "we now expect our like-for-like sales in the second half of they year to be similar to the first half".

     
  12.  
    TESCO PROBE 07:05: Breaking News

    The Financial Conduct Authority will conduct a "full investigation" into Tesco's £250m overstatement of profits, the supermarket said.

     
  13.  
    SAINSBURY'S RESULTS 07:00: Breaking News

    Sainsbury's has reported a 2.8% decline in like-for-like sales in the second quarter, excluding fuel. That's the third consecutive quarter of falling sales.

     
  14.  
    CO-OP BANK ETHICS 06:45: Radio 5 live

    Oh dear. The chair of Co-operative Bank's ethical board, Laura Carstensen appears on Wake Up to Money. She can't name a single country with an oppressive regime that the bank has declined to do business with. She also does not want to talk about the bank's private equity owners, but says all investors realise that the bank's ethical values are what makes it different. Co-op bank launches an advertising campaign today to publicise its ethics.

     
  15.  
    SAINSBURY'S RESULTS 06:34: BBC Radio 4
    Sainsbury's store

    Sainsbury's releases results at 07:00. Sales are expected to be down 4%, says Bryan Roberts, from Kantar Retail on the Today programme. "What it reflects is we are in a zero-growth market. The pie isn't getting any bigger. Aldi and Lidl aggressively expanded in the South East and London," he says.

     
  16.  
    PENSIONS 06:28: Radio 5 live

    "People are getting it," says Tim Jones the chief executive of National Employment Savings Trust (NEST) on Wake Up to Money. It's been two years since the government launched automatic enrolment for workplace pension schemes. Only 8% of people are opting out, but a quarter of those aged between 60 and 65 are not taking up the offer. "Older folks are thinking it's too late," says Mr Jones.

     
  17.  
    DOLLAR YEN 06:19: Radio 5 live
    yen

    The dollar has hit a six-year high against the yen, trading above 110 yen. On Wake Up to Money the BBC's Rico Hizon says that there are expectations that the Bank of Japan will further ease monetary policy. Currency traders are also looking ahead to Friday's US employment report, which should give an indication of the strength of the US economy.

     
  18.  
    MINIMUM WAGE 06:11: Radio 5 live

    Mike Cherry, National Policy Chairman for the Federation of Small Businesses says the raise in the minimum wage is still "realistic". But he wants a longer-term view of the wage. On Wake Up to Money he complains that business only gets six months notice of changes. He would like to the level to be set for a whole parliament.

     
  19.  
    MINIMUM WAGE 06:03: Radio 5 live
    Hand pennies

    From today the minimum wage rises 3% to £6.50. Conor D'Arcy, Policy Analyst at Resolution Foundation welcomes the move, until this raise the minimum wage was worth the same as it was in 2005, he says on Wake Up to Money.

     
  20.  
    06:01: Ben Morris Business Reporter

    Good morning. You can email us at bizlive@bbc.co.uk or tweet @bbcbusiness.

     
  21.  
    06:00: Howard Mustoe Business reporter

    Good morning everyone. This morning we are expecting an update from Sainsbury's on how trading has gone for them. The National Minimum Wage annual increase also takes effect, rising by 19p an hour to £6.50. Stay with us for more breaking news and analysis.

     

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.