2014: The year of encryption

Padlock in the middle of digital circuit board Companies are under pressure in the current environment to make sure their encryption is up to scratch

"The solution to government surveillance is to encrypt everything."

So said Eric Schmidt, Google's chairman, in response to revelations about the activities of the US National Security Agency (NSA) made by whistle-blower Edward Snowden.

 Technology of Business

Schmidt's advice appears to have been heeded by companies that provide internet-based services.

Microsoft, for instance, says it will have "best-in-class industry cryptography" in place for services including Outlook.com, Office 365 and SkyDrive by the end of the year, while Yahoo has announced plans to encrypt all of its customers' data, including emails, by the end of the first quarter of 2014.

For many smaller businesses too, 2014 is likely to be the year of encryption. That's certainly the view of Dave Frymier, chief information security officer at Unisys, a Pennsylvania-based IT company.

But he believes the driving force for this will be different: not government surveillance programmes, but the threat of attacks from hackers.

Diamonds and paperclips

Rather than encrypting everything, Mr Frymier advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that.

He says employees should then be barred from accessing this data using standard desktop and laptop machines or their own smartphones or tablets, which can easily be infected with malware. Access would be restricted to employees using secure "hardened" computers.

Dave Frymier Dave Frymier from Unisys says the threat posed by hackers will drive firms to invest in encryption

"When you look at the increasing sophistication of malware, it becomes apparent that you need to establish highly protected enclaves of data. The only way to achieve that is through modern encryption, properly implemented," says Mr Frymier.

"You can split your data into diamonds and paperclips, and the important thing is to encrypt the diamonds, and not to sweat the paperclips."

Prakash Panjwani, a general manager at Maryland-based data protection company Safenet, also believes that the large number of high-profile data breaches in 2013 - including hacker attacks on US retailer Target, software maker Adobe, and photo messaging service Snapchat - means that 2014 will inevitably be a bumper one for encryption vendors.

"Snowden has focused attention on surveillance issues, but the real threat is organised crime and the number of data breaches that are occurring," he says.

"Companies are going to come under extreme pressure from boards, customers and regulators in 2014 to take action so that if there is a data breach they can say, 'We didn't lose any data because it was encrypted.'"

Keeping the regulator happy

A large number of companies already use encryption to protect the data they store on their own systems "at rest", as well as data "in flight" as it is sent over networks to customers, other data centres, or for processing or storage in the cloud.

Hacking for password Using a longer encryption key will make it harder for hackers to access your data

But Ramon Krikken, an analyst at Gartner, believes that the way encryption is used by many of these companies is likely to change in 2014.

"Companies are certainly going to have to take encryption more seriously thanks to the Snowden revelations," he says.

"At the moment many companies are using encryption for compliance reasons, not for security. They are not using it to protect their data, but because it is the easiest way to comply with regulations: encryption is the auditor's and the regulator's favourite check box item."

'Back doors'

Start Quote

You have to decide who you trust, and find out where the vendor gets all the parts of its product from”

End Quote Ramon Krikken Gartner analyst

One question that companies will need to consider is which encryption algorithm or cipher to use to best encrypt their data. It's an important question as some older ciphers can now be "cracked" relatively quickly using the computing power in a standard desktop PC.

And there is a question mark over whether the NSA may have deliberately used its influence to weaken some encryption systems - or even to introduce "back doors" that provide easy access to encrypted data to anyone who knows of their existence.

"The problem is that even if you can inspect the source code, it is certainly not a given that you would be able to spot a back door," Mr Krikken says.

Edward Snowden US whistle-blower Edward Snowden's revelations have made companies take encryption more seriously

He believes it is more important to establish where all the parts of an encryption solution come from.

Start Quote

No-one ever got fired for having encryption that was too strong”

End Quote Robert Former Neohapsis

"If you procure software or hardware from overseas, from a country with a government which does not have your best interests at heart, you need to remember that it may not be as secure as you think," Mr Krikken says.

"So you have to decide who you trust, and find out where the vendor gets all the parts of its product from."

Don't be cheap

Another thing companies need to consider when they implement encryption is how strong the encryption should be. Using a longer encryption key makes it harder for hackers or governments to crack the encryption, but it also requires more computing power.

But Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says many companies are overestimating the computational complexity of encryption.

"If you have an Apple Mac, your processor spends far more time making OS X looks pretty than it does doing crypto work."

He therefore recommends using encryption keys that are two or even four times longer than the ones many companies are currently using.

"I say use the strongest cryptography that your hardware and software can support. I guarantee you that the cost of using your available processing power is less than the cost of losing your data because you were too cheap to make the crypto strong enough," he says.

"No-one ever got fired for having encryption that was too strong."

More on This Story

The BBC is not responsible for the content of external Internet sites

More Business stories

RSS

Business Live

  1.  
    07:10: Samsung shareholder payout

    Samsung Electronics is considering increasing its dividend payout this year by between 30% and 50% compared to 2013.

     
  2.  
    06:56: Nigerian currency crisis BBC Radio 4

    Phillip Walker of the Economist Intelligence Unit, tells Today the crisis facing Nigeria is far bigger than the one facing Russia. Nigeria's currency the naira has fallen 15% against the US dollar this year forcing the country's central bank to impose foreign currency trading controls. "Nigeria has a bigger population than Russia, its economy relies on oil exports more than Russia, so it's a big problem," Mr Walker says.

     
  3.  
    06:48: Gas prices BBC Radio 4

    Professor Green says energy suppliers have an eye on politics at the moment. He says Labour leader Ed Miliband's promise to freeze energy prices for 20 months if his party wins next year's election may mean suppliers will keep prices artificially high despite currently benefitting from lower gas costs.

     
  4.  
    06:34: Gas prices BBC Radio 4

    While falling oil prices have recently caught the attention of many, the cost of gas has also been coming down. That's because demand in Europe has been falling due to a relatively warm winter so far. Richard Green professor of sustainable energy business at Imperial College London tells Today we shouldn't expect lower energy bills are a result. That's because energy suppliers are selling us gas they bought at last year's prices.

     
  5.  
    06:32: Asian markets

    Asian stock markets have had a mixed session. They Nikkei 225 is up more than 2%. Hong Kong's Hang Seng is up 1.4%. Shares in Shanghai have fallen back after hitting a four-year high in early trading. The Shanghai composite is down 0.1%.

     
  6.  
    06:21: China recalculates growth
    Chinese flag

    China's economy is bigger than originally thought. The government has revised up the size of the economy in 2013 by 3.4% to 58.8 trillion yuan ($9.5 trillion). The increase was mainly accounted for by a greater contribution from the services sector. In comparison, the US economy was worth almost $17 trillion in 2013.

     
  7.  
    06:14: IAG bid for Aer Lingus Radio 5 live
    Dublin Airport

    British Airways owner, IAG is "good at integrating new airlines" says Richard Hunter, head of equities at Hargreaves Lansdown. He is explaining why IAG made a bid for Aer Lingus. The Irish airline is attractive because it has lots of landing slots at Heathrow, says Mr Hunter. IAG may also have a bit more spending power because of the lower oil price, he adds.

     
  8.  
    06:06: North Sea oil jobs Radio 5 live
    Oil worker

    North Sea oil companies are cutting wages, rather than jobs at the moment, says Alan Savage chairman of recruitment company Orion Group on Radio 5 live. For agency workers wages have already been cut by up to 20%. He says that the British oil industry is highly taxed and the "government has a lot to answer for".

     
  9.  
    06:02: Russian crisis Radio 5 live
    Russian President, Vladimir Putin

    Next year is going to be grim for the Russian economy, says Craig Botham, emerging markets economist at Schroders on Radio 5 live. The economy is likely to contract 4.5%, inflation is forecast to be betweem 11% and 12%. The rouble could keep on weakening, "it's hard to see a particular floor for the currency" Mr Botham says.

     
  10.  
    05:59: Ben Morris Business Reporter

    Do get in touch. Email bizlivepage@bbc.co.uk or tweet @bbcbusiness.

     
  11.  
    05:59: Matthew West Business Reporter

    Morning folks. The news the US Federal Reserve is in no hurry to raise interest rates boosted shares on Wall Street and in Asia to new highs. Meanwhile the Bank of Japan maintained its commitment to government bond buying at its last meeting of the year. And we'll be keeping an eye on the Russia rouble and oil price again today and there may be more on IAG's bid for Aer Lingus. Stay with us.

     

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.