Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 1 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The modern drivers in encryption

by The Gurus
January 19, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

The use of encryption has not really gone away. Headlines from the past seven days and the resulting hysteria have proved just how important the security of communications really is.
 
So are there drivers to use encryption, or even better forms of it? I recently met with Terence Spies, CTO of encryption provider Voltage Security, whilst he was visiting London for a conference on advanced cryptography.
 
He claimed that within the industry, the way that people in the research space realise that there is a requirement to use it as a security technology. “This has really started travelling up the management chain, so we get customer requests to work on internal analysis systems, and proliferation of the cloud has really pushed encryption up even more than five years ago,” he said.
 
“I see industry going through an education process in that people are getting smarter about how to employ encryption and tokenization as a way to reduce risks in Big Data and cloud environments and you will see risk reduction and an acceptance as encryption as a more mainstream thing.”
 
He said that in the new year, in the instance of a new user, the first people he talks to are those doing encryption as a service, as they figure that having every application driver trying to do an encryption strategy of their own is a disaster.
 
“If you are an application administrator, you want to make it work and run as well as you can,” he said. “So we go into companies and say we can offer an encryption architecture that will propagate throughout the organisation. As it is format-preserving encryption, basically the application developers are not going to rebel!”
 
Voltage has set its stall out on format-preserving encryption, especially as data analytics and security clash. Spies said that it is not unusual to go into a retailer and see banks of applications using data. The idea with format-preserving encryption is to keep it secure but accessible – encrypt it in such a way that it still looks like credit card data, so it turns a 16 digit number into a random 16 digit number.
 
Spies had previously said that format-preserving encryption was the first in a line of encryption technologies that allow you to perform computations on the data itself, but there are more things “in the lab” that are getting close too.
 
He said: “Think of a Hadoop cluster with a 1,000 machines, that is an awfully big security problem to manage and people want to use Hadoop to put data in a machine and do analytics on it, and data level encryption is one way to reduce the risk in the environment by de-fanging data.
 
“There is more of a demand for more secure environments where there are hugely distributed systems where you cannot lock down a 1,000 machines, as you have a wide variety of data and you need to assume it will leak in some shape or form.
 
“People are almost breaching their own data as cloud has become the default way that people think about computation at this point, as cloud involves taking a bunch of data and uploading it to a machine that you do not completely control and you need a model that enables you to secure that kind of thing as cloud is not going away, it is getting to the point where managing your own machines is a bit atypical and that trend will continue. For some data we are dealing with – payment data, or personally identifiable data, you need some sort of leash or some encryption mechanism so a breach doesn’t get you in hot water.”
n 
So that is the current offering, and along with web browser security being given the push by various ends of the security industry, including Google and the EFF, what causes people to take a continued look at encryption? Spies said that for people to spend money on encryption, there has to be some sort of regulatory driver, as only those companies who are forward-looking enough to know that breaches will get worse will deploy encryption as a core strategy as sort of a protective measure.
 
“The majority of people have a list of priorities and requirements and industry standards apply here, as if you accept credit cards you have to comply,” he said.
 
“Another driver is the likes of Google want encryption everywhere as a strategy for Government attacks and mass surveillance. There are all kinds of reasons for it, as it is driven by standards and compliance and a few people willing to be proactive and say I will do more than my auditors require.”
 
In the future, Spies identified the “holy grail of homomorphic encryption” as remaining an edge case until more research is done, while he predicted that we will see order-preserving in systems in the next 3-5 years.
 
He said: “Homomorphic allows you to run arbitary programs over it, as homomorphic is meant to be about running a program over the data. Homomorphic says encrypt the data and it gives you a program to output an average and encrypts that, and then a key to decrypt that. So it is working in a completely opaque way.
 
“Think of format-preserving encryption as the first level, as you encrypt it but leave enough clear to deal with it, and more people think about moving up the ladder so more operations can be done.
 
“So at the next level you will see more people talking about order-preserving encryption, which is dealing with a database and sort the values so they come out in the right order, but in an unreadable format.”
 
It is a classic form of disguise, and it is good to see it moving on at such a rapid rate. Let’s just hope it works and remains untapped by those who want to listen.
 
 
Terence Spies, CTO of Voltage Security, was talking to Dan Raywood

FacebookTweetLinkedIn
ShareTweet
Previous Post

Mortgage lenders provide "train wreck of an opportunity" for identity theft

Next Post

12 UK security firms accompany Cameron to Obama summit

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information