From the Blogosphere
Is Free Encryption Worth It?
Is encryption worth the headache when using the public cloud?
By: Dirk Zwart
May. 22, 2013 11:20 AM
While in constant debate over data encryption and ease of access, I encountered a train of thought that made my jaw drop. A tradeshow attendee suggested encrypting everything, but just use a weak algorithm; so as not to make it impossible to decode if needed in the future.
Before smirking and quoting statistics as truth, I stopped to ponder: was there any merit to the statement, what was the sensitivity level of the data, where was it being stored, who had access to it, what was the definition of a weak algorithm, was this archival data or was it accessed and changed often?
Through conversation, the premise was potentially plausible (with some big question marks), but the logic was still thoroughly flawed. Yes, the data was constantly changing and only updated records were being sent to branch offices via a public cloud file sharing service, but the data did contain personally identifiable information. The last time I checked, people do not change their social security numbers very often and data captured by an intruder will stay in its captured state.
The attendee’s second concern was that using ciphers based on strong algorithms, would cause a load on older hardware. I wondered if a breach cost more than updating old hardware, apparently not. A weak algorithm using a public or private cipher, translates to cracked passwords or credentials. The Enigma code kept the Allies busy for a while, but it was cracked; just like WEP, MD5, and earlier versions of SSL today.
A company knowingly cannot use ciphers that can be compromised as their font-line (in this case only line) of defense. If this person was concerned about product and server upgrade costs; use one of the free encryption applications that use strong and proven algorithms. Many applications and operating systems have open source cousins and so do many widely used encryption algorithms. Many of them are easier to use than a licensed copy and they have a small footprint.
The latest completely free encryption application I found and have begun using exclusively is based on the PGP algorithm, provides numerous options for cipher strength, and is fast and nimble. Another great thing about GoAnywhere OpenPGP Studio is that it runs on Mac OS X, Windows, and Linux.
Final analysis - If your company has chosen to “standardize on the cloud,” be safe and make sure anything you put up there is still yours when you pull it back down.
Latest AJAXWorld RIA Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week