 |
Encryption is not always an effective countermeasure for mitigating attacks on customer data and valuable digital assets. |
With statistics showing that about half of all customer data breaches are due to people losing their notebook computer, it's pretty obvious that encrypting data on your mobile hard drive is an excellent idea. Like the man from American Express said - Don't leave home without it.
However, encrypting everything doesn't always improve security - I'll bring two examples to prove my point - hidden channels and secure email.
Hidden channels
You have a company Intranet that runs Webmail, group ware and knowledge sharing applications. The folks in IT want to require access to the Intranet with SSL/TLS. Is this a good idea? Probably not. Once you encrypt the communications, you lose all capability to monitor for violations of company AUP and extrusion of valuable digital assets like customer data. An authorized user can login to the portal - download proprietary information from the knowledge base (or incriminating data on product performance) and you'll never know. Essentially by encrypting, you've created a hidden channel and lost all ability to mitigate riskUsability in secure email communications
A few years ago, we did some work in identity-based cryptography that eliminated the need for a CA (certificate authority). My partner was hot on the idea of using the technology for a secure email application. I wasn't so sure.Non-repudiation is the idea that a signer cannot later deny that they sent the message. But - this is just an illusion - the subject can always claim that someone stole her private key and that the signature itself is a forgery.
Integrity - phishing is a commonplace thing and a daily threat to users. Digital signatures would seem to have utility in countering forged sender information. In practice, we see that a digital signature in an email note is almost useless. A well-crafted email address like customer-service@paypal.com can sucker users into clicking on a URL. In practice, there is so much phishing going on, it turns out that there is a far more effective countermeasure for the integrity threat - just automatically delete any mail with a sender address and/or a subject that is either not familiar or unexpected. If they want you - they can always call you.
Privacy - this is a big deal. Privileged attorney-client communications, chats with a mistress - you would think that by now everyone would be using PGP. There are three reasons why secure email never mainstreamed.
1) Ease of use - its a pain in the ass for the everyday user
2) Value of the asset - what can an eavesdropper learn from the average document sent by an attorney to her client? Not much - and if its really important - she can always encrypt the document using Win Zip AES strong cryptography
3) Probability of occurrence - having been in the telecom business for a long time, I can tell you that with the complexity of the systems and wiring, it's a miracle that the phones still work. The probability of a competitor discovering who your ISP is, bribing a customer service person at the ISP and then extracting some sensitive data is basically zero. Put it differently - its always a question of value of asset versus the cost of the attack - for a $100M digital asset (the masters for the Beatles White Album?) - it's worth going to the trouble and spending the money.
