IT Pros Fear Encryption Backdoors

...

Organizations require new ways to "weaponize" the threat intelligence they have to prevent attacks

A survey of IT professionals by network services company Spiceworks finds concern about the risk of backdoors that bypass encryption.

Amid federal and state bills written to weaken computer security by mandating backdoors that bypass encryption, IT pros are alarmed at the prospect of security made insecure, according to a report released Tuesday by IT services firm Spiceworks.

In a survey of 600 IT professionals from North America, Europe, the Middle East, and Africa, Spiceworks found that 87% said they believe backdoors increase the risk of a data breach.

As an individual identifying himself as Dave Ohlendorf explained in the Spiceworks forum, "ANY backdoor -- no matter who knows about it, can and likely will be reverse engineered and end up in the wild where it will get into the hands of 'very bad people.'"

This view has been echoed by cryptography experts such as Matthew Green, assistant professor in the department of computer science at Johns Hopkins University. As Green put it in a tweet earlier this year, "The problems with encryption backdoors come up when you try to scale them from an idea to something that affects millions of people."

The Athens affair, in which the Vodaphone phone network in Greece was compromised over a decade ago, is often cited as an example of the problem with backdoors.

Backdoors in encrypted systems can make life easier for law enforcement agencies, but they impose a potential cost on businesses. Simply put, compromised security has become a tough sell. Some backdoors are put in place deliberately, as a matter of administrative convenience. Others, like the backdoor in Juniper's NetScreen firewalls, are supposedly unauthorized. Either way, they're generally not welcome.

Spiceworks separately surveyed 220 IT pros about how awareness of a backdoor in a company's products might affect that company's sales prospects. The firm found that 65% of IT pros would be less likely to buy from a company known to install backdoors in its products. Only 20% said a history of backdoors would have no impact when considering a purchase.

Given reports about the NSA's ability to access networking equipment from Cisco, Dell, Huawei, and Juniper, not to mention a supposedly inadvertent backdoor in a MediaTek phone chip used for some Android phones, it may be difficult to avoid products with backdoors or vulnerabilities that could become backdoors.

Nevertheless, some businesses see value in declaring their commitment to encryption, even if their execution remains imperfect. Apple, for example, has taken a public stand against the US government's attempt to force it to undo its encryption for the convenience of investigators. And more recently, consumer messaging providers like WhatsApp and Viber have committed to end-to-end encryption.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

According to a separate Spiceworks security report released in December 2015, more than 80% of businesses experienced some form of security incident last year and 27% of the 200 IT pros surveyed planned to increase spending on encryption in 2016.

In the report that was released Tuesday, more than half of those surveyed (57%) said they believe that network or device encryption had helped their organization avoid a data breach.

Encryption has become common on networks. Some 47% of Spiceworks respondents said they encrypted data in transit to laptop and desktop computers. But encryption is less common on mobile devices like tablets (35%) and smartphones (40%). It's also less common for data at rest: laptops/desktops (36%), tablets (25%), and smartphones (28%).

Still, some organizations don't see the value of encryption. According to the IT pros surveyed, 16% of organizations don't enforce encryption across any devices or services.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Rumor: iPhone 8 to Feature Laser-Powered Facial Recognition

    Analysts from Cowen and Company on Tuesday issued a research note indicating that Apple's next flagship may "include some form of facial/gesture recognition supported by a new laser sensor and an infrared sensor mounted near the front-facing camera.7 inches, and 5.
  • 5300c769af79e

    10 Google Maps tips and tricks to get you from point A to B, or even add a C

    Are you using all that Google Maps has to offer?Below are 10 tips for getting most out of the maps app you already know and love.
  • 5300c769af79e

    Pinnacle Studio 19.5 Ultimate

    This latest version of Pinnacle Studio gets some capabilties that VideoStudio has had for a few years, including a stop-motion tool and multi-cam editing.Compare Similar ProductsCompare Sony Movie Studio Platinum 13 %displayPrice% CyberLink PowerDirector 11 %displayPrice% Adobe Premiere Elements 14 %displayPrice% Corel VideoStudio Ultimate X9 %displayPrice% Magix Movie Edit Pro 2016 Premium %displayPrice% Pricing and Starting UpLike most video editing software lines, Pinnacle Studio is available in good, better, and best levels, with the entry level Pinnacle Studio 19.
  • 5300c769af79e

    KnowRoaming Expands Unlimited Data to 80+ Countries

    That's where KnowRoaming's Global SIM stickers come in.We reviewed KnowRoaming's SIM Sticker about a year back and awarded it our Editors' Choice for its affordable international data rates and ease of use.