IT Pros Fear Encryption Backdoors

...

Organizations require new ways to "weaponize" the threat intelligence they have to prevent attacks

A survey of IT professionals by network services company Spiceworks finds concern about the risk of backdoors that bypass encryption.

Amid federal and state bills written to weaken computer security by mandating backdoors that bypass encryption, IT pros are alarmed at the prospect of security made insecure, according to a report released Tuesday by IT services firm Spiceworks.

In a survey of 600 IT professionals from North America, Europe, the Middle East, and Africa, Spiceworks found that 87% said they believe backdoors increase the risk of a data breach.

As an individual identifying himself as Dave Ohlendorf explained in the Spiceworks forum, "ANY backdoor -- no matter who knows about it, can and likely will be reverse engineered and end up in the wild where it will get into the hands of 'very bad people.'"

This view has been echoed by cryptography experts such as Matthew Green, assistant professor in the department of computer science at Johns Hopkins University. As Green put it in a tweet earlier this year, "The problems with encryption backdoors come up when you try to scale them from an idea to something that affects millions of people."

The Athens affair, in which the Vodaphone phone network in Greece was compromised over a decade ago, is often cited as an example of the problem with backdoors.

Backdoors in encrypted systems can make life easier for law enforcement agencies, but they impose a potential cost on businesses. Simply put, compromised security has become a tough sell. Some backdoors are put in place deliberately, as a matter of administrative convenience. Others, like the backdoor in Juniper's NetScreen firewalls, are supposedly unauthorized. Either way, they're generally not welcome.

Spiceworks separately surveyed 220 IT pros about how awareness of a backdoor in a company's products might affect that company's sales prospects. The firm found that 65% of IT pros would be less likely to buy from a company known to install backdoors in its products. Only 20% said a history of backdoors would have no impact when considering a purchase.

Given reports about the NSA's ability to access networking equipment from Cisco, Dell, Huawei, and Juniper, not to mention a supposedly inadvertent backdoor in a MediaTek phone chip used for some Android phones, it may be difficult to avoid products with backdoors or vulnerabilities that could become backdoors.

Nevertheless, some businesses see value in declaring their commitment to encryption, even if their execution remains imperfect. Apple, for example, has taken a public stand against the US government's attempt to force it to undo its encryption for the convenience of investigators. And more recently, consumer messaging providers like WhatsApp and Viber have committed to end-to-end encryption.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

According to a separate Spiceworks security report released in December 2015, more than 80% of businesses experienced some form of security incident last year and 27% of the 200 IT pros surveyed planned to increase spending on encryption in 2016.

In the report that was released Tuesday, more than half of those surveyed (57%) said they believe that network or device encryption had helped their organization avoid a data breach.

Encryption has become common on networks. Some 47% of Spiceworks respondents said they encrypted data in transit to laptop and desktop computers. But encryption is less common on mobile devices like tablets (35%) and smartphones (40%). It's also less common for data at rest: laptops/desktops (36%), tablets (25%), and smartphones (28%).

Still, some organizations don't see the value of encryption. According to the IT pros surveyed, 16% of organizations don't enforce encryption across any devices or services.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    What to Expect at Dreamforce 16

    Something tells me that if Salesforce already leaked news about its new AI product, Einstein, that it might not be the biggest news that will emerge from Dreamforce next week.However, I also think Einstein will be involved in whatever is the big takeaway.
  • 5300c769af79e

    Vimeo’s videos are coming to the silver screen

    With offices in Los Angeles, New York, and Chicago, Spotlight Cinema Networks partners with independent movie theaters across the U.This gives Vimeo a notable new avenue for gaining mindshare, as well as giving its community of users one more reason to upload original content: They could snag a coveted spot on the silver screen.
  • 5300c769af79e

    Enterprise Software's Future

    What's the direction of the software industry?Things are changing, and today's events are signaling a significant shift.
  • 5300c769af79e

    Nexus 9 Removed From Google Store, No One Notices

    The HTC-made Nexus 9 tablet has been removed from the Google Store, leaving only the Pixel C tablet available for purchase to potential Android slate shoppers.The Nexus 9 led us to ponder the tablet ecosystem as a whole with regard to the Android OS, as no particular build of Android has given way to a “ah-ha” moment for developers.