Businesses ‘plagued’ by missing encryption keys

Powered by SC Magazine
 

Afflicts digital certificates, too.

Encryption keys have proven difficult for many businesses to handle, with loss and theft representing two major problems, a report has shown.

More than half of respondents to a poll conducted by security firm Vanafi said they had seen encryption keys either stolen or going missing, or were unsure if they had just been mislaid.

And 51 percent admitted similar problems with digital certificates.

Significantly, more than three-quarters (78 per cent) of organisations said they experienced downtime due to mismanaged encryption.

Increased complexity only exacerbated the problem, according to Vanafi, as nearly 90 per cent of organisations had numerous administrators managing encryption keys.

Almost half of surveyed companies revealed they were managing at least 1,000 digital encryption certificates.

Jeff Hudson, chief executive of Vanafi, described the results as “shocking”.

“It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks,” he added.

Token trouble

Managing tokens also emerged as a serious issue for many businesses.

Indeed, some analysts hailed 2011 as the year when tokenless technology would start to see serious uptake.

Jim Fulton, vice president at DigitalPersona, said he had spoken to numerous customers who were struggling to manage tokens.

“Most of the customers who I’ve talked to who use tokens are quite passionate at how they despise tokens,” Fulton said.

“I’ve heard people say that if they could, they’d throw them underneath a lorry and crush them because they hate them so much.”

A number of vendors suggested smartphones could act as a replacement for tokens altogether.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Businesses ‘plagued’ by missing encryption keys
 
 
 
Top Stories
How hard do you hack back?
[Blog post] Taking the offensive could have unintended consequences.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
The big winners from Defence’s back-office IT refresh
Updated: The full list of subcontractors.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1023

Vote