Businesses ‘plagued’ by missing encryption keys

Powered by SC Magazine
 

Afflicts digital certificates, too.

Encryption keys have proven difficult for many businesses to handle, with loss and theft representing two major problems, a report has shown.

More than half of respondents to a poll conducted by security firm Vanafi said they had seen encryption keys either stolen or going missing, or were unsure if they had just been mislaid.

And 51 percent admitted similar problems with digital certificates.

Significantly, more than three-quarters (78 per cent) of organisations said they experienced downtime due to mismanaged encryption.

Increased complexity only exacerbated the problem, according to Vanafi, as nearly 90 per cent of organisations had numerous administrators managing encryption keys.

Almost half of surveyed companies revealed they were managing at least 1,000 digital encryption certificates.

Jeff Hudson, chief executive of Vanafi, described the results as “shocking”.

“It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks,” he added.

Token trouble

Managing tokens also emerged as a serious issue for many businesses.

Indeed, some analysts hailed 2011 as the year when tokenless technology would start to see serious uptake.

Jim Fulton, vice president at DigitalPersona, said he had spoken to numerous customers who were struggling to manage tokens.

“Most of the customers who I’ve talked to who use tokens are quite passionate at how they despise tokens,” Fulton said.

“I’ve heard people say that if they could, they’d throw them underneath a lorry and crush them because they hate them so much.”

A number of vendors suggested smartphones could act as a replacement for tokens altogether.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Businesses ‘plagued’ by missing encryption keys
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 440

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 211

Vote