Businesses ‘plagued’ by missing encryption keys

Powered by SC Magazine
 

Afflicts digital certificates, too.

Encryption keys have proven difficult for many businesses to handle, with loss and theft representing two major problems, a report has shown.

More than half of respondents to a poll conducted by security firm Vanafi said they had seen encryption keys either stolen or going missing, or were unsure if they had just been mislaid.

And 51 percent admitted similar problems with digital certificates.

Significantly, more than three-quarters (78 per cent) of organisations said they experienced downtime due to mismanaged encryption.

Increased complexity only exacerbated the problem, according to Vanafi, as nearly 90 per cent of organisations had numerous administrators managing encryption keys.

Almost half of surveyed companies revealed they were managing at least 1,000 digital encryption certificates.

Jeff Hudson, chief executive of Vanafi, described the results as “shocking”.

“It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks,” he added.

Token trouble

Managing tokens also emerged as a serious issue for many businesses.

Indeed, some analysts hailed 2011 as the year when tokenless technology would start to see serious uptake.

Jim Fulton, vice president at DigitalPersona, said he had spoken to numerous customers who were struggling to manage tokens.

“Most of the customers who I’ve talked to who use tokens are quite passionate at how they despise tokens,” Fulton said.

“I’ve heard people say that if they could, they’d throw them underneath a lorry and crush them because they hate them so much.”

A number of vendors suggested smartphones could act as a replacement for tokens altogether.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Businesses ‘plagued’ by missing encryption keys
 
 
 
Top Stories
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
Amazon forced to reboot EC2 to patch Xen bug
Rolling restarts over next week.
 
Vodafone reveals plans to store users' online activity
Says retrieval under Govt proposal will impose massive cost.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  66%
 
Advanced persistent threats
  4%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1349

Vote