Businesses ‘plagued’ by missing encryption keys

Powered by SC Magazine
 

Afflicts digital certificates, too.

Encryption keys have proven difficult for many businesses to handle, with loss and theft representing two major problems, a report has shown.

More than half of respondents to a poll conducted by security firm Vanafi said they had seen encryption keys either stolen or going missing, or were unsure if they had just been mislaid.

And 51 percent admitted similar problems with digital certificates.

Significantly, more than three-quarters (78 per cent) of organisations said they experienced downtime due to mismanaged encryption.

Increased complexity only exacerbated the problem, according to Vanafi, as nearly 90 per cent of organisations had numerous administrators managing encryption keys.

Almost half of surveyed companies revealed they were managing at least 1,000 digital encryption certificates.

Jeff Hudson, chief executive of Vanafi, described the results as “shocking”.

“It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks,” he added.

Token trouble

Managing tokens also emerged as a serious issue for many businesses.

Indeed, some analysts hailed 2011 as the year when tokenless technology would start to see serious uptake.

Jim Fulton, vice president at DigitalPersona, said he had spoken to numerous customers who were struggling to manage tokens.

“Most of the customers who I’ve talked to who use tokens are quite passionate at how they despise tokens,” Fulton said.

“I’ve heard people say that if they could, they’d throw them underneath a lorry and crush them because they hate them so much.”

A number of vendors suggested smartphones could act as a replacement for tokens altogether.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Businesses ‘plagued’ by missing encryption keys
 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 983

Vote