Businesses ‘plagued’ by missing encryption keys

Powered by SC Magazine
 

Afflicts digital certificates, too.

Encryption keys have proven difficult for many businesses to handle, with loss and theft representing two major problems, a report has shown.

More than half of respondents to a poll conducted by security firm Vanafi said they had seen encryption keys either stolen or going missing, or were unsure if they had just been mislaid.

And 51 percent admitted similar problems with digital certificates.

Significantly, more than three-quarters (78 per cent) of organisations said they experienced downtime due to mismanaged encryption.

Increased complexity only exacerbated the problem, according to Vanafi, as nearly 90 per cent of organisations had numerous administrators managing encryption keys.

Almost half of surveyed companies revealed they were managing at least 1,000 digital encryption certificates.

Jeff Hudson, chief executive of Vanafi, described the results as “shocking”.

“It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks,” he added.

Token trouble

Managing tokens also emerged as a serious issue for many businesses.

Indeed, some analysts hailed 2011 as the year when tokenless technology would start to see serious uptake.

Jim Fulton, vice president at DigitalPersona, said he had spoken to numerous customers who were struggling to manage tokens.

“Most of the customers who I’ve talked to who use tokens are quite passionate at how they despise tokens,” Fulton said.

“I’ve heard people say that if they could, they’d throw them underneath a lorry and crush them because they hate them so much.”

A number of vendors suggested smartphones could act as a replacement for tokens altogether.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Businesses ‘plagued’ by missing encryption keys
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1089

Vote