• Richard Blech

Ubiquitous, Unadulterated Encryption: A Fundamental Pillar of Cyber Resilience


Encryption is a key element of an effective comprehensive cybersecurity framework. In particular, the end-to-end encryption solutions that limit the ownership of decryption keys to only the sender and intended recipient is a fundamental part of protecting digital data and communications. This ubiquitous encryption adds an additional, impenetrable layer of digital security that further supports the enterprises cyber resilience.

It is very much needed as organizations have to be able to create the best cybersecurity defense that can mitigate data compromise and loss from cyberthreats that include multiple nation-states. However, even as the number and severity of cybersecurity attacks have escalated in recent years, there has been a growing push to compel tech companies to create encryption access points for law enforcement purposes so that the encrypted communications of parties under investigation can be intercepted.

UBIQUITOUS ENCRYPTION CREATES TRUST IN IT SYSTEMS

The United States is not the only nation proposing access to encrypted communications. The U.S. and other nations, including Japan, Canada, India, Australia, New Zealand and the United Kingdom issued a public letter asking tech companies to create back doors that would allow law enforcement access to encrypted data. Australia, for its part, passed the TOLA Act in 2018, which gives its security and intelligence organizations the power to force tech companies to crack their encryption. In China, certain companies are now required to provide to the government certain forms of technical assistance, including decryption.

Advocates of requiring tech companies to provide special access to encrypted data state that it is useful in investigations. They also are worry about the use of encryption technologies by entities that present a threat to national security. Detractors may voice legal concerns that center on consumer privacy, having financial and personal information protected and the fundamental rights of citizens.

There are many aspects to the discussion of the ubiquitous encryption, but its global impact cannot be ignored. For instance, end-to-end encryption has become too entrenched in securing the international trade and e-commerce infrastructure to ignore is economic impact. Consider the NIST encryption standard, the AES cryptographic algorithm, which was estimated to have created a $250 billion economic benefit for just the American economy alone over the course of almost two decades. This benefit was founded in the trust it was able to establish in IT systems. There have been many encryption protocols created since the first use of AES that provide even stronger encryption capabilities and is being relied upon companies around the world to help safeguard their data.

Ubiquitous encryption has an essential role in the economy of the world. There is no sector or industry that does not rely on encryption in some part for securing digital data. The operation and management of critical infrastructures, the execution of online financial transactions, storing digital data and more all depend on being able to execute those functions securely. It is necessary for enterprises and their clients to be able to feel that they can protect their data online and this cannot occur without strong encryption. Undermining encryption technology’s ability to be secure will lead to the distrust of digital security.

COMPROMISED ENCRYPTION IS NOT SECURE

At the most basic level the issue of ubiquitous encryption may be one of technology. Every step taken in the evolution of encryption should make the technology more secure and universal. The creation of a backdoor to encryption technology at this point in the digital age when online communications and transactions are the norm would defeat the very purpose of encryption. Any weakening of encryption for investigative purposes may benefit investigators, but it will also benefit those parties with malicious intent. Cyber criminals will leverage every cybersecurity vulnerability they can to gain access to systems, whether or not that vulnerability was intentionally designed. Mandating duplicate decryption keys presents vulnerabilities in the encryption framework that increase the chances of intrusion by malicious parties. For example, suppose the cybersecurity system of the third party that has been provided a duplicate decryption key is less than secure. This is a vulnerability that can be leveraged by malicious actors who would hack into that system and obtain the duplicate key.

Organizations rightfully seek out encryption technology that is impenetrable and easy to integrate into existing systems to protect their digital assets. And the creators of encryption technologies and systems have to be able to answer that need. This is why they seek certifications, such as the UL- 2900 Certification obtained by XSOC CORP’s SOCKET and the FIPS 140-2 Certification awarded to the XSOC Cryptosystem.

The need for impenetrable encryption is even more apparent when one considers how modern enterprises are relying more and more on IoT and AI to become more digitized. Companies must be able to protect the identities of the machines they use as well as the data on those devices. This requires cryptographic and encryption solutions that are able to meet very high standards.


BOOST ENTERPRISE SECURITY WITH XSOC CORP ENCRYPTION SOLUTIONS

Encryption has helped fuel the rise of the digital economy and can continue to do so as long as the technology is made as threat-proof as possible. At XSOC CORP, our optimized cryptographic and encryption solutions are quantum-safe, able to stand against current and future threats. Contact us for a demonstration of how we can help you keep your organization’s data secure.