in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Encryption Software: Less Than 1% Of Breached Records Encrypted

According to esecurityplanet.com, a compilation of data breaches in Q2 of 2014 has seen more than 175 million customer records exposed.  Of those, only 1% represented a situation where strong encryption prevented the data from being used.

But, isn't that expected due to the nature of what's being reported?  In other words, aren't we dealing with a "Dewey is President of the US" scenario?

Encryption is Important, Works as Designed

The importance of encryption software as a deterrent to data breaches is unparalleled.  This week we saw how Apple and other companies are pledging to make more use of encryption to protect their clients' data – and more importantly, the reaction from law enforcement (I won't say they freaked out] but they certainly were not happy about the announcement).

The truth of the matter is that encryption works (assuming it's been designed and implemented correctly – which is the reason why the US federal government can only use encryption solutions vetted by NIST and given FIPS validation.  For example, AlertBoot's solutions use encryption that have obtained FIPS 140-2 certificates).

Another truth: people don't use it as much as they should be.  And not just to make things hard for the government, but because there is a real problem of people collecting data on other people and using it for fraud and other nefarious purposes.

However, the numbers are not as dire as that reported by esecurityplanet.com.  Indeed, most surveys show that the use of encryption – while varying wildly depending on the industry and who ultimately controls a data storage device – tends to be in the double digits, anywhere between 25% and 50% (or even much, much higher).

So what's going on with esecurityplanet.com's numbers?

Dewey Defeats Truman

Basically, it comes down to what your data samples are.  To give a historical example, in 1948 the Chicago Tribune publicized on the day after the US presidential election that "Dewey Defeats Truman" despite the results being quite the opposite.  While there were many reasons for this blunder, among them was that opinion polls had predicted a Dewey victory.

And the reason why the opinion polls got it wrong?  Well, it was a nascent industry at the time but I have heard that some publications were asking readers to "send in their votes"…and the readers of these publications heavily leaned towards Dewey.  In other words, the poll wasn't scientific at all; the sample was biased.

Likewise in the esecurityplanet.com numbers: most countries and industries give the users of encryption software "safe harbor" from the obligation of publicizing a data breach.  That means that most data breaches you read about you only read about because encryption was not used (let that sink for a second).

No wonder less than 1% of these data breaches involve a situation where strong encryption – or any type of encryption – was used.  It's essentially a self-selecting group of non-encryption users.

Related Articles and Sites:
http://www.esecurityplanet.com/network-security/unencrypted-laptop-thefts-expose-personal-medical-financial-data.html
https://www.techdirt.com/articles/20140923/07120428605/law-enforcement-freaks-out-over-apple-googles-decision-to-encrypt-phone-info-default.shtml
 
<Previous Next>

Medical Laptop Encryption: Canadian Health Authority Finds Out "Certain Security Measures" Not Followed

iPhone Encryption And Management: Is The FBI Right To Freak Out Over Encryption?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.