On a recent visit to Boston in the USA, Enterprise Times spent time with Tatu Ylonon, founder of SSH and inventor of the SSH protocol. We sat and talked about the state of enterprise security, the need for encryption and the way that encryption security keys are handled.
What is interesting is that the conversation came against a backdrop of politicians in several countries talking about weakening encryption. In the last few days alone, British Home Secretary, Amber Rudd has said nobody needs hard encryption. Ylonon disagrees with that view saying that “Encryption is a necessary thing. You cannot have cybersecurity on public networks without encryption.”
Enterprise IT departments agree with that as, ironically, do the lawmakers. There is a constant flow of new legislation that is driving the use of every stronger encryption. This is not just about protecting data at rest but also all communications where data is being moved from one device to another. Unfortunately enterprises are not managing and changing encryption keys in the same way that they do passwords and user credentials.
There is also a glaring hole in most IT security plans that aligns with government complaints. Encrypted data is hard to track and understand. The technology to decrypt and re-encrypt data at network speeds is expensive. Cybercriminals and hackers know this. They are increasingly using encryption to exfiltrate data from enterprises. This means that a lot of security teams have no way of knowing what has been stolen.
The group inside the enterprise who are charged with overseeing all this are auditors. The problem is that many of them have few IT skills, lack the right tools and are not well supported by the Enterprise. Ylonen also talks about piggyback attacks and how they allow hackers full access to backup systems.
To hear more about what Ylonen had to say, listen to the podcast here. Alternatively you can download it to your local machine and listen to it on your personal device. Our podcasts are also available for Android devices from play.google.com/music/podcasts. Alternatively go to our page on Stitcher and download this podcast from there.