Enterprise organizations can employ data encryption protect their networks and sensitive information from mass surveillance by governments and hackers, according to security experts.
Protecting corporate and in many instances client data became a hot topic once more with leaked reports that the United States National Security Agency has been mining electronic communications from technology companies such as Google, Yahoo, Microsoft, Skype, YouTube, Facebook as part of an anti-terrorist program. Some of the companies denied that government agencies had direct access to their servers.
The NSA’s capabilities in breaking modern encryption methods are unknown, according to Mathew Green, a cryptographer and research professor at the John Hopkins University Information Security Institute in Baltimore. However, he said, even if the NSA or other secret intelligence agencies are able to decode modern encryption “it’s going to be pretty expensive for them to do so.”
In order to prevent unwanted surveillance, said Dwanye Melancon, chief technology officer of IT security company Tripwire, it would have to be encrypted throughout its life. This means encrypting data as it passes through routers and servers via the Internet in different jurisdictions around the world and even when it is stored in servers.
This presents a problem when businesses rely on cloud service providers (CSP) for encryption, said Steve Weis, chief technology officer of data encrypting company PrivateCore. In this scenario, the business is not certain when a government body is conducting lawful attempts to access the encrypted data.