What are the Challenges Faced in Combating Encryption Sprawl

January 8, 2015 | By Editor 


Now that companies are encrypting all their user data, managing encryption sprawl in the company is next challenge. Encryption is now on every businesses agendas, and not just because of concerns over government surveillance.

The ever-changing dynamics of data legislation and industry regulation are propelling this new interest, along with the desire to avoid security breaches and identity thefts.

Challenges in Combating Encryption Sprawl

  • Now, encryption is not exactly new to the tech industry. Previously, it was the sole province of governments and financial institutions, but the Web changed all this in a short span of time.
  • Two decades ago, computer were a privilege and therefore remained secure due to their isolation. But today systems are connected and exposed.
  • Secure Socket Layer (SSL)/ Transport Layer Security (TLS) was universally adopted to guard information, and that security has spread its wings beyond apps like IT systems to e-commerce. This has not only heightened the security level, but also the complexity and price as well.
  • Well, if encryption is important so is encryption management. The ways handled by companies in deploying encryption has created security silos; increasing the risk of encryption sprawl.
  • Fragmentation of encrypted information extending across many IT properties brings in inconsistency of security and policy. With cloud-based system being widely used, this spread can only worsen further. Therefore, encryption management is essential.

The Three Essentials

There are three challenges existing when it comes to managing encryption silos. The First challenge is how can the encryption quality for each silo be measured?

  • Few certifications have been developed to focus on encryption and other cryptographic systems. The most reputed of this would be the Federal Information Processing Standards (FIPS), where products are evaluated by independent labs.
  • The second challenge is the application of consistent policies across the silos. The important issue here is key management. Securing information for legitimate and approved sewers is a difficult task.
  • Further, an improper management of keys distribution, archiving, and replacement could severely impact an organization. More the encryption, more the number of keys making key management all the more difficult.
  • To handle key management, companies are now planning to centralize the process with standardized policies and procedures. The primary goal of this approach is to administer keys from different encryption systems via one centralized system.

The third challenge

The third challenge, the most important of all, is securing data as it moves among silos. Securing data on systems or in storage devices remove a few risks of losing it.

  • However, that data will eventually move. It can be shared between users or accessed by an app, or sent to another company. The best way to secure data before it moves is decrypting it.
  • But even if the data passes via secure channels, a vulnerability whereby clear-text data can be intercepted still exists. This possibility is because apps in one silo cannot understand data encryption in another.
  • Replying end-to-end encryption across multiple silos is a possibility to address the issue, but not easy to implement.
  • It totally depends on feasibility, which depends on good key management and a centralized approach where different silos can access keys and data shared from anywhere.
  • Apart from a few examples, this approach has been enforced in mobile payments and other scenarios but it is yet to take shape as a standard practice.

Future of Encryption Approach

  • The unprecedented increase of connectivity through mobiles and cloud services has exposed vulnerabilities in traditional encryption methods.
  • With encryption sprawl having a good future, companies can reduce encryption flaws via effective key management and the use of centralized policies and procedures.
  • These actions will set the foundations of a future strategic architecture to help safeguard important data assets.


<< Encryption through SSL CertificatesGoogle Engineer Find Fake SSL Certificate >>

Posted in Technology

Be Sociable, Share!

Leave a Comment


* fields are mandatory