A promotional image from Google's new Transparency Report section on Web-based email. Google wants to make it harder to spy on webmail by encouraging more webmail providers to adopt serevr-to-server encryption. Google

Google launched a two-pronged attack against unencrypted email on Tuesday, divulging which webmail providers don't encrypt their customers' webmail in a new Transparency Report update, while making it easier for individuals to implement the tough email encryption standard known as Pretty Good Privacy, or PGP, with a new browser add-on called End-to-End.

An update to Google's Transparency Report published today introduces a new section called Safer Email. Based on traffic Google sees from Gmail, the section describes a world of webmail where only about half of all email sent is encrypted from server to server.

This is important because webmail that is sent between servers that has not been encrypted can be spied upon with relative ease, similar to the difference between sending a letter in an envelope and an open postcard. If the entire chain of communication isn't encrypted from the starting server to final destination server, the email essentially has no protective envelope.

When Google's webmail competitors don't provide server-to-server email encryption, it exposes Gmail users, too. Screenshot by Seth Rosenblatt/CNET

"Our data show that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren't encrypted," wrote the Gmail Delivery Team tech lead Brandon Long, although he chose an encouraging tone over a scolding one.

"Many providers have turned on encryption, and others have said they're going to, which is great news," he wrote in a blog post announcing the update to the report.

Google wants webmail providers large and small to adopt Transportation Layer Security (TLS) to encrypt email and other data sent between its servers. While Gmail uses TLS in all its transmissions, Google's report says that currently, only 65 percent of messages sent from Gmail to other providers are received by a webmail provider using TLS. Messages sent to Gmail from other webmail systems fare even worse, with only 50 percent of them originating from companies that use TLS.

While Google's charts show that there's been a slight uptick recently, it's too recent to confirm as a trend. Google also provided interactive lists that chart which providers encrypt email in transit.

Google's Transparency Report charts show that some of the biggest offenders are major webmail vendors such as Microsoft, Apple, and Comcast. Screenshot by Seth Rosenblatt/CNET

See original here:
New Chrome extension hopes to demystify encryption

IDG News Service - Cloudera will incorporate technology from its acquisition of encryption software provider Gazzang into Apache Hadoop so that industries with stringent security regulations can use the big-data processing platform.

Gazzang's technology will permit Hadoop use by organizations that have legal requirements to encrypt data across the entire system, said Mike Olson, Cloudera chief strategy officer. Terms of the acquisition, announced Tuesday, were not disclosed.

Regulations such as the health care industry's Health Insurance Portability and Accountability Act, retail's Payment Card Industry and Europe's Data Protection Directive, all require end-to-end encryption.

"Those folks need very strong security guarantees," Olson said.

Cloudera has already made Gazzang's encryption and key management software available for download to Cloudera customers and is folding the technology into the Cloudera Enterprise distribution.

Cloudera Enterprise already comes with many encryption capabilities -- for instance, data stored on the HDFS (Hadoop File System) can be encrypted.

But other parts of Hadoop do not have built-in encryption. Data that comes into the system from one of the streaming engines, such as Apache Sqoop, is not encrypted. Nor is metadata, the catalog data that describes the data being stored. Configuration information about a Hadoop cluster is not routinely encrypted either.

"There are pockets of data that need to be encrypted. Gazzang does that across the platform," Olson said.

Gazzang also provides a central, industrial-strength, registry for the keys used to encrypt and decrypt data.

"No vendor in the Hadoop space right now offers integrated security encryption and key management for the platform," Olson said.

Follow this link:
Gazzang buy gives end-to-end encryption for Cloudera Hadoop