In the past, technology was a topic of discussion primarily among engineers and scientists. Debates would erupt over technology, but they were confined to esoteric conferences, labs or lecture halls.

Our connected world has changed all that. Now its not unusual for people to talk about technology its benefits, challenges and social implications. And those people are not always technical experts.

AI and autonomous cars, cloud, connected medicine and data breaches continue to be hot topics. But various policy and societal factors are pushing another technology issue encryption into the collective consciousness. Thats why we can expect 2020 to be the Year of Encryption.

This year, dialogue about encryption from a business, consumer and policy standpoint will reach a crescendo. This will happen in the U.S. and beyond. Here are a few examples.

Businesses are stepping up their strategies to ensure compliance with the 2020 California Consumer Privacy Act (CCPA). CCPA, which took effect Jan. 1, gives California residents control over their personal data. This will prompt more discussion and education about personal data privacy. And that will give businesses new incentives to employ encryption technology.

Theres movement on encryption at the federal level, too. A bipartisan group of Capitol Hill lawmakers have re-energized a push for encryption backdoors. And the Australian, U.K. and U.S. governments are pressuring Facebook to scrap plans for end-to-end encryption of Facebook Messenger.

Meanwhile, organizations with an international presence continue their work on General Data Protection Regulation (GDPR) compliance. They also must understand how Brexit will impact regulations governing storage and sharing of sensitive data. Such efforts have new urgency given that British lawmakers in December approved the Brexit bill. And businesses want to avoid the significant GDPR fines theyve seen some of their peers absorb.

As for consumers, they want more control and privacy over their data. And the advancement in facial recognition software and concerns about voter information protection leading up the U.S. election only amplify their concerns. Yet consumers are often confused about what data privacy really means and how to enable it.

But a growing number of individuals are now aware that encryption is part of the conversation. Encryption may never be a water cooler topic of conversation on par with Game of Thrones. However, in 2020, it will be more readily understood, discussed and debated than ever before.

Weve also been hearing about the arrival of the autonomous car for some time now. Autonomous cars were once a futuristic idea. But theyre here today, and several businesses have been investing in and experimenting with them.

That has prompted people to talk about autonomous vehicles and their potential benefits and dangers. When these vehicles first arrived on the scene, much of the talk was about their benefits. But experiments dont always go as planned; in fact, some are catastrophic failures.

This highlights the need for organizations to devote more time and effort to tackle the challenges autonomous vehicles present. (One of those challenges involves how to prevent tampering by bad actors.) As a result, the broad use of autonomous cars will be further in the future than originally expected. And the use cases for these vehicles largely will be limited to short distances and specific routes and speeds.

Cloud technology also continues to move forward while simultaneously taking a step back.

On the forward-moving front, worldwide public cloud spending is expected to approach $500 billion in 2023. If that plays out, it would be more than twice the public cloud spend from 2019.

But while adoption of public cloud is growing, many organizations are revisiting private cloud strategies. This boomerang effect is occurring as some organizations realize public cloud doesnt meet all their needs. That is sometimes due to security issues or the challenges of having to rewrite applications. As a result, many organizations that had planned to go 100% public cloud are opting to also use on-premises resources.

If you thought house calls were a thing of the past, think again. Like the cloud, medicine is also now coming back in house, at least to some extent.

In the year ahead expect to see more medical devices make their way into our homes. That includes equipment like breathing machines that used to be found solely in medical facilities.

Technological advances are now enabling manufacturers to make these devices smaller. And the fact that these devices are connected means they can be used at home. That can save time and money for consumers and the medical industry.

Data breaches continued to rise in 2019. And the growing number of medical and other connected devices only increases the threat surface and raises the stakes of cybersecurity. And our data-rich medical records have become the gold standard for todays cyber thieves.

That said, organizations must do more to safeguard the health and well-being of their customers. That involves having the right cybersecurity and personal data protection measures and technology in place.

But they need to do that without creating a lot of friction for their customers.

Finding the right balance is a significant challenge. But its worth the time and effort for organizations, which should figure encryption into the equation.

Too little security can result in loss of business, reputation and even stock value. Meanwhile, the right balance enables compliance, builds trust and allows for business growth and longevity.

Link:
Encryption Will Take Center Stage in 2020 - Security Boulevard

Although today much of the internet traffic is encrypted, attackers can still exploit it. While the need to examine encrypted traffic is obvious, the way to carry out decryption often remains a conundrum. Decrypting traffic can introduce performance bottlenecks and introduce potential privacy and compliance issues if the traffic is fully unshrouded. Finding a way to maintain performance and ensure compliance while also being able to properly examine traffic is becoming critical.

Encrypted traffic needs to be examined to uncover potential functions for controlling botnets and malware that are often hidden within secure tunnels. Examining encrypted traffic will also help investigate various issues. Take, for instance, a workstation that abruptly started to communicate using an outdated encryption algorithm. Such is likely a clear sign of being compromised. Or consider users communicating with servers with untrusted certificates. The ability to analyze encrypted communications such as these is growing more crucial each day for the effective enforcement of security policies.

While only half of internet traffic was encrypted in 2017, today it is over 80%. The era of a fully encrypted internet is already knocking on the door and, naturally, professionals responsible for security and risk management in companies are paying more attention. Encryption complicates the use of traditional security technologies, such as firewalls, and also often makes their use impossible. If you do not know what is hiding in packets, you cannot fully protect the corporate network or individual workstations from malware.

Today, the analysis of encrypted communication should be part of the portfolio of network monitoring and security for every company. Some security solutions are adding such capability, providing the ability to analyze header information of encrypted traffic without having to open the payload. Thanks to this functionality, enterprises are now able to display important details of encrypted communication, including detecting hidden malware. However, the encrypted content cannot be viewed without decryption. So it is important to get as much information as possible when the communication is not yet encrypted during the process of establishing the connection when the exchange of encryption keys and certificates is being conducted.

An example of this connection setup is a SSL/TLS handshake, which is required for establishing encrypted communication during which different TLS parameters are available and visible, including the TLS protocol version used by the server, encryption set, server name (SNI) indication, certificate issuer, public key, certificate validity, JA3 fingerprint and more.

The connection data can then be analyzed or used in different ways to manage the security of the organization. Based on the data, one can receive notifications of changes and events or use it for automatic alerts that are linked to other actions (emailing, running a user script, sending a syslog or an asynchronous notification in the form of an SNMP trap, etc.).

One of the easiest ways to detect malware and process indicator of compromise (IoC) is to analyze JA3 fingerprints. Using JA3 method, one can easily create SSL/TLS fingerprints on any platform. It is much more effective to use JA3 fingerprints to detect malware within SSL/TLS than to monitor the IP or domain IoC. It does not depend on whether the malware uses domain generation algorithms (DGA) or changes the IP addresses for each of its command and control (C2) hosts, not even when it uses, for example, Twitter, to control it. Since JA3 detects a client application directly, it can detect malware based on how it communicates instead of what it communicates through. Thanks to this, special tools such as those in Flowmon, in cooperation with the publicly available JA3 fingerprint database, can detect potential threats from specific JA3 fingerprints in encrypted communication.

Many companies rely on HTTPS communication and certificates issued by a certification authority for a given period to secure their internal communication or web presence. It is important to monitor the validity of the issued certificate to avoid a situation where data remains unsecured for some time. This can be elegantly solved by analyzing encrypted traffic, which provides, among other things, an overview of each certificates expiration. This allows one to monitor expiring certificates and completely avoid the problem of expired certificates altogether. One can also easily detect weak TLS 1.0 encryption with enough time to take all the necessary corrective steps.

Some security solutions provide encrypted traffic analysis on two levels. The first focuses on cryptographic evaluation, i.e. examines versions of the SSL/TLS protocol, cyber suite (encryption algorithms, key lengths) and certificates, while the second focuses on monitoring and security. It offers JA3 fingerprints for possible identification of malware or infected stations and ALPN for identifying protocols in encrypted communication and examines SNI and many other parameters.

For reliable threat protection, companies eventually will need to incorporate security tools based on behavioral analysis, artificial intelligence and encrypted communication analysis. These tools promise to detect malware in real-time encrypted traffic without impacting network throughput or degrading application performance. It will also require changes to existing security strategies to stop man-in-the-middle threats or attempts to steal corporate data promptly.

New security technologies such as these will be indispensable for not just protective security, but also for auditing. The technologies will help detect communications that use outdated certificates in violation of company policy, control the encryption strength or reveal data encryption vulnerabilities. Most organizations today can only get to such detailed overviews at the cost of laborious and time-consuming methods.

In a way, we can apply the Socrates dictum about the unexamined life not worth living to network security. Unexamined traffic undercuts all of the other important security methodologies and makes them not worth having, providing a way for attackers and bad actors to gain access to resources right under the nose of security inside encrypted tunnels. These need careful examination and can be done largely without performance penalties and compliance exposure.

See original here:
Encrypted Traffic Analysis Will Be Mandatory Soon - Security Boulevard

Expect the U.S. Department of Justice and officials from allied countries to push harder for large technology companies to give them access to customers' encrypted communications, and expect the tech companies to continue to resist.

The current push for tech companies to provide encryption backdoors started back in 2014, when then-FBI Director James Comey complained about law enforcement agencies "going dark" because of a lack of access to encrypted email, texts, and other communications. But current Attorney General William Barr and allies in the United Kingdom and other countries have stepped up the pressure on tech companies in recent months.

Encryption has "empowered criminals" as terrorists, human traffickers, and sexual predators shield their activities from police, Barr said in a speech in October. "As we work to secure our data and communications from hackers, we must recognize that our citizens face a far broader array of threats," he said. "While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society's ability to defend itself against other types of criminal threats."

The debate shifted into high gear in December. On Dec. 9, Facebook sent a letter to U.S., U.K., and Australian officials, rejecting their request that the company scrap its plans to offer end-to-end encryption across messaging services.

"We all want people to have the ability to communicate privately and safely, without harm or abuse from hackers, criminals, or repressive regimes," the letter said. "Every day, billions of people around the world use encrypted messages to stay in touch with their family and friends, run their small businesses, and advocate for important causes. In these messages, they share private information that they only want the person they message to see."

A day later, in a Senate Judiciary Committee hearing, Chairman Lindsey Graham threatened Facebook and Apple officials with legislation if they didn't give law enforcement encryption back doors.

"You're going to find a way to do this, or we're going to go do it for you," said Graham, a Republican from South Carolina. "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."

Many cybersecurity experts, however, have warned against the push for encryption back doors.

If law enforcement agencies get access to encrypted communications, it's only a matter of time before criminals figure it out, said Michael Frederick, CEO of software development firm Flatirons Development. There is no "middle ground" compromise to the encryption debate, he added.

"Any back door that is open to law enforcement to allow them to access encrypted materials will inevitably be discovered and abused by those with malicious intentions," he said. "That could be hackers in the U.S., or it could be overseas governments taking advantage of the loophole, presenting a risk to our national security."

When the loophole is discovered and shut down, "we will start this conversation over again," he predicted.

It's "impossible" to allow law enforcement access without also risking hacker access to encrypted communications, added Daniel Goldberg, security researcher at Guardicore, a cloud and data center security vendor.

"Regardless of the method, whether its key escrow or weakened access or any other buzzword of the month, encryption only works if it's total," he said. "If we go down this path, not far is the day when criminal groups or nation-states will have easy access to all private communications of common citizens."

Nevertheless, the push for access isn't all "fear, uncertainty, and doubt," Goldberg added. "By choosing privacy for all citizens, we also allow privacy to criminals," he said. "Law enforcement today relies on a hodgepodge of methods that try to go around end-to-end encryption, allowing sophisticated criminals freedom of action."

Meanwhile, security experts were split in their predictions on whether Congress would act to require law enforcement access. Some saw too much disagreement in Congress to move forward, while others predicted eventual action to require some type of access.

"Unfortunately, I can see Congress, in light of a national emergency or threat, taking action to weaken individual access to encryption technology," said Llewellyn Gibbons, a cyberlaw professor at the University of Toledo College of Law. "I doubt that Congress will take action on this as part of a reasoned debate that considers the commercial as well as individual privacy concerns."

Congressional action would be a significant change in U.S. government policy related to the internet, Gibbons added. "Such a change would be a dramatic shift from the self-government model that the U.S. government has encouraged on the internet."

View post:
Debate over access to encryption isn't going away - Washington Examiner

from the encryption-is-letting-dead-men-get-away-with-crimes-they-already-committed dept

It looks like the FBI wants to relitigate the San Bernardino shooting. After that tragedy, the FBI tried (and failed) to obtain legal precedent forcing cellphone manufacturers to crack open seized phones at the drop of a warrant. Finally, a third party sold a solution to the FBI that opened the phone and allowed it to recover nothing useful whatsoever from the shooter's device.

The FBI was displeased that it didn't get this precedent. Internal communications showed FBI officials were doing everything they could to avoid using a third-party solution. The theoretical existence of evidence related to a tragic shooting was the only leverage the FBI had and a private company's cracking service took that leverage away. It could no longer claim approaching Apple directly was the only way to access the contents of the phone.

The FBI is trying again. It has more locked phones and another shooting to use as leverage.

The FBI is asking Apple Inc. to help unlock two iPhones that investigators think were owned by Mohammed Saeed Alshamrani, the man believed to have carried out the shooting attack that killed three people last month at Naval Air Station Pensacola, Florida.

In a letter sent late Monday to Apple's general counsel, the FBI said that although it has court permission to search the contents of the phones, both are password-protected. "Investigators are actively engaging in efforts to 'guess' the relevant passcodes but so far have been unsuccessful," it said.

Apple is helping the FBI but it's not doing the only thing the FBI really wants it to do. Apple's statement says it's already turned over "all the data in [Apple's] possession." But it's not going to break the devices' encryption.

And no matter what legal precedent the DOJ obtains -- should it decide to force the issue by seeking a court order compelling decryption -- it still may not find anything useful, or indeed anything at all, if it manages to unlock the devices. There's a twist in this case that sets it apart from the San Bernardino shooting.

A law enforcement official said there's an additional problem with one of the iPhones thought to belong to Alshamrani, who was killed by a deputy during the attack: He apparently fired a round into the phone, further complicating efforts to unlock it.

Shooting someone right in the evidence is a new logistical hurdle -- one that probably can't be cleared with a stack of legal paperwork and precedent. But this is the FBI's latest attempt to undermine device encryption. Attorney General Bill Barr has made it clear he feels encryption is only good for criminals. If the DOJ decides to take another run at this, it will be less likely to back down even if presented with a third-party solution.

The FBI and DOJ are always on the lookout for another tragedy to use as leverage for anti-encryption precedent. Unfortunately, this country produces more than its share of mass shootings, so the FBI and DOJ will always have plenty to work with.

Filed Under: doj, encryption, fbi, going dark, pensacolaCompanies: apple

Read the rest here:
San Bernardino 2.0: FBI Asking Apple To Crack Encryption On Phones Owned By Pensacola Naval Station Gunman - Techdirt

The data protection landscape is rapidly changing in scope, breadth and depth. With changes to data protection laws in recent years, organisations today must keep up with all that is happening in the world of data protection.

Data protection no longer solely applies to risk management such as business continuity and disaster recovery, but also governance and compliance.

The protection of electronically stored information in all its different expressions should be at the forefront of any business. The permanent physical loss of key information, such as customer account information or the loss of confidentiality of sensitive information, could have a severe negative impact on a business and bring with it huge penalties and legal costs.

The loss of confidentiality of information through a data breach can carry high security threats and put businesses of all sizes at risk.

As data and business processes evolve with technological advances, enterprises are actively examining how to improve the data protection function from the perspectives of people, processes and technology. The key to choosing the data protection technologies is to understand the overall data protection infrastructure portfolio into which individual data protection technologies should fit.

The strength is in the hardware

As a solution, data encryption has received strong endorsement from the enactment of state, federal and international data protection legislation. Over the years, the disadvantages of software-based encryption have become increasingly recognised in the industry.

After all, software encryption is only as secure as the rest of the computer or smartphone. In software encryption, there are more possible attacks vectors that can lead, among others, to the ability for a hacker to crack the password. Software encryption tools also share the processing of your computer, which can cause the whole machine to slow down as data is encrypted/decrypted.

Unfortunately, some users remain unaware of the potential to solve these problems with hardware-based encryption. Through an industry-wide, open specification for hardware-based Self Encrypting Drives (SEDs), e.g., Opal Family Specifications, developed by Trusted Computing Group (TCG), the issues caused by software-based encryption are being addressed and the reasons for using a SED continue to grow.

SEDs are storage media that perform on-board encryption/decryption, as well as pre-boot authentication, maintain hashed passwords and offer on-the-fly erasure. In a SED, the entire drive, including the Master Boot Record (MBR) is encrypted and write protected at rest. As a result, the master boot record cannot be corrupted.

Compared to software-based encryption, hardware-based encryption built into a drive offers simplified management, interoperability among drives from different vendors and most importantly no performance impact. In fact, using a SED is much more cost-effective than buying higher performance main laptop processors when software Full-Disk Encryption (FDE) is used. SEDs integrate to systems and image the same as non-encrypting drives, with no initial encryption necessary, nor re-encryption when drives are re-imaged.

SEDs and TPMs the perfect match for data protection

In order to ensure better security, strong user authentication is needed. With a SED, access to the platform is based on secure authorisation performed by the SED and not by the less-secure software that can be spoofed into allowing unauthorised access to data. Combining hardware-based encryption with Trusted Platform Modules (TPMs) can provide even stronger security benefits in personal computers and can be used in a multitude of ways.

The TPM is designed as a root of trust for the computing platform. It can measure components such as the Basic Input/Output System (BIOS) to determine if the system has been hacked or an unauthorised change has been made. The SED has areas of protected storage that can be used in conjunction with the TPM. One use of these protected storage areas would be to keep a copy of sensitive software such as the system BIOS or MBR. If the TPM detects that the BIOS or MBR has been hacked, a new, unaltered copy of the software can be loaded before the system boots, resulting in a self-healing system.

The combination of SEDs and TPMs can also assure strong authentication. In this instance, the SED would store an alternative operating system in a read-only area of the drive. When the locked SED is powered up, a shadow MBR is used to load this pre-boot Operating System (OS).

The purpose of the pre-boot OS is to allow the user to enter their authentication credentials such as passwords, fingerprints, smart cards, or other tokens which are used to unlock the SED so that the normal MBR and OS can be loaded. Even though the SED protects the pre-boot OS from being altered, the TPM can be used to provide another layer of security by measuring the pre-boot OS each time it is loaded to assure that it has not been altered in an unauthorised way.

Some enterprises want to assure that a SED can only be unlocked by authorised users and in an authorised platform. The TPM can be used to store authentication credentials which are required in order to unlock the SED. At power up time, not only must the user enter their authentication credentials, but the TPM must be used in conjunction with the user authentication credential in order to produce the authentication credential which can unlock the SED.

Through combining hardware-based technologies like SEDs with TPMs, enterprises add another layer of security to their systems, ensuring the possibility of any loss of data is drastically reduced.

Protection against future security threats

Hardware-based encryption like that found in SEDs bring a lot of advantages including compliance, stronger security, integrated authentication and low total cost of ownership with an additional benefit of rapid data destruction or crypto-erase. While these convincing reasons remain valid, additional security scenarios provide even more compelling justification for organisations.

Corporations are reinitiating their spending and investments in technology for the future, with information security proving to be a key area to benefit from increased spending. With new approaches such as SEDs, corporations can obtain improved data security without the shortcomings of software-based encryption. Once potential users correctly and completely understand the capabilities of SEDs and the misconceptions are corrected as well, the increasing availability of SED options will provide the solution to cope with data security threats both now and long into the future.

By TCG Storage Workgroup

PrivSec Conferenceswill bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.https://www.privacyculture.com/

Excerpt from:
#Privacy: Self-Encrypting Drives are the answer to data protection concerns now and in the future - Security Boulevard

A monorail train displaying Google signage moves past a billboard advertising Apple iPhone security during the 2019 Consumer Electronics Show (CES) in Las Vegas, Nevada, U.S., on Monday, Jan. 7, 2019.

Bloomberg | Bloomberg | Getty Images

At last year's CES tech trade show in Las Vegas, Apple attracted a lot of attention because of a large well-placed billboard ad that read, "What happens on your iPhone, stays on your iPhone."

This year, Apple made its first official appearance at the conference in years and was forced to defend that position. Jane Horvath, Apple's senior director, was on a panel on Tuesday alongside representatives from Facebook, Procter & Gamble and the Federal Trade Commission, and was asked about the company's use of encryption.

Apple has long taken a controversial position on encrypting its devices, arguing that it has limited ability to help law enforcement crack into devices during criminal investigations. On Monday, the FBI sent a letter to Apple requesting assistance extracting data from password-protected iPhones used by Mohammed Saeed Alshamrani, who is suspected of killing three people last month in a shooting at a Navy base in Pensacola, Florida.

Horvath reiterated Apple's view that to protect customer data, if a phone is stolen or gets left in a cab, and ensure consumer trust, the company has designed its devices so that it can't access highly personal information. Apple says that, for locked phones, in order to retrieve data that hasn't been uploaded to the company's servers, it would have to build special software.

The Pensacola Naval Air Station main gate following a shooting on December 06, 2019, in Pensacola, Florida.

Josh Brasted | Getty Images

"Our phones are relatively small and they get lost and stolen," Horvath said. "If we're going to be able to rely on our health data and finance data on our devices, we need to make sure that if you misplace that device, you're not losing your sensitive data."

Horvath said that Apple has a team working around the clock to respond to requests from law enforcement. But she said she doesn't support building so-called back doors into software that would allow law enforcement elevated access to private data to solve crimes like terrorism.

"Building back doors into encryption is not the way we are going to solve those issues," Horvath said.

Apple's most high profile showdown with law enforcement came in 2016, when the Justice Department sued the company in an effort to get it to help obtain data from the phone of Syed Farook, who was responsible for the mass shooting in San Bernadino, California, which left 14 people dead. The FBI eventually said that it was able to gain access to the phone using a private vendor.

An Apple spokesperson told CNBC on Tuesday, in response to an inquiry about the recent Alshamrani case, that the company is working with authorities.

"We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations," the spokesperson said in an email. "When the FBI requested information from us relating to this case a month ago we gave them all of the data in our possession and we will continue to support them with the data we have available."

Tuesday's panel also included Erin Egan, Facebook's vice president for public policy, P&G global privacy officer Susan Shook and FTC Commissioner Rebecca Slaughter. Facebook also faces government pressure to build back doors into its software.

WATCH: CES highlights tech meant to be controlled with your mind

Read more:
Apple privacy officer says that 'building back doors' to access iPhone data won't help solve crimes - CNBC

Facebook has just admitted its bold Messenger encryption promise will not be delivered for years, ... [+] giving its billion users a reason to switch to another service.

Facebooks Messenger service is not yet end-to-end encrypted by default, despite the bold promises CEO Mark Zuckerberg made last March. While the move would give Facebook Messengersone billion users access to significantly more secure communications, it isnt going to happen any time soon, according toWired.

The reason for this is surprising: Its not because Facebook needs to drastically change its business model, or due to interference from law enforcement who have their eyes on encryption. Its actually because of the massive technical challenge involved.

Due to the significant issues in adding the technology to an existing system, end-to-end encryption on Facebook Messenger could be years away, a Facebook software engineer speaking at theReal World Cryptoconference in New York has admitted.

"While we have made progress in the planning, it turns out that adding end-to-end encryption to an existing system is incredibly challenging and involves fundamentally rethinking almost everything," Facebooks Jon Millican said.

Currently end-to-end encryption for Facebook Messenger is available, but only if you use itsSecret Conversations Mode.

Facebook-owned WhatsApp enabled end-to-end encryption for its billion users in 2016. But last year, it emerged thatFacebook Messenger is to be integrated with WhatsAppand Instagram under a single underlying messaging platform or protocol.

Its not clear what this latest Facebook admission means for the integration plans, but the social network has also recently been criticized forhiring contractors to listen to peoples private conversations.

Facebook has also been the subject of multiplebreachesand data scandals. Meanwhile, in November, the social network came under fire for testing ascary facial recognition appon its employees and their friends.

With many people already considering deleting their Facebook accounts, its a good idea to take a look at secure services you can use to chat to friends and contacts that use end-to-end encryption by default.

Here are three alternatives to Facebook Messenger:

Signalis well-known and loved among the security community, and its a great way to chat to your friends and contacts securely. Among its attributes, Signal provides end-to-end encryption using its own uniqueprotocol.

Its also open source, which makes it more secure because a large number of skilled people are able to constantly test and fix its code. Signal offers features such as self-destructing messages and the ability to hide messages appearing on the lock screen to hide them from prying eyes.

Beloved of many security-conscious people,Wickrwas actually one of the first messaging apps to adopt end-to-end encryption. It boasts some cool features such as the ability to ensure deleted files are completely unrecoverable.

With the option to enable conference and group calling on the professional version, Wickr Pro, its especially suitable for enterprise users. In addition, Wickr is open source, meaning its easy for the community to get involved in fixing security issues and bugs.

Viberis quite a popular secure messaging app, with about260 million monthly active users. As well as offering end-to-end encryption, it color codes your chats to show you how secure they are. But one thing you should note: only one to one chats are end-to-end encrypted, so group conversations are not as secure.

I get it: As well as switching to another service yourself, you have to convince your friends its the best one for them too.

Personally, I dont use Facebook Messenger anymore, and I have kept WhatsApp for now to speak to friends and contacts who use the service. But I also use Signal to chat securely to people who are open to downloading it.

The app is free, so why dont you install it on your smartphone and try it out?

View original post here:
Facebooks New Admission Just Gave 1 Billion Messenger Users A Reason To Switch - Forbes

Eternity Insights, adds a comprehensive research of the Encryption Software market that mentions valuable insights pertaining to market share, profitability graph, market size, SWOT analysis, and regional proliferation of this industry. This study incorporates a disintegration of key drivers and challenges, industry participants, and application segments, devised by analyzing profuse information about this business space.

This research study on the Encryption Software market is an apt exhibit of this industry sphere. It includes a detailed analysis of this vertical as well as substantial information on this business space, with regards to pivotal aspects such as the current revenue, profits projections, the latest market tendencies, market size, market share, and various other deliverables, over the forecast period.

Request a sample Report of Encryption Software Market at: https://www.eternityinsights.com/request-a-sample/12436

A brief overview of the performance of the Encryption Software market during the forecast timeframe has been provided. Information about the driving factors affecting the Encryption Software market outlook has been delivered, in conjunction with the growth rate that this business space is expected to register over the expected duration. Also, the Encryption Software market study delivers a detailed notion of the numerous challenges prevailing in this business space. Also, an in-depth understanding of the growth opportunities existing in this vertical is delivered in the study.

Main pointers presented in the Encryption Software market report:

Unveiling the Encryption Software market with respect to the geographical terrain:

Encryption Software Market Segmentation: USA, Europe, Japan, China, India, South East Asia

Information given in the market report with regards to the major industry indicators:

A comprehensive gist of the Encryption Software market with regards to the product and application spectrums:

Product landscape:

Product types:

Key insights delivered in the report:

Application spectrum:

Application segmentation:

Specifics given in the report:

Ask for Discount on Encryption Software Market Report at: https://www.eternityinsights.com/ask-for-discount/12436

Other major pointers included in the report:

Some details about the competitive terrain of the Encryption Software market include:

Vendor base of the industry:

Competitive analysis pointers mentioned in the report include:

The Encryption Software market analysis also speaks on important details pertaining to parameters such as market concentration ratio.

Read more at: https://www.eternityinsights.com/report/global-encryption-software-market

Some of the Major Highlights of TOC covers:

Chapter 1: Methodology & Scope

Definition and forecast parameters

Methodology and forecast parameters

Data Sources

Chapter 2: Executive Summary

Business trends

Regional trends

Product trends

End-use trends

Chapter 3: Encryption Software Industry Insights

Industry segmentation

Industry landscape

Vendor matrix

Technological and innovation landscape

Chapter 4: Encryption Software Market, By Region

Chapter 5: Company Profile

Business Overview

Financial Data

Product Landscape

Strategic Outlook

SWOT Analysis

About us:

our reputed market research & consulting portal, eternity insights publishes industry/market reports, equity & financial data, and analytical research reports. We focus on almost all industries and deeply examine their segments & sub-segments. Our platform further probes the market revenues, ongoing trends, driving/preventive factors of the industries, key categories & sub-categories, competitive overview, etc.We have an expert team of research executives & data collectors that provide market intelligence services to facilitate better decisions. These decisions help clients with regards to more opportunities & penetration. eternity insights also exposes its customers to competitive strategies, impending events, survival plans, anticipated perils, and growth opportunities.

Read the original here:
Encryption Software Market Detailed Analysis, Competitive landscape Forecast to 2026 - Citi Blog News

Podcast: Play in new window | Download

One of the most pressing issues facing companies in thepayments industry is how they handle their data. Since financial transactionsand services generate large amounts of data, financial institutions need tohave a robust system in place to effectively process, analyze, and store theinformation.

Security is paramount, as the data is highly sensitive, andhackers are constantly trying their utmost to access it. And due to howvaluable and sensitive the data is, companies must comply with a myriad ofgovernment regulations dictating acceptable practices. Its essential thatcompanies understand where their data comes from and how to maintain itproperly.

To learn more about the importance of data governance, datamanagement, and what solutions exist to help companies navigate the problemsassociated with data handling, PaymentsJournal sat down with Adwat Joshi,founder and CEO of DataSeers, and Tim Sloane, VP of Payments Innovation atMercator Advisory Group.

PaymentsJournal

PaymentsJournal

During the conversation, Joshi and Sloane discussedDataSeers five step approach to data governance, data management, datasecurity, and what data quality means. They also covered encryption, and the intersectionof encryption with authentication and authorization.

Data governance is a major question facing the paymentsindustry. Regulators are increasingly scrutinizing how companies are governingtheir data and whether they are doing so correctly. Even without the scrutinyof regulators, solid data governance is vital for companies to be successful.

This is because bad data makes it challenging for companiesto use it effectively. If I dont have what I need, and its not in a goodformatits not rightthen how can I ever do anything with it? explainedJoshi.

One element of DataSeers approach is data profiling, whichentails reviewing the various data types to determine whether the data consistsof numbers, text, or a mix of the two. It gives you a clear understanding ofwho is sending what, said Joshi, allowing companies to request that the dataget cleaned before being accepted by that company.

DataSeers solution also enables authentication,authorization, and auditing. We want to make sure that we authenticatedanybody who is trying to access the data, said Joshi. Authorization means thatonly people with proper permission to view data are allowed to do so. The lastpart, auditing, means that companies can keep track of who accessed the data,when, and which data specifically. This helps ward off against internal fraud.

Sloane noted that authentication, authorization, andauditing is more important than ever due to a variety of new regulations,including the E.U.s General Data Protection Regulation (GDPR) and Californiasdata regulations.

Overall, DataSeers approach assumes that the data is comingin as a mess. Therefore, the companys proprietary process is designed to cleanthe data, homogenize it, label it, enhance it, encrypt it, and allow for it tobe seamlessly distributed. By taming the data, DataSeers enables companies tomore effectively leverage it.

Understanding and documenting where data is coming from,when it is coming, and what is coming is very important for companies. Beingable to keep track of all these questions is known as master data management(MDM). Sloane likened MDM to housekeeping, pointing out that while MDM is oftenoverlooked, making sure you know where everything is kept, if it is labeled,and who has access to what, is all essential.

Since it is such an integral part of many companiesworkflow, MDM is a very big industry, with many companies offering productswhich allow clients to better manage their data.

However, unlike a lot of solutions in the market, DataSeersapproach is tailored made for the payments industry. We understand what isrequired in order to have a better compliance platform, a better fraudplatform, and even a better reconciliation platform, said Joshi.

The next major aspect of effective data governance andmanagement is data security.

My definition of data security is the person whos supposedto have access to the data at the very specific time is the only person, atthat very specific time, who gets access to that very specific data, offeredJoshi. If the wrong person tries to access the data, or even the right personbut at the wrong time, denying them access is key to data security.

Joshi provided a useful analogy of someone securing theirhouse. If someone invested in a series of security tools, such as a camera,fancy lock, and expensive security service, yet forgot to lock the front door,all the fancy tools would be for naught. Similarly, the basic thing you haveto really think about is how well protected your data is at the source, saidJoshi.

DataSeers approach to securing data is unique, said Joshi.We call it the submarine architecture. It works by compartmentalizing thedata, so if one section gets compromised, the rest of the data is safe, similarto how a submarine compartment can fill up with water, but the rest of thesubmarine remains safe. An end user faces multiple steps upon logging into thesystem and is ultimately unable to get all the way to the source.

Assessing the quality of a data set is not a straightforwardexercise. You cannot just assign an arbitrary number to data set, labeling itsquality as 80, for instance, and have that make any sense. Instead, the qualityof data is measured by your ability to act on it, said Joshi.

If you are able to act on it with less noise and highaccuracy, your data is potentially very good quality, he said.

Sloane agreed, adding that the quality of data is dependentupon the purpose that youre going to apply the data to.

To this end, DataSeers invented a quality index on scale of1-100, which signals how actionable the data is in various situations.Depending on the specific situation and corresponding algorithm, each data elementis weighted for how important it is.

Encryption is another important aspect of good datamanagement. As Joshi noted, encryption is a broad term, which can refer to datathat is encrypted to simply comply with PCI standards, or data that isencrypted on multiple levels. In the former case, the data is only encrypted atrest, which means it can still be vulnerable.

Therefore, If you really want to do encryption, if youreally want to encrypt your data, data encryption has to happen at multipledifferent levels, said Joshi. DataSeers offers this level of encryption in itslatest release of software. We are supporting even column level encryption,stated Joshi. We are trying to keep the data encrypted as much as possible.

Such an approach allows users to access reports, but maybenot a specific column contained within, depending on who the user is and thecolumn in question.

Sloane pointed out that encryption like this combinesauthentication and authorization, allowing people to view only what theyresupposed to view.

Joshi agreed, adding, One of the things that we areimplementing is everything that comes out of our platform will be encrypted insuch a way that the only person who can decrypt it is going to be our clients.

Approaches to data such as the one embraced by DataSeersprovides companies with the platform necessary to get the most out of theirdata.

Summary

Article Name

Get a Handle on Your Data: DataSeers on the Importance of Data Governance & Management

Description

Security is paramount, as the data is highly sensitive, and hackers are constantly trying their utmost to access it. And due to how valuable and sensitive the data is, companies must comply with a myriad of government regulations dictating acceptable practices. Its essential that companies understand where their data comes from and how to maintain it properly.

Author

PaymentsJournal

Publisher Name

PaymentsJournal

Publisher Logo

Excerpt from:
Get a Handle on Your Data: DataSeers on the Importance of Data Governance & Management - PaymentsJournal