Encryption of stored data can create more risk of attack

By Janine de Blois

Warnings regarding key management infrasturcture are coming from security experts. There is a difference between encrypting a session of data in transit and encrypting stored data, which can potentionaly bring business to a halt.

Experts give some examples of possibilities. Richard Moulds of nCipher says“When you shift to data at rest and encrypt your laptop, if you lose the key you trash your data - it’s a self-inflicted denial-of-service attack.” Or, in a new type of DoS attack, “If you can go in and revoke a key and then demand a ransom, it’s a fantastic way of attacking a business.” European security strategist for Juniper, Anton Grashion warns “As soon as you let the cat out of the bag, they’ll be using it too…For example, it looks like a great opportunity to start attacking key infrastructures.”

A general slowdown of access to information critical to business is another concern. Joshua Corman, principal security strategist for IBM ISS states, “One fear I have is that we’re all going to hide all our information, but companies are information-driven, so we take tactical decision and stifle ability to collaborate.” Richard Reiner, chief security and technology officer at Telus Security Solutions, adds “Sometimes, the result of implementing security technology is actually a net increase in risk.”