their vulnerability to hacking. An encrypted voice call is
required to verify a financial transaction.
For email encryption, ZixGateway is an on-site appliance that delivers ZixCorp encryption services. It operates
a dedicated server placed at the edge of the local enterprise network to inspect all outbound email. With full
content scanning, ZixGateway can encrypt, route or block
outbound email. It ensures compliance with company
security policies automatically, without requiring special
training or procedures for employees. However, this is an
example of a proprietary encryption solution that calls for
capital expenditures, configuration management and software maintenance.
The proprietary service Silent Circle (SIGNAL Magazine, December 2014, page 32, “Securing Communications ...”) offers a unique combination of custom-made
Blackphone hardware and Silent Suite applications. The
end-to-end encryption service allows the deployment of
enterprise-level privacy via a private network of mobile
phones. Silent Circle requires the purchase of its phones
from a limited source of supply and is not a low-cost
Encrypted communications also are available
from Cryptocat, Folder Lock, Secure IT, Kruptos 2,
CryptoForge, SafeHouse, SensiGuard and Privacy Drive.
Overall, the number of encryption applications and their
features is growing constantly.
Data backups are the weak link with encryption providers. Files backed up to Apple’s iCloud servers or to Google
Drive, for example, are unprotected. That leaves messages
open to hackers or to any organization that can force
those companies to turn over backed-up data. Decrypted
messages should not be backed up to centrally managed
clouds. The downside to turning off backups is that data
cannot be recovered if it is lost or destroyed.
The cloud, however, offers another option for end-to-end encryption. Although the adoption of cloud services
has been gradual, according to the RightScale 2015 State
of the Cloud Report, 93 percent of enterprises are using
cloud services to store files that require special safeguards.
Google Drive Virtru integrates military-grade encryption
with Google Apps to protect users’ information. In this
case, data security, particularly the custody of encryption, is delegated to the cloud provider. One of the biggest
advantages Google offers is its size and resources. Hosting encrypted files on Google’s servers means they are
protected by around-the-clock surveillance, redundancy
in case of an outage and compliance with a number of
important security standards, including ISO 27001 certification and SOC 3 Type II audits. That transfers the burden
of powering, securing and supporting a data center to
Google, which provides important security features, such
as multifactor authentication.
Central to Virtru’s encryption philosophy is the idea
that data can be locked down independent of its location.
Files are accessible only to their recipients and are protected on every Google server. Only the sender owns the
keys to encrypted files, which can be accessed anytime or
anywhere they are needed.
End-to-end encryption does have its drawbacks.
Although the technology has made secure online payments possible, it also could provide a cover for cyber
criminals in developing countries such as Pakistan, for
example, in which 14 percent of the population— 27 million people—have access to the Internet. With an annual
per capita income of $1,400, Pakistanis could have an
incentive to shift to Internet commerce for quick gains.
Add other countries in which millions of capable youths
are unemployed, ambitious and easily subordinated to
criminal groups, and the overall incentive is high to gain
from money-rich, Internet-based economies by whatever
means are available.
In addition, confrontations can occur when the U.S.
government attempts to regulate encryption practices.
Reliance on security countermeasures by cyber-defense
agencies appears to be the preferred recourse for examining plain text data. This approach is labor-intensive and
depends on an extremely limited supply of trained analysts. Unfortunately, attackers greatly outnumber defenders. Defending against an attacker that employs end-to-end encryption is difficult and time-consuming and
involves elaborate interagency procedures.
Inline or with Taps