Solution to Keep the US Government from Snooping

Solution to Keep the US Government from Snooping

In light of continuing news reports of the U.S. government snooping on email and related communications insecurities, Dave Anderson, senior director at Voltage Security offers an engaging commentary. He highlights the value of Solution to Keep the US Government from Snoopingencryption, where the intended email recipient, who is validated, is the one to decrypt the email’s data in order to read it. According to Anderson, the ultimate solution is a stateless key management encryption solution that generates crypto keys on demand, and only when encryption and decryption is needed.

“Email is such a ubiquitous form of communication in business today, not just for simple status communications to employees, but also to distribute content and information outside of the organization to customers, partners and suppliers. Most companies are using email to send sensitive information, including financial, HR, health care and other personally identifiable information, often times without realizing the ease of this information being exposed and lost unless the email and attachments are encrypted. 

“Email can be made private and not subject to exposure or snooping, if the proper encryption methods are implemented to protect the email and all attachments end-to-end, all the way through to the intended recipient. Identity-based encryption, which employs a user’s identity as part of the algorithm to generate the encryption keys on-demand, can effectively encrypt and secure email content and corresponding attachments, both structured and unstructured data, and can maintain that level of encryption from the moment it is created until it is decrypted and read by the intended recipient.

“Many of the surveillance programs in the recent news have employed a process not where they are breaking the crypto, but simply sniffing the email and payload content either before it has been encrypted or after it has been decrypted before it’s sent to the recipient. Gateway solutions are common in these scenarios where the sniffing happens at the gateway, once the gateway receives a clear text email but before the gateway encrypts, or alternatively once the recipient’s gateway receives the encrypted email and then decrypts, but before it gets sent to the recipient.  

“Email security has been available since the dot-com era began as PKI programs provided encryption solutions that could be integrated and used within common email systems.  However, these PKI-based solutions were very difficult to properly deploy. They were very manual in nature and therefore, not user friendly, and often the integration with email systems was difficult and not seamless.  Many companies did not deploy email encryption at this time simply because of these issues, although continued to use email to communicate sensitive information, assuming that other security controls, such as user access and authorization, VPN, or DLP solutions, would keep their email secure, which obviously hasn’t been the case.

“PGP, and other PKI-based encryption solutions, force the customer to adopt a manual, difficult process for generating and managing the crypto keys and certificates used to encrypt, decrypt, and validate users. The key management behind these systems is very difficult for the average enterprise to adopt, and is quite costly over the long run, as the management processes for these systems require a great deal of manual activity and oversight. A better alternative is a stateless key management encryption solution, where crypto keys are generated on demand, only when the user needs to encrypt and decrypt.  Stateless key management, combined with an identity-based encryption solution, completely removes the complexity, cost, and management overhead from an email encryption solution, and can be rapidly adopted and integrated into an enterprise.”

About the Author

Dave Anderson is senior director at Voltage Security.

Featured

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

Featured Cybersecurity

Webinars

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3