2017: The Year Encryption Goes Wild

2017: The Year Encryption Goes Wild

Wow, another year goes by with even more monumental data breaches. Believe what you want about the election, the DNC hacks, the latest Yahoo breach revelation and the numerous other data thefts put even more business decision-makers in fear for their own company’s technology security. Leadership’s historical response to breaches has continued to be higher walls and wider moats. Maybe it’s time for a different (and maybe more affordably efficient) approach.

My prediction is 2017 will be the year Encryption Goes Wild – as in wider use by more enterprises, more users, and in more applications.  There have been some nice inroads over the past few years at better encryption for personal chat, but the record for these exact tools’ migration and deployment into the enterprise is abysmal. The scope of enterprise chat, messaging, and file sharing has completely different requirements from how you message your buddy or spouse with dinner plans.

The reasons encryption goes wild in 2017 are (1) enterprise user security fatigue means they regularly and repeatedly take unadvised technology risks in the spirit of “I need to get my job done,” (2) leadership team anxiety continues to grow from swelling, yet suspect effective, security budgets, (3) the growing realization by most IT professionals that the game has changed from “if we get hacked” to “when we got/get hacked,” and (4) encryption is the most affordable way to secure information both outside and inside the firewall.

Encryption technology has historically been something that only the most technical software engineers and developers discussed, but more and more it comes up in daily conversation and has become a front-and-center business opportunity. In 2017, encryption will go wild.

Encrypt everything

These days, most everyone in the enterprise deals with encryption at some level. Whether by ensuring they have a secure connection to an email server or that https is included in a website address, a majority of people wouldn’t argue against the fact that security is important. But while these practices are all good, they don’t address the wider issue.

Even though a hosted connection or a server might be secure, the company data hosted on the server is now at the mercy of the service provider. Similarly, when companies use a cloud-hosted group chat tool, that provider’s servers can collect, store and even analyze company data to learn about their customers. Even on-premise servers present a risk because insider threats are a legitimate possibility. In fact, the Ashley Madison hack and the NSA breach were both insider jobs.

In order to better protect from both internal and external threats, companies are realizing that end-to-end encryption is no longer just a nice-to-have; it’s a necessary safeguard against an almost inevitable breach. More and more services are offering end-to-end encryption, and we’re going to see this grow exponentially in the coming years.

Email for Internal Discussions is Showing its Age

Anyone familiar with the security industry knows that the history of end-to-end encrypted email is not pretty. No one has been able to successfully deploy any usable, fully encrypted email service, yet it’s the tool that businesses use most to communicate and collaborate on important documents. For many CIOs, this translates to more spending on firewalls and other external safeguards to reduce the risk of a breach. With rising awareness of the importance of encryption, however, companies are moving to alternative types of communication and file-sharing tools to protect their businesses.

Enterprise-deployable, end-to-end encrypted software that can be properly scaled is few and far between, but in 2017, we’ll continue to see more technology companies announcing secure software for the enterprise to address this need. Secure collaboration software, storage servers and chat tools are already gaining strong user bases. While email won’t ever be fully replaced any time soon, its position as the primary means of sharing internal company data is being recognized for how unsecure it is, and email usage is already declining.

Being a black hat becomes harder to hack

So a company has now ensured nearly all employee activity is done on fully encrypted applications, eliminated employee use of unsanctioned tools and reduced unnecessary spending on firewalls. Even in a scenario in which CIOs have rolled out every secure, deployable, verifiable encryption tool, a determined hacker can still find a weakness to exploit.

However, once they are able to infiltrate the system, they’ll find all services use end-to-end encryption, and that the only avenue for them is to try to breach a user’s end point. With this model, the only way a hacker can achieve a large-scale breach is to compromise nearly every single end point in the organization.

As a hacker, this raises some questions: How do I get into a network, have no one realize and compromise every device with no one noticing? This is even more difficult and time-consuming at scale, and there are no longer quick wins of getting all the information a company has to offer. As more enterprises roll out fully end-to-end encrypted systems in the coming year, hackers will have a hard time accessing the information they want.

Tear down that wall

End-to-end encrypted email was proven to be completely unusable, and we as an industry have abandoned efforts to deploy it successfully. With that failure has come the realization that bulletproof, future-resistant encryption is not only achievable, its already in use today. We’ve proven we don’t need two-step verification or USB dongles to create an experience that’s both user-friendly and secure, and we’ve shown there are ways to avoid using unencrypted services like email—such as encrypted chat—and still succeed at our jobs.

Rather than focusing on “building a wall” to secure their companies, CIOs that want to reduce risk should focus on using apps and tools that offer to fully encrypt corporate data – without storing keys – so that there are fewer security weaknesses to safeguard against in the first place.

Featured

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.