Because of hacking scandals and government snooping, many companies are starting to encrypt all their data. Both Apple and Google have committed to help users encrypt data in their devices and in all communications. Some experts project that more that 20% of Internet traffic will be encrypted by the end of this year.
Mobile devices are the biggest battlefield for security and encryption services. Many executives carry massive amounts of confidential data on their devices, usually unencrypted. While most laptops used by people working with confidential data have some form of disk encryption, and/or remote management, that doesn’t apply to smartphones and tablets.
In order to gain corporate customers’ confidence, smartphone and tablet manufacturers are working hard to increase the security of their devices. BlackBerry was among the first to employ full encryption of communications on its popular BlackBerry messenger. Samsung is committed to provide full encryption and data locks with its Knox platform.
Now, both Apple and Google are providing full encryption as a default option on their mobile operating systems with an encryption scheme they are not able to break themselves, since they don’t hold the necessary keys.
The Android operating system has had a phone encryption feature since version 4.2 (Jelly Bean), but users needed to start the encryption procedure manually. All new devices shipping with Android 5.0 (Lollypop) are encrypted by default. With the launch of iPhone 6, Apple announced that it will not be able to assist law enforcement agencies in unlocking data in iOS devices, because they will be encrypted using keys unavailable to Apple.
The new encryption features are mostly welcomed by corporate users and CIOs who for years have been asking Apple and Google to protect confidential data on their devices, because many employees fail to follow the security guidelines of their organizations not to keep sensitive data on personal devices.
Overall, demand for encryption is growing. Cloud encryption services provider CipherCloud recently received a $50 million investment by Deutsche Telekom, which the company said positions it for "explosive growth" this year. The services are designed to allow corporations to benefit from the cost savings and elasticity of cloud-based data storage, while ensuring that sensitive information is protected.
Some corporations have gone as far as turning to "zero-knowledge" services, usually located in countries such as Switzerland. These services pledge that they have no means to unlock the information once the customer has entered the unique encryption keys. This zero-knowledge approach is welcomed by users, who are reassured that their information is impossible to retrieve -- at least theoretically -- without their knowledge and the keys.
Top government officials, including President Obama and British Prime Minister Cameron, argue that law enforcement needs to be able to have access to all communications and obtain the necessary keys, but we know from recent large-scale breaches that corporate data needs to be securely encrypted to safeguard sensitive information. That doesn't mean that access to encrypted data should not be granted to police and prosecutors provided a valid court order is produced.
Still, some professionals, especially doctors, lawyers and business people who have a legal and ethical responsibility to shield sensitive data, need to protect that data against intrusion of every sort. I was recently told by the CIO of a European pharmaceutical company that the company's servers are frequently “visited” by sophisticated hackers trying to get access to valuable research information. He is convinced that some of these attacks originate in government agencies.