UPDATE 7-31-09:
This post caused a great deal of controversy. Some readers left with the impression that we believe encryption to be obsolete or unnecessary. That was not our intended message; rather it was to expose common problems with conventional approaches to data encryption and what dispersal offers to address them. Other readers disagreed with the veracity of our claims, which is not surprising given that the post lacked technical details to backup them up. To provide technical details in defense of the claims made in this post, we have written three follow up responses: Part 1, Part 2, and Part 3 which we invite you to see.
When it comes to storage and security, discussions traditionally center on encryption. The reason encryption – or the use of a complex algorithm to encode information – is accepted as a best practice rests on the premise that while it’s possible to crack encrypted information, most malicious hackers don’t have access to the amount of computer processing power they would need to decrypt information.
But not so fast. Let’s take a look at three reasons why encryption is overrated.
1) Future processing power
While processing power today may keep encrypted files (that are stored in the cloud, for example) safe, as processing power improves, archived encrypted files will require systematic re-encryption to remain safe from potential hackers. Systematic re-encryption, though, is difficult, laborious and expensive.
2) Key management
To decode the encrypted files, a user needs the encryption key. Unfortunately, managing a large number of encryption keys can be painful. Yes, there are enterprise key management (EKM) solutions that promise the ability to manage and change keys throughout their life cycle – but these serve more as a band-aid to the fundamental pain of dealing with numerous keys. As a chain is only as strong as its weakest link, an enterprise key manager is only as good as the integrated key management systems that use it. If any system downstream from a secure key manager exposes the key, or is not designed to cover a certain threat, the whole thing becomes not secure.
3) Disclosure laws
Beyond technology, breach disclosure laws — that require organizations to notify individuals when personal information has been or at least is reasonably believed to have been acquired by an unauthorized entity – can result in a PR nightmare for a business that encryption can’t resolve. A quick visit to Privacy Right Clearinghouse lists the compilation of data breaches since 2005 that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws. Not a short list.
A technologist with a good understanding of encryption methods may be comfortable with some of the breaches or data losses reported due to the strengths of the encryption. But this doesn’t matter in the court of public opinion; once data – encrypted or not – is lost, so is the trust of the general public. Encryption is simply not enough to counter business concerns about the security of their data.
Consider Dispersal
With full disclosure – Cleversafe’s storage solution is based on Dispersal – consider its security benefits. Dispersed Storage technology divides data into slices, which are stored in different geographies. Each slice contains too little information to be useful but any threshold can be used to recreate the original data. Translation – a malicious party cannot recreate data from a slice, or two, or three, no matter what the advances in processing power. And Dispersal does not require the time and energy of re-encryption to sustain data protection.
Maybe encryption alone is “good enough” in some cases now – but Dispersal is “good always” and represents the future.
9 Comments
To address your point;
1. Future processing power is no match for a well established destruction policy and implementation as most enterprises have.
2. Key management. Multiple keys are required in a good plan, preventing an employee from accidently or purposefully exposing said keys. Keys are changed every year at better electronic banks.
3. Disclosure: If the data is encrypted, it is not exposed. Same as having encrypted traffic in public ether, safe.
Dispersal does remedy companies with weak or little control, but is still no match for a well designed system with multiple controls. Anyplace one person can access the information it is vulnerable. Dispersal may give false confidence under this light.
I don’t get it, what do you mean by the 3rd paragraph?
Just because seat belts cannot save lives 100% of the time in the event of an accident does not mean that you sholdn’t use them.
Encryption is just but one measure in a defense in depth security program.
Good points though.
Neil,
We have recently published an in-depth post which focuses on the third point: http://dev.cleversafe.org/weblog/?p=178
The main idea is that dispersal greatly reduces the likelihood of data exposure, and thus companies can avoid the negative press and loss of confidence by their customers that comes with disclosing data breaches, something which is required by law in 34 of the 50 states.
Jason
Phil Agcaoili,
Your reasoning is correct, the fact that encryption is not perfect does not mean it shouldn’t be used. However, there are downsides to using it, namely increased complexity and chance of data loss (by losing the keys). Given that dispersal combined with the all-or-nothing transform can achieve comparable or superior levels of confidentiality to that of encryption, using encryption can be both unnecessary and harmful in some situations.
To use your seatbelt analogy, lets say a new car safety measure was invented that filled the car with soft foam before a crash. If it were found that seatbelts caused more injuries than they prevented in cases where this new technology was used then it would be better to not use them. Please see this more recent post which explains this idea in greater detail: http://dev.cleversafe.org/weblog/?p=111
In short, encryption+dispersal will increase confidentiality at the expense of availability. To what degree each is affected can vary greatly and must be analyzed on a case-by-case basis to see if the trade off is acceptable for the particular deployment.
Thanks for yours comments,
Jason
Thanks for the link and information, Jason. I agree with your comments.
Our field is in a continual state of evolution and know that the more costly, but newer advancements provide additional security and capabilities like availability beyond the former solution. Dispersal, AONT, and IDA offer that added dimension (at a cost for now).
Going back to my analogy, we all know that using some type of restraint system is better than using nothing. I’m a big fan of 5-point harness systems, an evolution of the simple set belt. http://www.britaxusa.com/safety-center/superior-energy-management/five-point-harness.
It sure is overrated, its abused by law enforcement to no end. I don’t like the fact there is no oversight on these agencies, because of this encryption.
Very interesting blog. I will come regularly here. Thanks the author
Interesting article, thought i may not agree with the points. I’ll post my reasons why Encryption is UNDERRATED on my blog !