Perimeter security and firewalls are no longer sufficient in a connected world where closing all the doors to your information is becoming harder to do. It’s also good common sense to ensure that data, particularly sensitive data such as company information, proprietary data and personal data, is protected. Looming regulations such as the Protection of Personal Information (PoPI) Act, and the EU’s General Data Protection Regulation (GDPR) are driving forces behind having proper mechanisms in place to protect personal information.
#Is encryption good or bad zip file#
Every so often, you will run into a ZIP file that was dutifully protected with a password, with no-one on the project able to tell you what it is.Data is valuable, and there is an increasing need to protect it. Yet access to the data is still required. Typically over decades, everyone who worked on it will have left the company. This is also a problem when documenting large industrial projects. And probably, you will need to keep them physically secure, which again reduces the availability of your data: now instead of just double-clicking on a file, you need to retrieve a physical key, get up, walk to the safe, open it, retrieve the card, … by the time you come back from coffee, you no longer know what you wanted to open. If you use smart cards, you will need to have them at hand. If the encryption is based on certificates and you validate the certificate, as you should, then access to the data is conditional to the availability of the revocation server. Using encryption also often means that the availability of your data becomes dependent on the availability of the encryption infrastructure. Or it will require that we encrypt the data, but then how do we keep a copy of the key just in case? How do we ensure that the key remains available to those who will need it through time? What happens when the only guy who knows the passwords dies and leaves millions of users locked out of their account with no way to retrieve their money? Meanwhile, to keep data confidential will require having the fewest possible copies, which increases the risk of loss. When Linus Torvalds’ hard disk failed, he lost next to no work.
#Is encryption good or bad code#
Open source projects that publish their source code to hundreds of Git repositories over the Internet gain the resistance of redundancy. The more confidential a file is, the less available it is, almost by definition. What few people seem to realise is that confidentiality is really the opposite of availability. It turns out that availability is often the most important property of systems. Losing integrity often means your systems also lose their availability: they become unable to perform their function: this happened to car manufacturers, aircraft part manufacturers, and probably others as well, resulting in weeks of downtime and sometimes disruption of the supply chain upwards and downwards. When Avast failed to protect CCleaner’s integrity, all of the application’s users became targets for the malware embedded in the corrupt file. Losing integrity means your systems may start working against you. And most of the time, it has very little effect besides temporary bad publicity, as in the Facebook Cambridge Analytica affair, which seems to have produced little more than a Netflix documentary on the topic.īut confidentiality is really only one part of the equation. It can also have catastrophic effects in terms of branding and litigation from those whose data leaked, as in the case of the Ashley Madison hack. Disclosure of personal data can result in breach of regulations under the GDPR, and various side effects such as personal embarrassment, as in the case of France’s former minister Benjamin Griveaux, whose political career came to a stop after the leak of a sex tape. Typically, disclosure of technical secrets or business information can result in the loss of a competitive advantage. “What happens if my files get stolen?” “Google has all my e-mail!”ĭisclosure may or may not be bad. It is interesting that when talking about computer security, many people will think about confidentiality first. The fourth property is traceability, which is of no interest to us in this paper. Availability, the loss of which is denial of service.Integrity, the loss of which is corruption,.Confidentiality, the loss of which, is disclosure,.Security attributes are often summed in three, sometimes four, basic properties that we may need to implement on our assets: