If we look at smaller-sized businesses, what encryption should they be implementing, and why do you think it’s important to have an encryption policy in general?
“The type of encryption an SME (small-medium enterprise) should employ is dependent upon the specific legislation that they fall under, as in some instances, legislation will prescribe a specific standard. With encryption, it is worth keeping in mind that the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) both impose controls on the export of certain forms of encryption. Many SME grade products have native encryption capability built-in. SMEs are being targeted more frequently by single hackers and organised crime groups as they are low hanging fruit. Those same enterprises carry some level of data that falls under privacy laws such as GDPR (General Data Protection Regulation) or HIPAA (Health Insurance Portability and Accountability Act), and thus from a governance and liability perspective, SMEs must have a proper information security management system in place which would include a data classification and encryption policy.”
How can organisations prevent cyber-attacks by using encryption tools? What types of encryption are available, and what are the pros and cons?
“Regarding data protection, all SMEs face the same challenge. Whilst their encryption tools are very capable, the difficulty lies with their implementation and management. For the most part, the tools do not run themselves, and must be managed by someone with a deep understanding of encryption. Whilst this doesn’t mean they have to be overseen on a full-time basis; they do demand administering.
“Symmetric cryptographic uses the same key for encrypting and decrypting information, meaning that the encryption and decryption are very fast. The disadvantage lies in key management, for instance – getting a key to someone securely is problematic. With asymmetric encryption, also known as public-key encryption, one key is public and the other is private. Whilst the public key is shared so that anyone can use it to encrypt messages or data, the private key is the one used to decrypt the message or data. The main drawback here is that the key pairs are very long, meaning that that encryption and decryption takes a lot longer, and requires more computing power.”
“Blockchain is the latest in a long line of silver bullet products that will solve all the ills of the Internet. At present, the global adoption rate of blockchain is very low. For example, in 2018, Gartner found that only 1% of CIOs were looking at any type of blockchain adoption. In addition, only 8% of CIOs were in the planning of active experimentation with blockchain. In the Gartner Hype Cycle, the bulk of blockchain technologies are categorised as Innovation Trigger or Peak of Inflated Expectations, with the bulk in the plateau window of 5 to 10 years. This suggests that blockchain’s time has not yet come.”
From your experience within data encryption, which key trends should organisations be focusing on this year, do you think quantum computing and quantum cryptography will be a success?
“Quantum computing and quantum cryptography are already a reality. The real question is: what is the current usability? Currently, quantum computing has the potential to be used in specific areas, such as machine learning and artificial intelligence (AI), chemistry and finance. From a healthcare perspective, quantum computing can be used for DNA gene sequencing, but from a practical standpoint, the thing for most businesses of all sizes, is that it is very unusual for commercial grade encryption to be broken.”
Visit our pages to find out more about Capgemini’s cybersecurity capabilities.