IT Pros Fear Encryption Backdoors - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Enterprise Mobility Management
News
4/20/2016
09:06 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

IT Pros Fear Encryption Backdoors

A survey of IT professionals by network services company Spiceworks finds concern about the risk of backdoors that bypass encryption.

Master iOS 9.3 With These 9 Tips And Tricks
Master iOS 9.3 With These 9 Tips And Tricks
(Click image for larger view and slideshow.)

Amid federal and state bills written to weaken computer security by mandating backdoors that bypass encryption, IT pros are alarmed at the prospect of security made insecure, according to a report released Tuesday by IT services firm Spiceworks.

In a survey of 600 IT professionals from North America, Europe, the Middle East, and Africa, Spiceworks found that 87% said they believe backdoors increase the risk of a data breach.

As an individual identifying himself as Dave Ohlendorf explained in the Spiceworks forum, "ANY backdoor -- no matter who knows about it, can and likely will be reverse engineered and end up in the wild where it will get into the hands of 'very bad people.'"

This view has been echoed by cryptography experts such as Matthew Green, assistant professor in the department of computer science at Johns Hopkins University. As Green put it in a tweet earlier this year, "The problems with encryption backdoors come up when you try to scale them from an idea to something that affects millions of people."

The Athens affair, in which the Vodaphone phone network in Greece was compromised over a decade ago, is often cited as an example of the problem with backdoors.

Backdoors in encrypted systems can make life easier for law enforcement agencies, but they impose a potential cost on businesses. Simply put, compromised security has become a tough sell. Some backdoors are put in place deliberately, as a matter of administrative convenience. Others, like the backdoor in Juniper's NetScreen firewalls, are supposedly unauthorized. Either way, they're generally not welcome.

(Image: Maksim Kabakou/iStockphoto)

(Image: Maksim Kabakou/iStockphoto)

Spiceworks separately surveyed 220 IT pros about how awareness of a backdoor in a company's products might affect that company's sales prospects. The firm found that 65% of IT pros would be less likely to buy from a company known to install backdoors in its products. Only 20% said a history of backdoors would have no impact when considering a purchase.

Given reports about the NSA's ability to access networking equipment from Cisco, Dell, Huawei, and Juniper, not to mention a supposedly inadvertent backdoor in a MediaTek phone chip used for some Android phones, it may be difficult to avoid products with backdoors or vulnerabilities that could become backdoors.

Nevertheless, some businesses see value in declaring their commitment to encryption, even if their execution remains imperfect. Apple, for example, has taken a public stand against the US government's attempt to force it to undo its encryption for the convenience of investigators. And more recently, consumer messaging providers like WhatsApp and Viber have committed to end-to-end encryption.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

According to a separate Spiceworks security report released in December 2015, more than 80% of businesses experienced some form of security incident last year and 27% of the 200 IT pros surveyed planned to increase spending on encryption in 2016.

In the report that was released Tuesday, more than half of those surveyed (57%) said they believe that network or device encryption had helped their organization avoid a data breach.

Encryption has become common on networks. Some 47% of Spiceworks respondents said they encrypted data in transit to laptop and desktop computers. But encryption is less common on mobile devices like tablets (35%) and smartphones (40%). It's also less common for data at rest: laptops/desktops (36%), tablets (25%), and smartphones (28%).

Still, some organizations don't see the value of encryption. According to the IT pros surveyed, 16% of organizations don't enforce encryption across any devices or services.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
4/25/2016 | 12:03:48 PM
EU/US split?
@Thomas: Based on my knowledge of Spiceworks surveys/reports, I'm curious how that broke down between European countries and other nations.  I would tend to think that the lack of trust of encryption would be higher -- but perhaps US/North American respondents are more self-aware in the wake of Snowden's revelations...
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Slideshows
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Commentary
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Slideshows
Flash Poll