Use of encryption, daunting for many
No analysts are covering PreVeil yet, so cybersecurity and encryption experts said they were unable to speak specifically about its technology, whether its functions represented improvements over existing encryption products and whether PreVeil could successfully compete in an already robust market.
Garrett Bekker, principal analyst on the information security team at 451 Research, said most encryption vendors promise to make encryption easy, and they generally do have features that offer improvements over earlier generations of this technology.
Garrett Bekker
“There are companies out there who have made claims that they’ve made it easier to use encryption, and they’re valid. But it can still be a pain in the neck to use,” he explained, saying that asking users to take even just one extra step can be too much. “It may seem trivial, but [many users see it as] inconvenient any time you have to ask someone to click on this or select this drop-down.”
Bekker said other barriers remain to more widespread adoption.
“Generally, there are some forms of costs to doing encryptions — either hard costs or soft costs, such as inconveniencing users, disrupting workflows or adding latency. And you can actually interfere with the functionality of applications,” he said. Encryption also can make searching stored data and archived data problematic.
“It’s not to say those are problems that can’t be solved, but it creates some challenges,” Bekker said.
Moreover, he said encryption vendors have yet to help organizations get over one of their most vexing challenges: how to begin.
“Companies might have petaSome organizations start Ron Culler, CTO of Secure Designs Inc., a managed internet security solutions firm in Greensboro, N.C., said he sees many companies that are reluctant to broadly use encryption technologies despite the wide availability of technology available. They’ll use it for specific types of data or in certain areas of the business, but cost and complexity often keep companies from using it more extensively.
Culler said companies are also hesitant because it can be complicated to implement and cumbersome for the business to use. Many companies also don’t have the skills sets on staff to implement and manage it, even though today’s technology isn’t as resource-intensive as it once was.
He also noted that it’s possible for encryption to allow in malicious code, which won’t be detected until it’s unencrypted. “If you don’t have visibility into what’s being sent, when it executes, it’s possible you could execute something malicious,” he explained, saying it’s a scenario that can deter more widespread use of the technology.
Plus, encryption generally won’t stop rogue employees who deliberately leak data or careless employees who go around policies and thereConsidering all this, Culler said businesses are right to see encryption as “a solid piece of security policy,” but one that needs to be considered as part of an enterprise-wide program that addresses where it’s really needed based on cost, complexity and risk.
Battat acknowledged that PreVeil’s technology is not a panacea. It will not prevent someone from accessing information on a lost or stolen device that’s not protected “Of all the things that go on in business, very, very little is encrypted,” Battat said. “Encryption ought to work with the way you work today, and so maybe — if it was really easy — we could go instead to the vast majority of what happens in business being encrypted.” The company plans to release its commercial version during the fourth quarter.