The “Key” to Playing it Safe

Apple this week rolled out a new version of its operating system running mobile devices such as iPads and iPhones. It also announced it will no longer be able to comply with requests of law enforcement to unlock the encryption governing those phones. Moving forward, accessing encrypted data on an Apple smartphone or tablet will only be possible by the owner of that device.

To many, Apple’s news is confusing. We’ve been led to believe that encryption is easily broken. We see it every day on television, on shows such as “24” and movies such as “Ocean’s 11” – the protagonist can effortlessly decrypt a device just by the mere flip of a switch.

But this is untrue. When properly managed, encryption is almost impossible to break. By not storing its own copy of the encryption key, Apple is unable to decrypt the phone. Period, end of story.

By the same token, and probably most important to note is that according to the Washington Post, the data on the phone is ONLY safe if the user has turned on encryption and has protected the phone with a very strong password. Recently, celebrity photos from iCloud accounts were accessed and distributed online. Even if the data is encrypted when it sits in the cloud, hackers just need a user’s password to decrypt it. Reports indicate this is what happened – in the case of the celebrity leaked photos, hackers tried numerous passwords against a given account in rapid succession, and voila – a PR nightmare.

So what’s the lesson learned here?

Never underestimate the importance of key management – not only should companies be encrypting their data in the cloud (and everywhere else for that matter) but they should also be managing access to the encryption keys. Protecting the keys will ultimately result in protecting the data.

 

Previous Post
Sleep and PBA
Next Post
Only 59 Percent Encrypting in Healthcare IT

Related Posts

SC eConference Data Security

WinMagic will be exhibiting at the SC World Congress (SCWC) eConference on Data Security on Tuesday, September 24, 2013! SCWC hosts virtual conferences each month focusing on challenges that IT security professionals encounter frequently in their roles. SC Magazine is…
Read more

Apple’s Privacy Policy

Apple’s new privacy policy allows the user to encrypt emails, contacts, and photos that uses a code that the user has created. Not even Apple will have access to this code. This gives sole power over iPhone’s personal data to…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu