The double-edged sword of encryption

Hands typing on a keyboard surrounded by security icons - encryption
(Image credit: Shutterstock)

Eighty-five per cent of all web traffic is now encrypted, according to FortiGuard Labs. Yet, this pervasive use of encryption to secure apps and network traffic is a double-edged sword. Undoubtedly, it’s vital in helping IT to protect their organizations' most critical asset – data – as it makes it unreadable to all but the intended parties. 

About the author

Vince Berk is CTO & Chief Security Architect at Riverbed.

However, it can conversely be used by hackers to exfiltrate data unseen or to conceal malware delivery. It may seem counter-intuitive, but the ubiquitous use of encryption, may therefore also erode your security posture. Without taking mitigating steps, the loss of visibility over the network therefore increases the risk of malicious activity going undetected. It also reduces IT’s ability to monitor and optimize performance on a per-app or per-user basis. Luckily, visibility and control can both be regained with the right technological investments.

Ahead of exploring this, it’s important to understand the extent of the data security benefits encryption provides, which make adoption essential despite visibility challenges.

Encryption is paramount to data security

Strong data cybersecurity is crucial for ensuring business confidentiality and integrity. Without it, organizations are unable to maintain uninterrupted business operations, avoid reputational damage, ensure compliance with legal and industry regulations, and reduce financial costs.

Perimeter security solutions can help protect data by making it more challenging for bad actors to access sensitive information. However, if the perimeter is breached, the data will be visible to the hacker if not encoded. What’s more, perimeter solutions can’t protect information whilst it’s in transit. Amongst other factors, this is what has driven the almost universal use of encryption.

In contrast, encryption protects data in all states and has become the de-facto standard. This is essential as data tends to be at its most vulnerable when being moved between locations. Without encryption, cybercriminals can simply capture network traffic as they see it fly by on the wire. Whereas, encoding the information creates a wormhole between endpoints with everything in the middle unfindable and untouchable.

In other words, sending encrypted traffic is akin to posting a letter rather than a postcard. If we choose to send a letter – or encrypted communication – the content is only readable by the intended recipient. Conversely with a postcard – unencrypted data – everyone who encounters it on its journey from sender to recipient can read it.

Encryption therefore provides peace of mind for organizations. However, the same qualities that make it a strong security asset can also make it a dangerous subversion tool in the hands of hackers.

The drawbacks of encryption

Encryption is increasingly being used by hackers to disguise data exfiltration. This is because if they attempted to remove sensitive information – such as credit card numbers or passwords – via an unencrypted channel it would be picked up by the companies’ security sensors. Whereas, if they pass it through an encrypted tunnel the alarm won’t be raised as IT won’t have visibility over the contents.

This lack of visibility creates additional challenges in the performance realm as well, as even for the authorized movement of data by employees, the business can see only the opaque transfer of information but not critical performance metrics. And without insight into protocol level metrics of how smoothly the data is moving, or not moving, IT teams can’t identify and resolve problems.

Re-taking control through visibility

As the drawbacks of encryption center around visibility, companies need to focus on attaining the same level of visibility and performance management over encrypted applications and network traffic that they’ve historically had for un-encrypted traffic. This is possible by investing in IT designed to provide enhanced insight into encrypted network traffic.

Solutions of this type offer numerous benefits. Firstly, they empower operators to see if an application or network performance is slow and needs optimizing to maintain user productivity. Secondly, they give them the ability to track, report, and validate the integrity of SSL/TLS certificates. This is a fundamental process for guaranteeing that critical encryption technology is properly deployed and are up-to-date, so that key data is not exposed to malicious actors. It also means IT teams can pick out anomalous activity – such as an expired certificate being used, or unusual or weak cyphers – which may indicate a hackers’ presence. Furthermore, an awareness of the existence of encrypted channels can be powerful in itself. Although operators can’t see the content, they can dig in at either side to establish why the channel exists and if it may be for nefarious reasons.

Balancing on the double edge

There’s no denying that encryption offers invaluable privacy benefits by controlling the visibility of data. However, this also makes it harder to evaluate network and application performance, not to mention spot data exfiltration. As such, it is paramount for companies to adopt solutions focused on regaining visibility. With these tools in place, organizations can reap the benefits encoding provides, while mitigating against risks, to maintain strong company performance at a critical stage in the business environment.

Vince Berk is CTO & Chief Security Architect at Riverbed.