Skip to main content
banner image
venafi logo

2014: The Year of Encryption (Vulnerability)

2014: The Year of Encryption (Vulnerability)

November 24, 2014 | George Muldoon

Looking back a year ago, when writers published blogs and articles predicting what 2014 would have in store for us, many were calling it the “Year of Encryption.” This was largely due to the NSA/Snowden revelations, which lit a raging privacy vs. security fire, with the widespread use of encryption as the by-product. Google, Microsoft, Yahoo!, and many other eGiants began encrypting everything, everywhere, not only to combat government surveillance programs, but most importantly to protect against attacks from a litany of cyber adversaries.

That’s exactly what happened. And for enterprise security warriors waging a daily war against multitudes of cyber adversaries, from solo hackers to well-funded nation-states, it couldn’t have happened at a worst time. There was Heartbleed, then Shellshock, then POODLE, and many more along the way, which didn’t make the headlines. Remediating these vulnerabilities presented different challenges, yet the common thread between them all was they threatened the veracity of encryption keys and digital certificates. Security teams found themselves spending massive amounts of time and resources remediating, ironically the very same encryption “trust instruments” which they deployed in the first place, to keep them safe. The enterprise PKI, designed to surround sensitive data like an impenetrable brick wall, turned out in some cases to be full of hidden trap doors.

So where do we go from here? That’s a question we must all ask ourselves, and answer correctly, because the use of encryption will only continue to exponentially increase, regardless of how well or poorly we manage it. When it comes to a hyper-connected world in which privacy and security is ever more important, our businesses must be in a position of strength when it comes to encryption, so that we can actually trust encryption to do its’ job and protect sensitive data everywhere it’s employed. If we don’t, trust itself could get undermined to the point where the internet could revert back to the e-commerce of 1990’s, where hardly anyone trusted it to perform financial or otherwise sensitive transactions online. When I read articles stating that the German Spy Agency wants to buy zero-day vulnerabilities in order to undermine SSL security, that’s literally what I envision.

From a security perspective, I believe we are at a point where it’s become absolutely mandatory that all encryption keys and digital certificates are secured and managed with the right technology, people and processes. In other words, we must now treat all keys and certificates as if they are the most privileged set of credentials that exist in the enterprise.

That means we must be in position to immediately and effectively remediate encryption vulnerabilities when they inevitably come to light. When the next Heartbleed hits, we must be able to quickly find every single affected key and certificate, and then automatically revoke, replace, and reissue. Our businesses and brands can’t afford to have incomplete remediation when it comes to trust-based vulnerabilities.

More importantly, as malicious cyber operations (nation-state and others) continue to use encryption more and more to evade detection and silently siphon off massive volumes of sensitive data from businesses, we must adapt to this new reality and be in position to fight back. The ever-expanding digital universe certainly holds much promise for the world. Yet the future of securing sensitive, private and financial data within this universe largely depends upon our ability to secure and properly manage the encryption assets we all rely upon to make trust online possible.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

George Muldoon
George Muldoon
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more