Encryption for the masses is becoming more of a reality but is it a good thing?
What you ask?
Those who know me know I have been banging on about data security for some time now so will be wondering why am I now asking if encryption is a good thing? In reality I am not questioning if encryption is a good thing, of course it is (so long as you remember passphrases etc) but is choosing an encryption product because it comes with an antivirus product the best way to do it?
Why have anti-virus companies suddenly taken an interest in encryption? If you read the vendor websites they say it is because they now offer a total endpoint security solution. Noble marketing but is it the real motive?
I don’t think so, I think it is just a product USP arms race, one vendor offered encryption and suddenly had a USP and so the rest followed suit not to be left behind. Is this best way to get disk encryption? If you are a home user, probably, yes, if you are an organisation I think not.
What you ask?
Those who know me know I have been banging on about data security for some time now so will be wondering why am I now asking if encryption is a good thing? In reality I am not questioning if encryption is a good thing, of course it is (so long as you remember passphrases etc) but is choosing an encryption product because it comes with an antivirus product the best way to do it?
Why have anti-virus companies suddenly taken an interest in encryption? If you read the vendor websites they say it is because they now offer a total endpoint security solution. Noble marketing but is it the real motive?
I don’t think so, I think it is just a product USP arms race, one vendor offered encryption and suddenly had a USP and so the rest followed suit not to be left behind. Is this best way to get disk encryption? If you are a home user, probably, yes, if you are an organisation I think not.
The thing is by using an anti-virus bundle you are tied to them. Rip and replace of anti-virus software is comparatively simple compared to ripping and replacing disk encryption.
With my cynical hat on I say this is the main reason why they are bundling disk encryption, it ties the client to a long term subscription for the anti-virus product. Most organisations recoil at the thought of replacing their disk encryption product because of the pain it will cause.
It is a bit like getting a free laptop with a 3G broadband contract. The laptop is not usually what its cracked up to be and you are tied to a 24 month contract, the mobile provider more than gets the cost of the laptop back because of the length of the contract and you get stuck with the broadband contract for 24 months. What seemed like a good idea at the time of purchase turns out to be a long process of regret.
I don’t know if you have tried to rip and replace disk encryption on a large estate of machines, trust me, don’t even go there, it’s a nightmare. You would typically look to replace when you do an OS refresh and if you work on a rolling cycle that could mean managing different encryption products and that can bring a whole raft of problems to the poor people who have to support the estate.
Another cynical thought is that if these vendors are just in a USP features war and have bought products to ship with their AV software, how much development are they going to continue to put into the encryption product? Not a lot I would warrant, it is a loss leader and doesn't justify further investment.
Finally what if you want to extend your encryption to encompass email or network data, portable data or mobiles etc…? I can’t see anti-virus manufacturers extending their encryption product portfolio to accommodate these areas so what initially appeared to be a cheap solution starts to get expensive as you add up the cost of having to manage multiple vendors to cobble together a solution to meet your organisations encryption requirements.
No comments:
Post a Comment