Regulation Of Encryption Is Need Of The Hour

by Wrik Sen    Sep 25, 2016

Rahul Kumar

It has been an observation that Indian corporate, government agencies, and even healthcare organizations, have been victims to reputation and financial draining data hacks and security breaches. The major reason is the lack of awareness for data encryption, and purpose it serves for organizations that deal with a large quantity of data flow, especially over the internet.

WinMagic has been creating products like SecureDoc, which provide enterprise grade security, and application-aware Intelligent Key Management applicable across operating systems. This comes with an unified encryption strategy for multiple environment’s including cloud based Iaas environment. Rahul Kumar, Country-Head and Director at WinMagic, shares his thoughts about the industry, and also about spreading awareness about Key encryption management. 

In light of the core capabilities on WinMagic, in what ways does the company serve the current trend of data security and encryption solutions?   

The report, based on independent research by the Ponemon Institute reveals that the use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still major challenges in managing keys across what are the most fragmented and tactical deployments of encryption technologies.

We have  spent a lot of our time analyzing the challenges and have come up with innovative solutions aligned with the current problems. Our key products/solutions portfolio includes intelligent key management, end point encryption (eps FDE), cloud IaaS encryption and EFSS.

We have conducted a few programs to bring awareness for the use encryption as it is still not mandated in India because there are no government regulations. With our almost two decades of experience with endpoint focused key management, we have found that incorporating the key tenets of data security into policies will help organizations to keep their data secure. Our solutions are being trusted by thousands of organizations across the globe to cut the risk, meet privacy and regulatory compliance requirements while protecting valuable information assets against unauthorized access. 

In what ways is the worldwide market for encryption changing, and the trend in Indian market?

In India, around 30% of the market is encrypted and the rest is not due to lack of regulations. But we strongly feel that the trend will shift soon as we are witnessing data breaches and leakages. Not surprisingly, most of the corporate giants have suffered massive, expensive, reputation-draining security data hacks in recent months. Whether it is large organizations, government organizations or healthcare agencies - nobody wants to be the next breach victim. Now, CIOs and CISOs are taking data encryption seriously, which has been ignored for too long. The Ponemon Institute study says, “Use of encryption continues to rise with 34% of respondents reporting that their organization uses encryption extensively.”

What has been the outlook in India towards data encryption, and the challenges associated?

With advancement in technology, hackers too are becoming advanced, making the data more vulnerable to threats. Today, Indian organisations are heading towards encryption to ensure the right solution in order to secure valuable assets.  However, irrespective of the need of security solutions, there are challenges faced by the organizations in adopting data encryption:- The encryption process is expensive, therefore, only larger enterprises look up for encryption solutions and smaller organizations don’t prefer to invest in these solutions.- The encryption process is highly time-consuming- Many organizations are not aware of the existence of sensitive data within their organization making encryption process a bit complex

Many organizations are not aware of the existence of sensitive data within their organization making encryption process a bit complex. Do not waste time and money searching for and classifying data as sensitive or not.  IT is bound to miss or misclassify some data.  Just encrypt everything.  Encryption (especially, Full Disk Encryption) are easy and inexpensive enough to be applied to all data.

Which technologies do you see play a game changers role in the industry?

The Cloud and IoT (Internet of Things) are both game changers. The advantages of Cloud adoption in terms of flexibility and cost reduction are too great for any organization to ignore.  Some organizations will use Cloud based Software as a Service (SaaS) while others will leverage the Cloud infrastructure (IaaS) or both.  Either way there’s a loss of control of one’s data and increased reliance on third parties to keep the data secure.  

This wouldn’t be acceptable for security conscious organizations so there will be a move to find encryption, key management and gateway solutions to allow organizations to enjoy full benefits of the Cloud while remaining in control of their data. The IoT is rapidly expanding with predictions of billions of devices deployed by 2020.  Historically security has not been the first thing people think of when new technology like the Internet or Cloud gets introduced.  It gets tacked on later when the cyber-criminals start causing real damage.  Unlike previous technologies some consider the IoT insecure from the very onset.  This new perspective is a game changer in itself.

Which industrial segments do you think will bank on data encryption and security the most, and how?

Banking: Financial details of a person are highly sensitive involving crucial financial information like bank details, PII, and much more. It’s important to secure data from financial breaches as it can create huge losses to customers as well as the bank. 

Governance: After witnessing so many breaches with each passing year, India strongly needs a well-established encryption/decryption framework to address the concerns of both information technology industry and law enforcement agencies in the light of cyber security, privacy and national security. 

Therefore, any regulations provided by the Government regarding encryption must be flexible and adaptive to constant innovations in encryption technology and also ensuring that any encrypted communications or data should not pass through any third party to secure the sensitive data.

Healthcare: Like many others, the healthcare industry has too faced increased malicious attacks in the past few years and has confronted additional risks associated with technological advances like digitization. IDC’s Health Insights group predicts that one in three health care recipients will be the victim of a health care data breach in 2016.