NSA Revelations Rattle The Cloud Market: What Are You Doing To Calm Customers' Fears?


TECHNOLOGY VENDORS UNDER FIRE

Technology vendors in the end may be the ones to feel the biggest brunt of the NSA news, experts say. A lot of conclusions are being drawn about the leaked documents that are simply not factual, said Ryan Hurst, chief technology officer of GlobalSign, one of the Internet's earliest trust service providers. The firm, which was established in 1996, issues digital certificates to people, servers and mobile devices for Public Key Infrastructure-enabled applications to validate legitimate software, encrypt data and secure Internet transactions and communications.

"I fear that those that don't follow what's happening very closely are going to walk away with feeling that you shouldn't be encrypting your data because it really doesn't matter. That's the wrong answer," Hurst said. "Businesses need to worry about patching servers and ensuring applications are designed securely and secure software practices are used. It's paramount to look at the problem more holistically, otherwise all forms of attackers are going to have more success."

The level of mistrust in technology providers is rising, say experts. RSA, the Security Division of EMC, recently revealed that a software encryption toolkit it provides developers was set by default to a controversial algorithm. The default setting enabled a slower, weaker encryption scheme that cryptography experts say contains a back door to decrypt protected data.

"The consequence is that everybody using the RSA toolkit has to go back into their products and verify that they aren't using that random number generator," said Robert David Graham, a noted cryptography expert and CEO of security consultancy Errata Security. "But it's not just RSA's products, anybody using Microsoft's crypto libraries or the OpenSSL library has to do the same."

ROBERT WRIGHT contributed to this story.

This report originally appeared on the CRN Tech News App for iOS and Windows 8.