Google Encryption Tool Prompts Call For Data Security Innovation

Google's unveiling of a new Chrome browser extension aimed at helping users send secure email messages could have a broader impact on data protection measures, said experts who are calling for new ways for businesses to implement more substantial encryption measures.

Encryption providers are increasingly turning to the channel to sell their services to clients. In the last week, Florham Park, N.J.-based DataMotion, and Belcamp, Md.-based SafeNet announced broader channel plans to get systems integrators and managed service providers to add SaaS-based encryption to their list of offerings. GlobalScape, a maker of a secure managed file transfer software, also is transitioning to a channel-delivery model.

Google's Chrome extension, called End-to-End, uses the open source version of PGP and is first being tested by security researchers for coding bugs and other issues that could weaken its effectiveness against criminals.

[Related: Cloud Encryption Gaining Solution Providers' Attention ]

Sponsored post

An analysis it conducted of users of its Gmail service found that between 40 percent and 50 percent of messages are not encrypted. The problem, according to Google? Current encryption programs require the know-how to install and use for both the sender of a secure message and the recipient.

Google's browser extension is in line with the broader trend of technology makers supporting encryption in everyday software, including smartphones and tablets, said solution providers.

Business executives are learning that end users are increasingly accepting the additional steps required for data and email security, said Kenneth Leeser, president of Needham, Mass.- based risk management consultancy and reseller Kaliber Data Security. Leeser's firm partners with Milford, Conn.-based SilverSky for email security and data loss prevention. Encryption has become a feature in broader platforms and available in SaaS offerings to protect against data leakage through corporate email.

"The trend is to bake these things in," he said. "There's still the understanding that encryption is slowing me down, but there's more of an acceptance at the end-user level that this is a toll we have to pay for having data on our laptops or using open Internet connections."

Encryption is no panacea, but if properly implemented, it can help delay even the most sophisticated attackers from viewing sensitive data even after successfully cracking into the systems containing the information, said John Kindervag, vice president and principal analyst at Forrester Research.

Kindervag and others said new data encryption measures are on the horizon. The point-to-point encryption model can no longer be properly implemented and supported in a world where communication is increasingly meshed, Kindervag said.

"We have to transform the whole process so lots of people can send and receive secure messages in a way that is transparent to them," Kindervag said. "That has to happen or we won't be seeing continued growth in businesses trying to leverage the Internet right now."

NEXT: Businesses Getting Encryption Message, Say Providers

Data encryption can't be effective without knowing what truly needs to be protected. A risk assessment should include probing the types of data being stored locally, at business units, and in the cloud. Businesses benefit by identifying the most sensitive data that requires additional security controls, said Kaliber's Leeser.

High-profile data breaches and heavy research into sophisticated cyberespionage attacks has prompted businesses to undertake data classification projects to understand where data resides and how it is protected, said Skip Gould, CEO of BrightPlanIT, a Buffalo, N.Y.-based systems integrator and early DataMotion partner. Gould said his company worked with a large bank in Europe to deploy email encryption that could integrate with Boldon James, a U.K.-based vendor that specializes in data classification products.

"There's interest from firms that have significant governance issues and that is probably expected," Gould said. "There's definitely more opportunities for the channel to add encryption as part of broader projects."

DataMotion has expanded its push into health care, selling its secure messaging service to organizations to meet emerging Meaningful Use Stage 2 (MU2) requirements. The company competes with GlobalScape, which announced the launch of a formal channel program in January as part of a transition to a more channel-driven, go-to-market strategy. Other competitors include Axway, Ipswitch File Transfer, TIBCO and SSH Communications.

Properly implemented encryption of sensitive data starts with the premise that the data has value, said Jason Robohm, a security practice manager at Houston-based Computex Technology Solutions, a SafeNet partner. Valuable assets need to be encrypted in transit, and at rest, and coupled with authentication technology to monitor access, said Robohm, who advocates for certificate-based PKI as a security measure.

"The failure to properly care for data has all too often resulted in costly data loss notifications to customers, business partners and the media," he said. "Being able to address the drift of data in and out of the enterprise is a real challenge for businesses, and we have seen the use of certificates as a powerful means in addressing this trend of data access wherever and whenever."

SafeNet sees a lot of opportunity for growth in its cloud-based encryption and its recently introduced authentication service as companies transition to cloud-based software and services, said Laurie Usewicz, the encryption vendor's channel chief. The company has had a direct sales approach, but is switching to a channel-driven sales model, Usewicz said. SafeNet added channel head count, improved marketing and support, launched a new partner portal, and bolstered its deal registration and discounts to reward the most committed partners, Usewicz said.

The Belcamp, Md.-based encryption and authentication vendor competes with CA Technologies, RSA, the security division of EMC, and Vasco Data Security International. The enterprise market leaders are innovating, said Forrester's Kindervag, but a new wave of best-of-breed solutions are addressing ways to bolster encryption and key management issues that have long plagued deployments.

"We have to get away from settling for the old PGP stuff, because it has management and scalability limitations and we need more transparent encryption solutions," Kindervag said. "It's a race to find better ways. We have to get our hands around the data because we've lost control of the network and the user device."