How Do Ratchets Protect Your Data?
Imagine if there was a company, and there was a staff common room, and it had a box with the keys to all the rooms in the building. Wouldn’t you worry that someone with some privilege would be able to get into all the rooms in the building, and then you wouldn’t be able to tell who had been in any of the rooms? Won’t you also worry that someone came in, and took a copy of a key, and could still get access to the rooms, and give it to others that they knew. Also, wouldn’t you worry that someone was able to get a master set of keys that all the other keys were derived from? Well, that’s what happens in many companies, where the electronic keys — encryption keys — are not protected properly.
Venafi recently surveyed over 500 CIOs outlines that one of the greatest holes in security in their organisations is related to encryption keys and digital certificates. They reported that around half of network attacks come in through SSL/TLS, and this figure is only likely to increase, with Dell estimating that 99% of all traffic on the Internet will be within the next five years. Thus firewalls will increasingly struggle to pick-up threats from traffic.
In summary, Venafi found that almost 90% thought that their company was against attack, as they cannot inspect the traffic, and around the same number said that they had suffered from an attack using encryption to hide the…
