Can Encryption as a Service be the Next Big Thing?

We analyse Encryption as a Service to consider whether it's a valuable technology or a sham - and how its services can be redesigned for data security.

In a post-Pegasus world, privacy has become more vulnerable and easier to exploit. Back in 2014, Edward Snowden’s whistleblowing revelations created a stir amongst the Western democracies and put a question mark on the role of governments as protectors. Even after years of the disclosures, most states and even private companies like Meta have extended their surveillance jurisdictions today, despite much scrutiny. 

An increasing reliance on digital communications means trillions of data packets shared and produced every day. As per a forecast by IDC and Seagate, global data is predicted to reach the 175 zettabytes mark in 2025. It’s already evident; the more the data, the greater the chances of exploitation and privacy breach. In such circumstances, the calls for stringent Encryption as a Service (EaaS) infrastructure become as pressing as ever.

Encryption as a Service: A Valuable Technology Or a Sham?

Encryption involves using cryptographic techniques to limit third-party access to data. With encryption techniques, users can protect their data in the form of scrambling characters that can only be deciphered with an encryption key. Messaging platforms like WhatsApp, Signal and Telegram use end-to-end encryption to secure text, audio and visual content. The technology is so prominent that the EU’s GDPR has mentioned a separate clause highlighting its role in mitigating cyberattacks. According to Entrust, 50% of companies have admitted to having encryption models to protect their data.

For businesses, encryption means securing consumer, client or employee data in the form of personally identifiable information (PII) like names, social security numbers and marital connections. In case of a breach, clients can sue the company causing a dent in its reputation and economic capital. Currently, an average data breach already costs around $3.86 million (£3 million) to tech companies. Moreover, unencrypted laptops or devices have given an upper hand to hackers for cyber abuse, causing a denial of service, injecting ransomware or spying on business transactions.

Recently, Positive Technologies identified a security vulnerability CVE-2021-0146 in Intel processors allowing cyber criminals to access encryption keys. As per IBM, the number of rising vulnerabilities is set to rise by 27.9% in the coming years, and encryption might help companies to reduce this frequency with minimal investments. Encryption compliance is an impenetrable part of the fintech sector, especially with billions of transactions going out of the system.

With encryption techniques, users have the final authority over how and where their data can be used or distributed by tech companies. However, here’s a catch. At times, these tech platforms secure alternate encryption keys to access user data for commercial interests, thus breaching user trust. Encryption in transit is another technique that business houses can exploit for personal gains. Here, data is encrypted and decrypted at several stages before reaching the receiver’s device. The process allows verified third parties to locate data without user consent.

Moreover, E2EE has become a bone of contention between law enforcement agencies and industries. 2016’s Investigatory Powers Act by the UK government requires service providers to hand over user data in the interest of national security or internal emergency.

The agencies are also looking to tighten the spread of extremist material or any harmful content through bypassing E2EE mechanisms.

The objections don’t stop here. Even Interpol has expressed concerns around E2EE over child abuse through digital means. This calls for a healthy debate on how encryption as a service can potentially create a balance between the state, the capitalists and end users.

Redesigning Encryption Services For Data Security

Usually, cyber breaches in a firm could happen through phishing emails, computer hard drives or cloud servers. Thus, most businesses have adopted a three-point encryption strategy to protect these routes. Microsoft Outlook’s encryption capabilities secure both messages and connection requests. Also, Outlook users can either encrypt a single email or connect all using S/MIME or Microsoft 365 Message Encryption standard. An SSL or TLS encryption coupled with S/MIME can secure all network connections. Outlook also protects email attachments via built-in Microsoft tools and password protection measures.

Another alternative for securing business communications is digi.me. The platform encrypts both personal and professional datasets in separate folders, accessed only after prior consent from individuals. Businesses can also selectively permit data based on end clients, time, and purpose of possession. Digi.me stores data on a virtual, personalised cloud with a self-termination feature. Its Private Sharing feature allows users to share exclusive content with third parties with options to restrict or delete from the internet anytime.

Recently, Abine Blur has also received traction in the IT community over its data protection claims. Abine’s service set includes managing passwords, masking email addresses and phone numbers to prevent exploitation on the dark web, blocking unwanted calls and browser trackers on user profiles. However, the organisation has been accused of regularly storing private data on its server with unwarranted password storage mechanisms.

Once the communication line is safeguarded, the second actionable point is to secure physical devices – computers, hard drives and portable USBs. As temporary measures, Windows has come up with BitLocker, and Apple has launched FileVault with desktop encryption services.

For higher security compliance, Cambridge Quantum has partnered with Honeywell International to create Quantinuum – a quantum-based encryption technology with potential use in fintech, healthcare and AI. Quantinuum can generate random encrypted keys through a System H1 quantum computer, and is set to compete with Amazon’s AWS and Azure Key Vault. Axiom Space has already picked up Quantinuum’s quantum encryption techniques to enhance earth-space communication for its space station.

Encrypting physical devices can work in restrictive environments, but it doesn’t protect clients from internet crimes or online data thefts. This calls for businesses to secure their cloud infrastructure. Google Cloud offers both encryption at rest and encryption in transit solutions to secure cloud and server communications. It uses the AES256 storage model to encrypt user data in small packets with globally distributed, unique keys. Even Quantinuum is looking to launch a subscription-based cloud service later this year. Encryption, in a way, has caused a surge in cloud adoption, especially in fintech and state departments facing a higher possibility of a cyberattack.

What’s Next for Encryption? 

In a globally divided world, encryption as a means to secure data has come up with an upfront choice; ensuring the natural right to privacy or community-driven right to a secure society.

It’s time that business executives start collaborating with governments on national interests while ensuring entity-level encryption infrastructures. Robust key management and devising performance dashboards can be the key to track potential attacks.

Businesses might think about securing PII through quantum techniques. The costs are definitely an issue with quantum computing, but a long term investment strategy might save corporations billions in years to come.

Avya Chaudhary
Avya Chaudhary
Avya Chaudhary is an engineer turned writer and an ardent Potterhead. Currently associated with TechnologyAdvice as a freelance writer, Avya develops high-quality content for businesses. She also has a well-demonstrated history of working with NGOs and civil societies, and is currently pursuing her passion for community service and content marketing.
Get the Free Newsletter
Subscribe to Techrepublic UK for weekly updates from Techrepublic and eWEEK on the latest in UK top tech news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Techrepublic UK for weekly updates from Techrepublic and eWEEK on the latest in UK top tech news, trends & analysis
This email address is invalid.

Popular Articles