Wednesday, August 6, 2014

The fall of TrueCrypt: Reminding us all to choose our encryption solutions carefully

Daniel Hoy
UK Marketing Manager
Egress Software Technologies Ltd.
Much has been written about the motives behind the recent shutdown of open source endpoint and file encryption product TrueCrypt. Whether you believe some of the conspiracy theories or the reason given on the TrueCrypt website (which puts it down to Microsoft ending support for Windows XP) there is a lesson in this story for us all.

Fans of TrueCrypt have for many years used it as an example of how open source technology can be effectively used to solve business and personal data privacy challenges. Used to encrypt data at the endpoint, in addition to file attachments, TrueCrypt was relied on by thousands of users to protect their highly sensitive information.

However, this sudden exit from the market, leaving organisations and individuals fearful that their data may now be compromised, highlights the very real risk behind selecting open source technology to solve information security requirements. On one hand the software may be free to use, but on the other, is this cost saving worth placing data privacy at risk?

Protecting sensitive data isn’t something that should be taken lightly, and careful monitoring of those individuals that contribute to the development of encryption software using best practise standards plays an essential part when delivering information assurance. Consequently when procuring a new technical solution, particularly data security or encryption services, it is imperative for organisations to choose a solution provider that offers both openly validated technology, as well as the reliability, long-term technical support and SLAs offered by a stable commercial business.

2 comments:

  1. Hello,
    I think when considering the demise of TrueCrypt it is important to remember the probable reason TrueCrypt was adopted - to protect data from laptop theft. Even if (and there is little evidence to date) TrueCrypt has been compromised, the knowledge of how to use the compromise is not widely know. Thus, TrueCrypt is still likely to perform it basic function of protection from theft quite we.

    Having said that I agree with your principle message that you have to chose software carefully, but I would add that to do so, you need to fully understand the treat and chose the right software to mitigate that threat.

    If interested I talk about the TrueCrypt issue in more detail on my blog.

    ReplyDelete
  2. It is definitely interesting to note the origins of TrueCrypt – and therefore, as mentioned, we must continue to question why it went on to be adopted as it was in such an unregulated fashion.”

    ReplyDelete