Until now, we talk about the importance of encryption. But vast volumes of information remain unencrypted. Why? If encryption is so efficient in the current cybercriminalized environment, why not all data are encrypted yet? There are some reasons can be mentioned.
It is not a big secret that encryption is quite expensive. And it means not only cryptography software and hardware measures but computing resources, too — RAM and processor time. Mathematically complex data conversion operations in the encryption process require significant resources, and it is a problem.
As we told early, Microsoft and Apple included data encryption functionality option for all customers who use their OSs. And it makes an illusion that encryption is free. But you should agree, that a couple of Tb (1012 bites) at the notebook drive is not the same as a couple of petabytes (1015 bytes) those are transmitted across and stored in a corporate infrastructure! In a first case, the user could not register out a little performance reduce on the hardware-encrypted notebook; but in the second case, when users are thousands or tens of thousands, and the number of transactions goes to millions, the resources diverted to data encryption can seriously slow down the system. That’s why when you are choosing cryptographic software and equipment for business, you should to take into account the economic factor, too – you need to estimate the actual value of the data to be encrypted, and relate it to the cost of encryption.
Another problem is a lack of transparency of the encryption. You cannot provide an interim check of encrypted data without full decryption. When it comes to cyberprotection, that's great. But if the data requires checking for consistency or compliance with any regulatory requirements – well, Houston, we have a problem. It is clear that this problem disturbs corporate users whose functions are distributed: one department creates a document, another edits it, a third does a compliance check, and a fourth publishes it on the web site. Data has to be decrypted, verified, and then re-encrypted at each node in this chain. It is quite costly, both in time and in resources, although it is possible to minimize performance reducing by specifically designing this process. But, in the case of data transfer through the VPN, all things are more complicated.
Often when you need view data transmitting via VPN connection, you should use an “intrusion from inside”, like a man-in-the-middle attack – a type of hacking in which an attacker can read, insert and modify the data transmitted within the VPN at will, and none of the sides of the channel is aware of the intervention. The VPN connection needs to be interrupted, the data should be decrypted and verified, and then the new tunnel should be created, through which the already verified data will be transmitted to the destination point. Some experts think, this option, especially on the scale of a corporation, is expensive and creates at least one network failure point.
Over the past few years some security solutions, containing partial transparency of encryption, have already appeared at the IT security market. However, the question of the vulnerability of systems with such an encryption scheme requires additional research.