Using Encryption to Optimize Mobile Security
The Xdata and WannaCry attacks that have recently swept through computers around the world were a chilling reminder that in the face of increasingly frequent ransomware attacks businesses need better web and mobile security.
For most businesses, this need for security is twofold, as employees rely on a combination of computers and mobile devices to complete their work. With double the number of devices in circulation - and mobile traffic growing rapidly each year - opportunities for hackers to strike increase accordingly.
A recent survey by Clutch, a rating and review platform based in Washington DC, found that for 21% of businesses expanding their mobile capabilities, security is the biggest challenge - even outstripping concerns over budget.
In most cases, it makes more sense to secure the data rather than the device itself. This helps to solve two problems: First, employees can move between working on a computer and a mobile device without sacrificing security. Second, this approach allows employees to access the data they need to collaborate effectively.
Encryption is a process that transforms your data into gibberish that can only be translated with a mathematical key on your computer. It can be used to keep data secure and inaccessible to hackers; even if hackers manage to access the data, they won’t be able to read or understand the information.
But what does encryption look like in action?
Let’s take a closer look. The first big task is to set up secure and reliable data transport between the server (where all of the data is stored) and client (the device requesting data). As that data travels back and forth, encryption ensures that hackers can’t interrupt its journey.
Although this process might sound abstract, there is a chance that you’ve already seen it in action. If you examine the URL in your search bar, you’ll often find the letters “HTTPS” before the website name. The “S” stands for “Secure” and is designed to send encrypted data that can be decrypted by all of its peers.
When you access a website that has implemented HTTPS, a process called “handshake” occurs. This is when the two mathematical keys used in encryption - the public key that anyone can see and the private key that gives you access - result in decryption. At this stage, the client (your computer or mobile device) checks the certificate of the server (where the information you’re trying to access is stored). If everything matches up accurately, then the client can trust the server.
Although this process may seem complex, it happens without the user noticing. Even developers should not have to deal with this type of encryption; it’s built into the OS.
So, now we’ve got the data to the device securely. Cool.
But what about storing sensitive data locally on a device?
Both iOS (starting with iOS 5) and Android’s latest versions offer storage encryption options. If your business has specific needs, you can also implement an additional layer of encryption. In this case, developers should choose the most appropriate algorithm for data encryption (DES, AES, RSA).
The way their algorithms work is not a secret; it is public and well-documented information. The important thing is for developers to provide a mechanism to store, recreate and share keys. Developers are well-positioned to ensure a smooth user experience that can help employees adjust to using an encrypted system. For example, a user can be asked to provide some password before viewing the data - a process they are likely to be already very familiar with. This password is usually used to build a key that would be used for data decryption.
When it comes to adoption of encryption, there is still room for improvement. Among a list of common security measures, encryption is implemented least frequently by website managers (37% report currently use it). Only 21% of website managers plan to add encryption in 2017.
However, once a business implements encryption, it can be a user-friendly method for securing data that can adapt to an increasingly mobile workforce.