This is the second of a four-part series on How Virtru Is Making a Simple Difference in the Complicated World of Cybersecurity.
Nothing about cybersecurity is simple. If you're an IT or security leader, you're responsible for protecting hundreds, or even thousands, of data flows. You’re monitoring a vast and ever growing attack surface. And every single day, you’re trying to stay one step ahead of increasingly sophisticated threat actors.
But, as complicated as cybersecurity has become, it's definitely possible to boil things down to one essential principle: protect the data.
Since 1995 when three MIT graduates invented SMIME, the best way to protect data has been through the use of encryption. As the creator of Zero Trust, John Kindervag, put it: "What's the best way to protect your data? Encrypt it. How do you encrypt it? You control the keys and certificates that are the underlying technology that make encryption happen."
October 21 is Global Encryption Day, a day dedicated to defending strong encryption and maximizing digital privacy.
At Virtru, we’re proponents of strong encryption and digital privacy both, but we're also advocates for ease of use. Why? Because we're well aware that most encryption technologies historically have not been easy to use, for those of us who are not software engineers or computer scientists. That's why we've spent the past decade working diligently to make encryption simple for both people sending protected messages, and people receiving them. This way, all parties benefit from enhanced digital privacy.
When you stop and think about it, encrypting data is pretty straightforward. It's actually decryption that's hard — specifically, achieving the delicate balance between ease of use and strong security. You want it to be easy for the right people to access encrypted data (by decrypting it). And you want it to be impossible for anyone else to decrypt that data.
Making decryption easy for the right people is harder than it looks. Say, for example, you're a doctor sharing medical test results with a patient. Of course, you want to make it easy for the doctor to encrypt the information they're sharing with the patient. But you also want to make it extremely simple for the patient to decrypt and access their health data — while ensuring they prove that they are, in fact, the patient. You also don't want anyone other than the patient to be able to access this information.
When easy-to-use encryption is accompanied by secure, easy-to-use decryption, it creates a virtuous circle: Doctors are confident sharing encrypted information with their patients, and patients are confident that their information is being handled securely.
Global Encryption Day is especially timely this year with the recent news of the Microsoft 365 OME vulnerability. Virtru's CMO, Matt Howard, and SVP of Product and Engineering, Dana Morris, sat down to talk about the state of encryption today.
Few would disagree that end-to-end (E2E) encryption is the right thing to do for data security and privacy. It just makes sense to add a layer of protection to sensitive data. So, if it’s the right thing to do, why isn’t it more widely adopted?
If you’ve ever used a portal-based email encryption service, you know exactly what we’re talking about: No one wants to create an additional username and password to send or open an encrypted message. No one wants to leave their workflows to log into a portal because it slows them down and creates frustration. No one wants encrypted emails to be stored in a separate inbox.
And, importantly, no one wants to send a client, a business partner, or a board member an encrypted message that they can't figure out how to open. Complicated decryption creates unnecessary friction for everyone involved. And even worse, unnecessary friction causes people to abandon encrypted workflows altogether, and default to un-encrypted workflows, which diminishes privacy for everyone involved.
End-to-end encryption is not a monolith: There are many different methods of encryption, some more secure than others. This can make some encryption services susceptible to vulnerabilities, as we recently saw with Microsoft 365 Office Message Encryption.
For these reasons, people might shy away from encryption — which would be a mistake, because encryption is a powerful tool to protect data.
Thankfully, these legacy encryption methods aren't your only options.
The benefits of end-to-end encryption are many, and there are tools that make encryption and decryption easy, not cumbersome. A great end-to-end encryption solution should:
If you're choosing a data protection solution, there are two key questions that you should be asking:
1. How easy will it be for me, my teams, and our external contacts to use encryption?
2. If it is, in fact, easy, how secure is it?
You'll want to ensure that ease of use is always coupled with strong protections to safeguard your data.
On Global Encryption Day, we want to make one thing clear: Encryption and decryption should be easy for people to use.
Imagine a scenario where, instead of a frustrating and difficult encryption experience, you could:
Virtru makes all this possible, putting powerful encryption in the hands of the people who need it — which is everybody.
As Virtru customer Ram Avrahami, Head of Global IT and IS at NEXT Insurance, said so well, “We want everyone to have the ability to protect the files they’re sending. At some point, everybody in the company will need to share something sensitive—maybe not daily, maybe not weekly—but eventually, they’ll need to."
On this Global Encryption Day, we hope you’ll reflect on how a seamless encryption and decryption user experience can empower people to share sensitive data and maintain complete control over their privacy at all times.
Want to learn more about how you can add easy-to-use encryption to the apps you use every day? We’d love to show you what Virtru can do: Contact us for a demo.