With word out from internet giant Google (NASDAQ: GOOG) here yesterday that they will make an unprecedented policy shift to reward websites that use secure encrypted HTTPS, giving those websites a higher search rank (while similarly punishing those who do not) and Yahoo (NASDAQ: YHOO) also announcing yesterday at the world’s premier information security conference, Black Hat USA 2014, that they will be joining Google on the encryption offensive, rolling out PGP encrypted email by next year, the commercial encryption game is officially afoot. While robust, PGP’s (Pretty Good Privacy, developed in the early 90’s) public-key cryptography on its own is a somewhat dated solution by higher standards needed for critical enterprise and government operations.
The realization and policy shift from major industry players in light of the extent of the NSA’s reach is welcome by consumers, yet neither of these encrypted email solutions is really designed to address the primary cause of costly, reputation-ruining data breaches for enterprises, like the one last year that compromised 100M customer’s data and saw Target (NYSE: TGT) eat some $148M in associated losses this Q2 alone. The primary cause of data breaches, some 72% according to a report out last year by Symantec Corporation and Ponemon Institute (PDF), is the user. Human driven errors, either by low level users accidently exposing sensitive login data, or poor network protocols due to failure on the part of IT administrators to properly resolve a network-appropriate security envelope, are the main hurdle when it comes to eliminating data breaches.
Target’s POS systems got hacked using login data from one of their HVAC contractors, essentially due to a simple failure by the company’s IT personnel to cordon off parts of the network handling sensitive payment data from the rest of the network. VP and principal analyst for Forrester Research, John Kindervag, has pegged the estimated total long-term costs of the Target breach at around $1B, factoring in obvious indirect costs of damage to the brand in terms of customer loyalty and new customer acquisition.
As the broader market finally starts to notice the water rising and begins to head out to the dike to plug the holes with basic systems of data encryption, Ecrypt Technologies, Inc. (OTCBB: ECRY) has already leapt to a new paradigm, developing a truly trustworthy enterprise email solution designed from the ground up to provide military-grade encryption and address the human error factor, Ecrypt One. Complete with all the expected features like calendaring and contact management, Ecrypt One is a fully locked-down solution that appeals to security-minded organizations like governments and healthcare sector operators, because the administrator has total control over where data flows to outside of the organization. Ecrypt One’s capacity to handle compliance with modern privacy standards and file format requirements like those in HIPAA (U.S. Department of Health & Human Services’ health information and privacy rule set) and Sarbanes-Oxley (corporate accounting transparency), as well as Germany’s BDSG (federal data protection act), makes the platform really stand out even further, especially considering its ease-of-use features.
Ecrypt One offers powerful encryption that is “always on”, easy to use, highly intuitive and which comes complete with a back-end protocol structure, that takes the guess work out of network security. All accessible via either web interface or standard email client software that connects to Ecrypt One through multi-client IMAP. Email is central to the modern enterprise, acting like the body’s circulatory system, making the enterprise hum with life as information flows freely between employees, partners, and customers. However, this same growth-enabling free flow of information means that unwanted viruses can also get loose in the system and that sensitive data can just as easily flow out.
With Ecrypt One, all internal and external users connect via multi-factor authentication in an environment of strict server rule based policies, and the system automatically captures and reports suspicious activity or attempted breaches of server rules. Despite the incredibly complex security back-end, the Ecrypt One platform is ridiculously simple to actually use and does not require personnel to remember to do anything, because the encryption is always on. The ability to seamlessly mesh with other technologies, or create an ultra-high security inter-organization Ecrypt-to-Ecrypt loop, also means Ecrypt One isn’t just an attractive alternative to less powerful encrypted email solutions, it’s an important investment for any serious enterprise that delivers rock-solid security results.
A secure collaboration environment with full hardware-based Smartcard and RSA support, as well as the ability to integrate with software-based alternatives like Google Authenticator or other one-time password methods, puts Ecrypt One in a league of its own. Not forcing the burden of ensuring security onto the user is a revolutionary change in-and-of-itself, and because data is encrypted while at rest, with keystores and other hardware-based encryption approaches fully supported, DoD-approved security solutions are possible. Furthermore, because Ecrypt’s servers run in FIPS-compliant (Federal Information Processing Standard cryptographic benchmark) security mode only, you get high security browser connections of at least TLS 1.0 or better (Transport Layer Security, the upgraded version of SSL, or Secure Sockets Layer).
Explore Ecrypt Technologies further at www.EcryptInc.com
Let us hear your thoughts: Ecrypt Technologies, Inc. Message Board