Encryption: blessing or curse for IT security

Encryption plays a crucial role in securing information systems and the business data they contain. External communications are routinely encrypted and network traffic inside an organisation is increasingly encrypted to reduce the risk that attackers that can get access to an organisation's vital information. Increasingly it is standard practice that information is encrypted for storage.

But encryption can also be exploited by attackers. Malware can be hidden inside incoming encrypted communications so as to avoid antivirus scanning and to cover the exfiltration of sensitive information from data loss prevention systems. IT security defenders are looking for ways to look inside such traffic to protect the organisation.

What are the legally sound, organisationally proportionate and technically effective measures that can be used to protect business systems against the misuse of encryption? This session will examine:

• The risks associated with the use of encryption in an organisation

• Technical options for defence against misuse of encryption

• The organisational policy and legal issues associated

Video

Speakers

Ken Ducatel

Director, IT Security Directorate, DG for Informatics

Keith Martin

Professor of Information Security, University of London

Maresa Meissl

Head of Unit of Information Security, Security Directorate (EC)

Bart Preneel

Professor at Katholieke Universiteit Leuven

Andreas Schwab

Member of the European Parliament

Vincent Steckler

Chief Executive Officer, Avast Software