Search

The problems with backdoors into security solutions

The problems with backdoors into security solutions

The problems with backdoors into security solutions

The problems with backdoors into security solutionsAdam Boone, Chief Marketing Officer, Certes Networks

Backdoors into security solutions, specifically encrypted communications, have been a major topic in some huge debates lately. While this discussion has certainly taken place in the past, it recently has shaken the tech industry to its core after Apple CEO Tim Cook released a letter stating that the company will fight the FBI’s court order to provide a backdoor into an encrypted iPhone.

Cook asserted that if Apple creates a way to circumvent the device’s security features, the organisation is compromising the fundamental aspect of digital security. While the backdoor could only be used once, Cook argued that it wouldn’t, since a backdoor of that magnitude would effectively nullify its attempts to protect private information – anyone, “good” or “bad”, could gain access to that backdoor and use it to steal data and further compromise systems.

Now, Google CEO Sundar Pichai joined the conversation, tweeting that by creating a backdoor into a piece of secure technology, whoever does so is essentially “hacking” end users’ computers and “compromising” privacy.

This point of contention has a solid answer, however. A recently published report from Harvard University’s Bruce Schneier and his peers Kathleen Siedel and Saranya Vijayakumar detailed the analysis of encryption products around the world, and these researchers wrote that a national law requiring backdoors into cryptography tools would have an “overwhelming” impact on end users with respect to data protection and privacy. Simply put, any infrastructure component could be compromised if a backdoor exists. It provides access for all those that exploit it, while giving hackers a definite way to infiltrate corporate networks and consumer devices.

That said, the only truly secure approach is to use software-defined security that is decoupled from the infrastructure as a part of a holistic “no trust” policy, in which organisations trust nothing, including the infrastructure itself. With security decoupled from the infrastructure, end-to-end encryption and role-based access control solutions can protect sensitive applications even if a backdoor exists in another product along the communications path.

[su_button url=”http://certesnetworks.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more information on Certes Networks click here[/su_button]

Recent Posts

Subscribe to our newsletter

Don't miss new updates on your email
Click here

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top