Encryption Isn’t The Problem; It’s The Solution

This article originally appeared on Forbes.com.

Encryption is one of the most transformative and vital technologies available today. I am obviously a big proponent of using encryption because it’s key to keeping our data and communications secure.

Of course, not everyone feels this way. Some want to be able to limit encryption to enable the good guys to go after the bad guys. Others suggest that encryption is likely only used by someone who has ulterior motives. If you’re innocent, why hide anything?

To these naysayers, I argue that encryption isn’t the problem; it’s actually the solution to many of the problems facing the tech industry today. Encryption can help solve the encroaching issues of privacy and security that face both consumers and businesses — and ward off cybercriminals who want to steal our data.

Encryption Is Unstoppable

Law enforcement and government entities have been some of the most vocal critics of encryption. They argue that in order to protect the public from criminals and terrorists, they need access to all electronic communications and digital data. There has been a push to outlaw encryption or mandate backdoors, or even require companies to share encryption keys with law enforcement. To be clear, it is rare that the motivation behind this criticism is unfounded. Bad things do happen to vulnerable populations online.

The thing is, with an open internet, attempts to hinder encryption via legislation are not viable. Recent studies show that encryption is increasing in almost all industries, with 48% of companies having some sort of encryption policy. Encryption is core to today’s computing; instead of making encryption a political issue here in the United States, we need to embrace its positive aspects and minimize the negative.

You (And Your Organization) Are The Product

You’ve probably heard the adage that if you use a free service, you are the product. This is also true for companies and other organizations that rely upon big service providers. Whether you are an individual or organization, the technology services that your company uses are reliant upon your data — data about your employees, your customers and your business — to generate their revenues and profits.

Of course, when you give multiple third parties access to your company’s data, you increase the risk of that data being stolen or used in ways that don’t benefit your organization. We have come to an inflection point where there may be too much risk and too little reward for giving large tech services access to all your data.

One way to avoid this problem is to use services that do not rely upon your data. Big tech companies like Apple use privacy as a selling point, and Facebook claims it will be less abusive. Encryption is the key to taking back some data control from technology processes that gain access to individual and corporate information just because they can. This makes encryption the real solution to the problem – and keeps your data out of the prying eyes of tech companies and cybercriminals alike.

Accountability In Big Tech

Large tech companies are increasingly in the crosshairs of both legislators and the media, and rightly so. The heads of Google, Facebook and Twitter get called before Congress — multiple times — yet all that results is a series of provocative headlines, scolding editorials, and empty promises. There seems to be no accountability for the industry’s actions.

It doesn’t have to be this way. Big tech can and should be more responsible with our data. Privacy and security are core to our economy and society. Instead of constantly defending themselves, tech companies can get ahead of the problem and become true leaders in data security and individual privacy. The entire industry needs to take the lead on this and employ encryption and other technologies to keep our data and communications more secure.

The Best Defense Is Having Nothing That Requires Defending

It’s obvious to me and many others that encryption is not only vital to security; it is core to modern computing. That said, the best defense against cyberattacks is to have nothing that requires defending. When big tech fills vast data centers with massive amounts of information about us, they become more susceptible to an attack. If they weren’t storing all this unprotected data, our security risk would decrease dramatically.

The bottom line is that we need to reduce the amount of data we let big tech companies access and store — and we need to fully encrypt the data and communications we share. Encryption will continue to play a key role in ensuring our privacy and security. It’s a big part of the solution to our privacy and security problems and one of the most vital technologies available to us today.

If you’re looking to get started with encryption or are trying to enhance your security posture, these best practices are crucial:

  1. Assess what data needs to be encrypted. Prioritize personally identifiable information (PII) and any trade secrets that would be harmful if leaked.
  2. Have a plan for your data while it is at rest and while it is in transit. These require different kinds of protection, but both are vital.
  3. Establish a solid key management plan and assess your encryption performance regularly.

By taking the necessary steps to protect your data, you are protecting yourself, your customers and the future of your company.

Forbes