Data protection is still a hot topic and the debate about the security of personal data has been refuelled since the developers of TrueCrypt announced the end of the encryption software. But that all has very little to do with company data in the cloud.
In the world of IT, there is one topic on everyone’s lips this year: security. Which encryption is used, how secure is data really – especially in the cloud? The debate has currently heated up and has never been so much in the foreground. The reason for this is that recently the developers of the TrueCrypt encryption program issued a warning against continued use of their software. The development of the encryption tool has been discontinued for now. The developers have published a warning on their website, stating that the software was not safe and could contain unfixed security issues. Users are redirected to alternative offers.
This issue was a hot topic on Twitter and there still is wild speculation as to the real reasons for the discontinuation of the software. Especially since no precise details were given regarding the background: Nothing is known about the security gaps referred to or the identity of the developers. This gives rise to rumours.
Another effect is that these rumours and speculation about special software are now additionally increasing general concern regarding data security. The debate is of course valuable when it comes to boosting awareness for data protection and altering users. But there is no need for widespread panic.
The end of TrueCrypt is not cause for concern in companies
There is no need for additional concern especially where company data and, above all, company data in the cloud is concerned. The TrueCrypt software currently being discussed is largely used in the private sector to encrypt hard disks and removable media. This has nothing to do with the encryption of company data in the cloud. Companies already using cloud solutions should simply know that a professional provider should offer a convincing security concept.
Like one of our customers, for instance, the Munich-based company SSP Europe. Just recently, this service provider presented the first completely secure cloud memory with Triple-Crypt encryption technology. Triple-Crypt immediately triple encrypts data in a complex system, i.e. on all important instances: directly at the user’s terminal device (local encryption), during data transmission (channel encryption) and in the cloud memory (server-side encryption).
Generally speaking, security concerns in Germany are much greater than in other industrialized nations due to events covered in the media, such as the NSA affair or even the mysterious discontinuation of TrueCrypt. This is surprising considering that data protection in Germany meets with the highest demands.
For companies here in Germany, the most important thing is that the provider should take special security precautions when sensitive data is to be managed in the cloud. In addition to suitable software-based encryption technologies and contracts under European and German law, layer-2 encryption and a role-based security concept are the ideal solution. If the provider offers these preconditions, then the data can be considered to be in safe hands.
Conclusion: The discontinuation of the TrueCrypt encryption software remains a mystery and raises questions. But companies who have stored their data in cloud solutions do not need to worry. They should generally check to see which kind of encryption technology is used, which measures are taken by the provider and which legal framework exists. After all, there is no need to panic.