Brendan Rizzo, technical director with Voltage Security, today commented on the news of Google’s Gmail encryption:
“Google has always provided the option for encrypting the link to their webmail service, but this announcement has now completed the evolution from being an option only enabled by the security conscious, to one that will protect the end user whether they know what SSL is or not! This move, largely in reaction to the revelations about the NSA, is akin to strengthening bridges after a large earthquake has struck: lessons have been learned and the public as a whole expects a higher level of protection from that point forward.
“With this announcement, Google has shown their willingness to protect their users emails at every point on the Google network. This is a very positive move which aids those who do not already have a data-centric email encryption solution in place to protect messages over the entire journey from the sender to the recipient.”
In addition, Brendan commented on reports of Microsoft looking through a French blogger’s Hotmail account to find the source of leaked code for Windows 8. As a result of the searches, a former Microsoft employee was arrested in Seattle for leaking code of the not-yet-released Windows 8 code and the kit required to activate the software.
“This story illustrates a fundamental challenge in putting sensitive data under the control of a third party. The safety of that information is now no longer under the control of the actual owner, and becomes subject to whatever prevailing paper policy in in place at the third party. For the average email user this is not usually an issue, but for a company this can have serious implications. Ultimately, from a data protection perspective, that information is now at risk. This is one of the main reasons companies have cited for not wanting to make a move to the cloud for their email infrastructure, despite the potential for dramatic cost savings involved. Companies are therefore turning to data-centric encryption to protect the emails themselves in order to still gain the efficiencies that the cloud has to offer.”