The Hard Part About Encryption is Decryption: Here's Why

This is the second of a four-part series on How Virtru Is Making a Simple Difference in the Complicated World of Cybersecurity.

Nothing about cybersecurity is simple. If you're an IT or security leader, you're responsible for protecting hundreds, or even thousands, of data flows.  You’re monitoring a vast and ever growing attack surface.  And every single day, you’re trying to stay one step ahead of increasingly sophisticated threat actors.

But, as complicated as cybersecurity has become, it's definitely possible to boil things down to one essential principle: protect the data.

Protecting Data and Celebrating Global Encryption Day

Since 1995 when three MIT graduates invented SMIME, the best way to protect data has been through the use of encryption. As the creator of Zero Trust, John Kindervag, put it: "What's the best way to protect your data? Encrypt it. How do you encrypt it? You control the keys and certificates that are the underlying technology that make encryption happen."

October 21 is Global Encryption Day, a day dedicated to defending strong encryption and maximizing digital privacy. 

At Virtru, we’re proponents of strong encryption and digital privacy both, but we're also advocates for ease of use. Why? Because we're well aware that most encryption technologies historically have not been easy to use, for those of us who are not software engineers or computer scientists. That's why we've spent the past decade working diligently to make encryption simple for both people sending protected messages, and people receiving them. This way, all parties benefit from enhanced digital privacy.

When you stop and think about it, encrypting data is pretty straightforward. It's actually decryption that's hard — specifically, achieving the delicate balance between ease of use and strong security. You want it to be easy for the right people to access encrypted data (by decrypting it). And you want it to be impossible for anyone else to decrypt that data.

Making decryption easy for the right people is harder than it looks. Say, for example, you're a doctor sharing medical test results with a patient. Of course, you want to make it easy for the doctor to encrypt the information they're sharing with the patient. But you also want to make it extremely simple for the patient to decrypt and access their health data — while ensuring they prove that they are, in fact, the patient. You also don't want anyone other than the patient to be able to access this information.

When easy-to-use encryption is accompanied by secure, easy-to-use decryption, it creates a virtuous circle: Doctors are confident sharing encrypted information with their patients, and patients are confident that their information is being handled securely.

The State of Encryption in 2022

Global Encryption Day is especially timely this year with the recent news of the Microsoft 365 OME vulnerability. Virtru's CMO, Matt Howard, and SVP of Product and Engineering, Dana Morris, sat down to talk about the state of encryption today. 

Why End-to-End Encryption Is Underused

Few would disagree that end-to-end (E2E) encryption is the right thing to do for data security and privacy. It just makes sense to add a layer of protection to sensitive data. So, if it’s the right thing to do, why isn’t it more widely adopted?

Legacy Encryption Services are Difficult for Users

If you’ve ever used a portal-based email encryption service, you know exactly what we’re talking about: No one wants to create an additional username and password to send or open an encrypted message. No one wants to leave their workflows to log into a portal because it slows them down and creates frustration. No one wants encrypted emails to be stored in a separate inbox.

And, importantly, no one wants to send a client, a business partner, or a board member an encrypted message that they can't figure out how to open. Complicated decryption creates unnecessary friction for everyone involved.  And even worse, unnecessary friction causes people to abandon encrypted workflows altogether, and default to un-encrypted workflows, which diminishes privacy for everyone involved.

Some Encryption Methods Are Still Vulnerable

End-to-end encryption is not a monolith: There are many different methods of encryption, some more secure than others. This can make some encryption services susceptible to vulnerabilities, as we recently saw with Microsoft 365 Office Message Encryption.

For these reasons, people might shy away from encryption — which would be a mistake, because encryption is a powerful tool to protect data.

Thankfully, these legacy encryption methods aren't your only options. 

How Can We Make End-to-End Encryption More Widely Adopted?

The benefits of end-to-end encryption are many, and there are tools that make encryption and decryption easy, not cumbersome. A great end-to-end encryption solution should:

• Make encryption and decryption simple. Ease of use isn't just for the primary user; it should be just as easy for the recipient to access the information that's been shared with them.
• Add end-to-end encryption to apps people use every day, so people can get their jobs done without slowing down.
• Combine encryption with policy controls, ideally attribute-based access controls that can easily authenticate the recipient.
• Empower users to share information securely, so that, instead of locking away data in a silo, users can share information with the confidence that it will be secure, even after it’s left their organization.

Two Questions to Ask Security Vendors

If you're choosing a data protection solution, there are two key questions that you should be asking: 

1. How easy will it be for me, my teams, and our external contacts to use encryption? 

2. If it is, in fact, easy, how secure is it?

You'll want to ensure that ease of use is always coupled with strong protections to safeguard your data.  

Choose Human-Friendly Encryption to Build Trust and Collaboration

On Global Encryption Day, we want to make one thing clear: Encryption and decryption should be easy for people to use. 

Imagine a scenario where, instead of a frustrating and difficult encryption experience, you could:

• Encrypt messages with one click, right within your email window.
• Make it easy for people to access the encrypted information you share with them.
• Automatically apply encryption for the truly sensitive data only (think social security numbers or credit card information).
• Get encryption for your whole team for an affordable price.
• Have peace of mind that your data is protected with AES 256 GCM mode encryption (not subject to the same vulnerability as Microsoft OME)
• Deploy encryption quickly, getting up and running in less than a day.

Virtru makes all this possible, putting powerful encryption in the hands of the people who need it — which is everybody.

As Virtru customer Ram Avrahami, Head of Global IT and IS at NEXT Insurance, said so well, “We want everyone to have the ability to protect the files they’re sending. At some point, everybody in the company will need to share something sensitive—maybe not daily, maybe not weekly—but eventually, they’ll need to."

On this Global Encryption Day, we hope you’ll reflect on how a seamless encryption and decryption user experience can empower people to share sensitive data and maintain complete control over their privacy at all times.

Want to learn more about how you can add easy-to-use encryption to the apps you use every day? We’d love to show you what Virtru can do: Contact us for a demo.