Security Panel – The Cybersecurity Show – S1Ep5
NAYOKA OWARE [00:00:30] Hello and welcome to Episode 5 of Security Panel brought to you by celebrity. I’m Nayoka Oware and today I’m joined by two amazing guests in this episode. We will be discussing End Point encryption. Let’s go to our guests. We have Ben Singyard. Here is a senior encryption specialist from MFG. Hello. And we have Steve Laidler, who is a technical architect from Celerity. Hi. How are you both doing? Very well. Very well. Wonderful. Tell me a bit more about your roles. What is it exactly that you do? Ben
BEN SINGYARD [00:01:03] So I’m a senior encryption specialist at a company called MFG. We’ve been gone for 10 years and we specialise in twice encryption end point encryption and cybersecurity.
NAYOKA OWARE [00:01:13] And Steve, yourself, a technical architect. Tell us more.
STEVE LAIDLER [00:01:16] My name is Steve Laidler. I’m the technical architect for celebrity cybersecurity brand Citadel. And it’s great to be here with Ben to talk about end point encryption.
NAYOKA OWARE [00:01:29] What exactly is endpoint encryption Ben?
BEN SINGYARD [00:01:31] So end point encryption is a piece of security software that is usually developed and rolled out onto piece laptops, mobiles and tablets that scrambles data and locks it down from anyone that’s trying to access it insecurely, only allows authorised users to access the data on your point system.
NAYOKA OWARE [00:01:50] And what would you say the benefits are?
BEN SINGYARD [00:01:53] The benefits mainly would be securing the data. We’ve all heard about data breaches in the news and the data loss. If you have encryption, you reduce the impact to the company, an organisation reduced if you reduce the fines.
NAYOKA OWARE [00:02:07] Let me ask you the same question, Steve. what would you say the benefits of endpoint encryption?
STEVE LAIDLER [00:02:11] I think the benefits we often see this from our compliance and a security framework perspective that, you know, the companies are going to be mandated to publish encryption particular on their end points as part of those frameworks and give them an extra layer of security for a lot of the mobile devices. You know, the things that could be left on trains or in coffee shops.
NAYOKA OWARE [00:02:35] Yes, of course, that’s happened to all of us. Or maybe just me. We know that there are different types of endpoint encryption. But what exactly are they and how many?
BEN SINGYARD [00:02:47] There was quite a few from an endpoint perspective with whom it can be full disk encryption, which is the device which is like your laptop. Theres also file and folder which protects individual files and folders when he could email them out, but on top of that you also got email encryption, which then protects the body of the email as well as your attachment. You got mobile device management which can aforge your data security policies on the mobiles. We’ve already put a pin which encrypted data and there’s move media encryption, they are the ones you hear about in the news where a hard drive or usb stick has been left on the train for the Queens Airport route on. And it’s been unencrypted.
NAYOKA OWARE [00:03:26] Thank you for that. Can endpoint encryption be managed in-house? That’s a question for you, Steve.
STEVE LAIDLER [00:03:32] Yes, it can. There is potential for that or managing it by a service, which is which is where partners and MFG and ourselves come into play.
NAYOKA OWARE [00:03:45] And are there any benefits to outsourcing the management of organisations endpoint encryption
BEN SINGYARD [00:03:53] I would say Yes, definitely. I can imagine. Steve said in-house. But you need hardware, software, training of the service, maintenance of the service. You know there’s no cost. There’s no upfront cost. Subscription based model is quite a few reasons.
STEVE LAIDLER [00:04:09] I think that also, you know, the traditional kind of scenario is that organisations often get into lack of skill, lack of time. All of those things play a part in then looking at a service based approach as opposed to trying to manage it in-house. People often you know I.T. departments just don’t have a time these days, budgets, etc. to do that. So passing it across to a to a trusted partner is a very, very good alternative.
NAYOKA OWARE [00:04:36] The best way to go in probably less time consuming for them as well. Can you give us examples in the real world where endpoint encryption has thwarted cyber attacks successfully?
BEN SINGYARD [00:04:48] It’s quite a tricky question, to be honest. We hear about in the news where encryption has not been used. and that’s because the compliance rules require you to, if you have data, lost a breach. You have to notify the ICO, the UK’s governing body, if you do have encryption. And it can be proved the point that they lost a breach of your device, your hard drive, your mobile phone, you don’t actually have to notify it. So the public will never know, or at least it’s not been publicly announced by the media.
STEVE LAIDLER [00:05:18] I think the culture that we live in now is a very mobile culture. We we pretty much attach to mobiles, laptops and Internet. From the human element that at some point we’re going to leave that on a train in the coffee shops. You know those devices are just gonna be left around unlocked and potential unprotected. So I think it’s, you know, the encryption factor then comes into play and protects those devices from, you know, anybody stealing the data in that scenario.
NAYOKA OWARE [00:05:52] Absolutely. I agree with you. Do you think end point encryption is high on the agenda for I.T security professionals?
STEVE LAIDLER [00:06:02] No, but I think because of the complaints and, you know, the mandated from the board level downwards, it will be forced onto the agenda. It’s going to become more and more important. As you know, we hear about cybersecurity breaches almost on a daily basis now. So, you know, cybersecurity is going to become front and centre for a lot of organizations as the sort of, you know, the prevalence of it increases. And that will then forced the board to address it and therefore filter down. And then it will hit the agenda of I.T managers. And it already is to some degree. We’ve seen the effects and WannaCry. And the like.
NAYOKA OWARE [00:06:42] As important as it is, why do you think it wasn’t already on the agenda?
STEVE LAIDLER [00:06:45] I think to some degree it was. I think, you know, data is an important commodity. Yeah. And I think different organisations attach different importance to it. If if the data is considered to be important and considered to be an asset, then encryption is almost a normal kind of feature of a business. Organisations that don’t encrypt that data either. It’s the old budget and time scenario or they’ve not attributed enough importance to it or they just simply haven’t thought about it.
NAYOKA OWARE [00:07:21] Thank you for that, Steve. Is end point encryption purely for larger organisations?
BEN SINGYARD [00:07:27] Definitely not. It’s the GDPR. And then the subsequent DPA, the Data Protection Act 2018, which came into affect last year, is for everyone. It’s all organisation of any size. Like Steve said the value of data is high. You won’t want the latest car race car Formula One car design being granted on hands for your competitors. So to protect that. And that’s often quite a high profile one. But any customer data you hold on a accountancy database that also needs protected. So even if you’re an IFA single person business, that data is still valuable. So it’s to be protected.
NAYOKA OWARE [00:08:04] Thank you. And you completely agree with that, Steve?
STEVE LAIDLER [00:08:06] Absolutely. Yes. Yes. Especially with the advent of GDPR and whatever, variations of that happened around the world. You know, a lot of countries are talking about that kind of legislation. Then it’s inevitable that, you know, encryption will will will play a part in the those and those factors, you know.
NAYOKA OWARE [00:08:24] Thank you for that. Have you noticed any trends in the industry when it comes to encryption?
STEVE LAIDLER [00:08:30] I think the adoption of encryption is probably driven, like we said before, from the perspective of how valuable valuable that data is and how much of a commodity or how much of an asset or an organisation or a sector or an industry attributes to it. So organisations that attribute to high value to the data have already adopted some degree of encryption, whether at the storage level, the endpoint level of the server level and other organisations will will adopt that that approach as things like GDPR and other frameworks and other regulatory compliance requirements come along. I think that probably pushed by by those if they don’t get to to that sort of thought themselves.
NAYOKA OWARE [00:09:18] OK. Thank you for that. Have you noticed any trends Ben?
BEN SINGYARD [00:09:21] As a solution provider. Yeah. With the GDPR and obviously the data proctecting act that come into effect last year. We’ve seen a big uptake in encryption solutions especially on endpoints because like I said that they’re easily nickable . It’s steelable. That’s what people want. And data is valuable. So, yes, we have it will be the same as antivirus 20 years ago. You couldn’t buy a P.C. without an antivirus. Nowadays, you look for it as a kind of a staple of your I.T. encryption will become the same on endpoints so we already do it on mobile phones. We need to start doing it on laptops and desktops are valuable to companies.
NAYOKA OWARE [00:10:00] Thank you for that. And lastly, do you have any closing advice for the viewers? Because I just feel as though some people don’t understand the importance of encryption. And I’m not quite sure why that is.
STEVE LAIDLER [00:10:11] I’m not sure. I mean, encryption is important. You know, I think with the likes of mobile phones, things like WhatsApp, encryption is becoming a slightly more day to day sort of factor because, you know, the more aware of the endpoint encryption of that sort of messaging platforms that are around. I think, you know, over time that will start to filter into to other aspects of their technology.
NAYOKA OWARE [00:10:36] OK, and yourself Ben?
BEN SINGYARD [00:10:37] I would say yes. Don’t think you’re okay by not having encryption. The ICO Information commission officer clearly state If you do have encryption, they will look on you better move it more from the eyes to say that you have thought about encryption. Do you need to mention or not for your organisation? And even if you if you say yes or no. If you look as you’ve looked at it, chances are you’ll be okay. If you don’t like it and have no interest in it whatsoever, they’ll start to think. We’re going to slap you with a fine. In the event of a data breach.
NAYOKA OWARE [00:11:07] And nobody wants to have everyone say because they are quite large now. Yeah. Yeah, absolutely. Thank you both so much for your time. That was a very informative discussion and thoroughly enjoyable too. thank you very much. Thank you so much for watching. Do you join us for our next episode where we will be discussing cyber security further, thank you.