Cyber Defense eMagazine August 2019
Cyber Defense eMagazine August Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Cyber Defense eMagazine August Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Encryption is a cryptographic method in which data is turned into an encoded and unintelligible version,<br />
using encryption algorithms and an encryption key. A decryption key or code enables others to decode it<br />
again.<br />
The technical challenge introduced by the GDPR is made clear when we examine the mobile applications<br />
(apps) we use in our day-to-day business communication. Many of these come with end-to-end<br />
encryption. But, most of these applications are built in such a way that businesses cannot decrypt the<br />
data being processed by such technologies. This data may include personal data and therefore in case<br />
of a ‘Data Subject Access Request’ places a requirement on the business to decrypt such data and<br />
provide it to the EU citizen in question.<br />
Security gaps created by non-compatible technologies connecting to mobile apps create major<br />
information security challenges. These gaps present an increasing requirement for mobile apps to be<br />
interoperable and secure by design in order to ensure secure data processing between apps and other<br />
technologies they may exchange data with (or otherwise process data).<br />
Secure Chorus is a not-for-profit membership organization in the field of information security, working<br />
with mobile app developers, as well as other secure communications technology providers, to address<br />
secure data processing. We have addressed this cybersecurity requirement through a strategy of<br />
government-industry collaboration, with industry members developing a number of mobile apps based<br />
on common technology standards to ensure that the app architecture facilitates the exercise of data<br />
subject rights under the GDPR.<br />
Secure Chorus supports MIKEY-SAKKE an open identity-based public key cryptography, which provides<br />
for end-to-end encryption and can be used in a variety of environments, both at rest (e.g. storage) and in<br />
transmission (e.g. network systems). Designed to be centrally managed, it gives enterprises full control<br />
of system security as well as the ability to comply with any auditing requirements, through a managed<br />
and logged process.<br />
MIKEY-SAKKE has been standardised by the Internet Engineering Task Force (IETF). Access to this<br />
type of globally accepted, strong and reliable cryptography has become vital to app developers that are<br />
becoming increasingly aware of the widespread risks associated with internet use.<br />
MIKEY-SAKKE is configured so that each user is attached to a Key Management Server (KMS), where<br />
the keys are issued to users by an infrastructure managed by the business’ IT department. This ensures<br />
that the ability to decrypt content remains private to the individuals communicating. However, in<br />
exceptional cases such as a ‘Subject Access Request’, it also allows the business to derive a valid<br />
decryption key from the Key Management Server. To audit an encrypted communication, the organisation<br />
should export a user-specific and time-bound key from the KMS. This key enables an audit function to<br />
decrypt a specific user's communications for a specific time period (e.g. week or month). The KMS is<br />
able to log this action to ensure that it is accountable.<br />
50