The Linux Foundation Starts Open Source Encryption Project

Mike Vizard
Slide Show

Five Easy Steps for Securing Data

As part of an effort to make encryption a standard component of every application, the Linux Foundation launched its open source Let’s Encrypt project along with its intention to provide access to a free certificate management service.

Jim Zemlin, executive director for the Linux Foundation, says the goal for the project is nothing less than universal adoption of encryption to disrupt a multi-billion dollar hacker economy. While there may never be such a thing as perfect security, Zemlin says it’s just too easy to steal data that is not encrypted.

As a technology, encryption has been around for a long time. But in its current form, encryption is difficult to implement and a lot of cost and overhead is associated with managing encryption keys. Zemlin says the Let’s Encrypt project will reduce the effort it takes to encrypt data in an application down to two simple commands.

The Let’s Encrypt software project is being hosted by the Linux Foundation, but the actual project is being managed by the Internet Security Research Group (ISRG). Zemlin says it will take a few more months to deliver encryption software, but once it’s ready, the encryption should not only be ubiquitous, the certificate keys required to manage it should also be freely available.

After all the recent high-profile breaches, it’s pretty clear that the IT industry as a whole needs to be more proactive about security. While encryption schemes can be broken, the number of organizations with those kinds of skills is fairly limited. If more data is routinely encrypted, then the number of criminals that can afford to engage in this activity should be substantially less. The end result would be a dramatic reduction of the amount of data that is for sale today on the so-called “darknet.”

Of course, for all that to occur, IT organizations have to actually use encryption, which historically has been a challenge. But as an industry, we’re rapidly approaching the point where not encrypting data is going to be viewed from a liability standpoint as a form of reckless disregard for data to which increasingly larger and larger penalties will undoubtedly be attached.

Add Comment      Leave a comment on this blog post
Apr 10, 2015 11:50 PM Gerv Gerv  says:
The Let's Encrypt project was launched last November: . The new announcement is just that the Linux Foundation will now be hosting it. Reply
Apr 13, 2015 6:37 AM RapidGeek RapidGeek  says:
We need to make it harder for anyone not privileged to information from receiving it. I would like to see a TrueCrypt continuation as well. There are too many unsecured servers and personal computers. Although encryption doesn't provide absolute security it is a pretty big road block Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.