As part of an effort to make encryption a standard component of every application, the Linux Foundation launched its open source Let’s Encrypt project along with its intention to provide access to a free certificate management service.
Jim Zemlin, executive director for the Linux Foundation, says the goal for the project is nothing less than universal adoption of encryption to disrupt a multi-billion dollar hacker economy. While there may never be such a thing as perfect security, Zemlin says it’s just too easy to steal data that is not encrypted.
As a technology, encryption has been around for a long time. But in its current form, encryption is difficult to implement and a lot of cost and overhead is associated with managing encryption keys. Zemlin says the Let’s Encrypt project will reduce the effort it takes to encrypt data in an application down to two simple commands.
The Let’s Encrypt software project is being hosted by the Linux Foundation, but the actual project is being managed by the Internet Security Research Group (ISRG). Zemlin says it will take a few more months to deliver encryption software, but once it’s ready, the encryption should not only be ubiquitous, the certificate keys required to manage it should also be freely available.
After all the recent high-profile breaches, it’s pretty clear that the IT industry as a whole needs to be more proactive about security. While encryption schemes can be broken, the number of organizations with those kinds of skills is fairly limited. If more data is routinely encrypted, then the number of criminals that can afford to engage in this activity should be substantially less. The end result would be a dramatic reduction of the amount of data that is for sale today on the so-called “darknet.”
Of course, for all that to occur, IT organizations have to actually use encryption, which historically has been a challenge. But as an industry, we’re rapidly approaching the point where not encrypting data is going to be viewed from a liability standpoint as a form of reckless disregard for data to which increasingly larger and larger penalties will undoubtedly be attached.