Oscar-Winner “The Imitation Game” Underscores Permanent Relevance of e-Security
No doubt you’ve heard about the Oscar winning movie, “The Imitation Game.” What you may not know is that it focuses on current technology: encryption.
24 February 2015
No doubt you’ve heard about the Oscar-nominated movie, “The Imitation Game,” which was written by Graham Moore, and starred Benedict Cumberbatch and Keira Knightley. And at the Oscars last Sunday, the film won the best adapted screenplay award. What many of you may not know is that this (generally) true World War II story centers on very current technology: encryption.
For any non-technologists, simply stated, encryption is the act of scrambling a message from plain text so it can’t be read publicly. Two parties agree that the message will be garbled according to a pre-arranged system called a “cipher,” or key. Naturally, during war, armies use encryption to disguise their future plans and prevent an enemy from anticipating their moves.
The Man Who Beat Enigma
During World War II, Germany had a special machine for encrypting military orders, generally called “Enigma.” “The Imitation Game” recounts how British intelligence recruited a mathematical genius, Alan Turing, to participate in cracking Enigma’s encryption system. He succeeded, with help. This is an amazing historic story, for sure — the work of Turing and his colleagues may have shortened the war by a year or more.
But from a strict security technology point of view, perhaps, what is most interesting about the story is how central encryption technology has become to our modern lives. Encryption’s role and importance, one might suggest, have only grown since Turing’s day.
Many Varieties of Encryption Keys
Today, e-commerce relies heavily on the ability to encrypt private messages. The mechanical hardware deployed in World War II has today been replaced with hardware tokens, cell phones, or software-generated keys. Some types of the most important current keys and related technologies include:
- Advanced Encryption Standard (AES): a cipher that protects classified data globally.
- Public keys: This is, really simply put, a system that uses two-part encryption and decryption; this requires exposing one of the keys publically, as the name indicates. (Therein lays a vulnerability, too.)
- Customer managed keys (CMKs): This is the next generation of encryption, where a party actually has control of the keys used to encrypt his or her data. This is becoming more prevalent for protecting cloud-based data.
Encryption (just as it was in World War II) is still critical and the stakes involved with creating or breaking it are still enormously high. However, of late, the complexity and security of the technologies have advanced significantly.
Bletchley Park and Enterprise Security
Naturally, as the CTO of a company that puts client security first, I have a great interest in the entire Enigma subject. But also, on another level, I once lived near Bletchley Park, where Turing and the code breakers were located. It is an unassuming “below the radar” location. Bletchley Park wasn’t about marketing — it was about results.
With that in mind, I would like to draw a distinction between a company or organization that spends its time actually doing the quiet hard work of security — instead of a high publicity vendor that draws attention to what it might do — without it actually delivering.
Admittedly, as security technologists, we are doing the reverse of what the Bletchley Park team did. We are trying to create encryption and decryption technology that is unbreakable, and that supports legitimate commerce. To succeed, security must be architected into any solution up-front in the development process, rather than tacked on as an afterthought.
By adding security as a secondary component, the risks that hackers can game it only grow. This makes it possible for the modern-day Alan Turing — or to be more appropriate, an Edward Snowden — to break a company’s code and steal its most valuable assets: data and content.
Last year was nearly a historic one in terms of data breach disasters. It seems we need some quiet hard work to reverse that trend and create virtually unbreakable security technology. In this, we are planning to be ahead of anyone’s imitation game.
Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.