Wednesday August 6th 2014 | 12:00
The fall of TrueCrypt: Reminding us all to choose our encryption solutions carefully
Much has been written about the motives behind the recent shutdown of open source endpoint and file encryption product TrueCrypt. Whether you believe some of the conspiracy theories or the reason given on the TrueCrypt website (which puts it down to Microsoft ending support for Windows XP) there is a lesson in this story for us all.
Fans of TrueCrypt have for many years used it as an example of how open source technology can be effectively used to solve business and personal data privacy challenges. Used to encrypt data at the endpoint, in addition to file attachments, TrueCrypt was relied on by thousands of users to protect their highly sensitive information.
However, this sudden exit from the market, leaving organisations and individuals fearful that their data may now be compromised, highlights the very real risk behind selecting open source technology to solve information security requirements. On one hand the software may be free to use, but on the other, is this cost saving worth placing data privacy at risk?
Protecting sensitive data isn’t something that should be taken lightly, and careful monitoring of those individuals that contribute to the development of encryption software using best practise standards plays an essential part when delivering information assurance. Consequently when procuring a new technical solution, particularly data security or encryption services, it is imperative for organisations to choose a solution provider that offers both openly validated technology, as well as the reliability, long-term technical support and SLAs offered by a stable commercial business.