Digital goo

For some time the opponents of nano technology and some forms of genetic engineering have banded around the concept of grey goo. Clouds of microscopic life forms or structures that destroy or clog up the world. All very apocalyptic but I wonder if we are not on the verge of something similar happening in IT.

So hands up who has a password protected/encrypted file or directory or a thumb drive possibly even a hard disc that they do not exactly know what is in it? and you are not sure what the password/phrase/key is to unlock or decrypt it are?  My hand is up and waving in the air, and I very much suspect I am not alone.

Most of mine are confidential office documents that I have been sent and the password is possibly somewhere in my email, I also have a few encrypted archives that I could probably by deduction find the password I also have a thumb drive that I have no idea what the key is. With the files the worst ones are where I cannot tell by the file name what it is but because it is encrypted I know it is important, so I keep it, even if I do not have the key!  In effect I have just filled up part of my disk, and my backups with useless digital noise, it is digital goo.

With encryption becoming a common feature in today’s information protection armoury I predict that this situation without the simultaneous introduction of key management will become increasingly common.  One of the first things anyone deploying any technology that encrypts or locks data in anyway needs to consider is how are they going to manage the keys. How will key recovery work? Where is there key material in my environment? Can master keys be used to allow trusted processes such as backup and archiving solutions understand the content and apply appropriate policies? All questions that need to be answered before you deploy the technology, otherwise do not blame me if in a few years time all of your systems are gummed up with digital goo.