There are a lot of conspiracy theories out there about what really happened to TrueCrypt, the free disk encryption software that suddenly shut down without warning or explanation last month.
As much as we enjoy a good puzzle, this one isn’t going to be solved any time soon – the anonymous developers behind TrueCrypt have come forward, but only to say that they have shut down the project and won’t be bringing it back.
Despite being nominally open source software, TrueCrypt was always a bit secretive. Unlike many free, open source projects, the main developers and maintainers were unknown to the open source community.
We don’t know exactly why the developers shut down TrueCrypt, who exactly they are, or whether the software is compromised. Some are attempting to revive it.
Sophos security experts have some advice to help TureCrypt users – but it starts by saying it’s time to stop using TrueCrypt and to find another solution.
5 tips for data security
Encrypting your data and communications is vital in today’s security landscape. Sophos security experts offer these five key recommendations for moving beyond TrueCrypt to an alternative for data protection.
- Use vetted, trusted, operating system-level encryption like Microsoft BitLocker and Mac FileVault 2. TrueCrypt was not using the latest technology, so now is a great time to move to compliant encryption standards.
- The real issue with business use of encryption has been key management. You need good key management that enables encryption beyond just full-disk on your laptops.
- Data isn’t only on your disks. Users are taking it everywhere, especially the cloud. Now’s a good time to reevaluate your data protection strategy to make sure you’re protecting data everywhere.
- Non-Windows platforms need encryption, including OS X, Android and iOS. And don’t forget any systems still running Windows XP, you’ll need to protect them too.
- A thumb drive or DVD can hold sensitive records too. You need to encrypt all your storage devices as well.