• Technika
  • Elektrické zařízení
  • Materiálový průmysl
  • Digitální život
  • Zásady ochrany osobních údajů
  • Ó jméno
Umístění: Domov / Technika / What You Need to Know About Data Encryption Right Now

What You Need to Know About Data Encryption Right Now

techserving |
2163

You might feel like you’ve heard these imperatives a million times: “You need to encrypt your data.” “Your information isn’t secure unless you encrypt it.” “You need to eat your fruits and vegetables.”

But if you’re like a lot of people, you roll your eyes because you have the good intention of taking care of them later. The problem is that ignoring this advice or doing it with half measures can cause irreversible damage. In the matters of data encryption, the damage can be to your company’s reputation, customer trust and financial bottom line. It can also wreak havoc with privacy controls and cause you to run afoul of regulators and auditors.

The problem with such an important security measure becoming trite is that it’s in danger of becoming a simple “check box” item. Organizations with an immature understanding of security may think that the basic encryption capabilities provided by their storage devices or by cloud service providers is enough to keep their data protected and that going further is just falling for the fear, uncertainty and doubt (FUD) stoked by the media and vendors that stand to benefit. Information technology (IT) and security teams are generally short-staffed and overburdened, so it’s all too often the attitude of “check the box, move on to the next task.”

But the reality is more complex than that. Data encryption is essential to protecting sensitive information and privacy, for meeting compliance with regulations and audits, and for ensuring proper data governance. All the IT investment in mobile apps, customer experience and competitive advantage can be squandered in an unforeseen data breach.

How Does Data Encryption Work?

Unencrypted information, like this blog post you’re currently reading, is written in “plaintext.” At its most basic, data encryption involves using an encryption algorithm to scramble or disguise plaintext, rendering it in what’s known as “ciphertext,” which appears as alphanumeric gibberish to a human. An encryption algorithm uses a crucial piece of information, known as an encryption key, to encode or decode the data. Without the encryption key, the algorithm is incomplete and cannot convert plaintext to ciphertext and vice versa.

What You Need to Know About Data Encryption Right Now

Most encryption algorithms are publicly known — there are only so many effective ways to obscure sensitive data — so the crucial element of a data encryption strategy is the management and control of the encryption key. Indeed, the key is essential. Encrypted data can be rendered useless forever simply by deletion of the key.

Learn more — register for the webinar

Types of Encryption

Asymmetric encryption, also known as public-key encryption or public-key cryptography, uses the combination of a public key and a private key to create and decode ciphertext. The most common types of asymmetric encryption are:

  1. RSA, named after seminal computer scientists Ron Rivest, Adi Shamir, and Leonard Adleman. It uses a public key to encrypt data and a private key to decrypt it.
  2. Public-key infrastructure, PKI, uses digital certificates to govern the keys.

Symmetric encryption uses a single secret key shared between the parties prior to encryption. It’s considered faster and more inexpensive than asymmetric encryption, but to be secure it required encrypting the key itself, which can cause a terminal dependency on yet another key. Popular symmetric encryption types include Data Encryption Standards (DES), Triple DES, Advanced Encryption Standard (AES), and Twofish.

Encrypting Data at Rest Versus Data in Transit

When data is stored on a hard drive or on a server, it is considered data at rest. When data is sent for tasks such as email or over instant messaging applications, it becomes data in transit, or data in motion. Historically, data at rest was the target of breaches so techniques like full-disk encryption and file-level encryption were used to protect the data in the equivalent of a fortress, often with the protection of a firewall.

Data in transit continues to grow in parallel with the explosion of mobile devices, the internet of things (IoT), 5G networks and hybrid multicloud environments. As a result, it has been a growing target of cybercriminals and poses greater challenges to securing it, especially when doing so can negatively impact performance of daily tasks or slow financially sensitive transactions like trading or ecommerce. The common techniques for protecting data in transit involve using secure network protocols like HTTPS, secure socket layers (SSL), FTPS and wireless protocols like WPA2.

The Basics of Key Lifecyle Management

Just like a forgotten combination to a safe or a lost password to a cryptocurrency account, losing an encryption key can mean losing access to what it was designed to protect. Key lifecycle management (KLM) was developed to avoid losing keys or having them stolen. One founding principle of KLM is that keys must be managed separately from the data they are protecting.

A typical key management lifecycle will include the following steps:

Data Encryption for Enterprises

While both the value of data and the attendant criminal activity continue to grow at impressive rates, there are well-established practices for protecting data that have evolved to meet today’s challenges. Here are some of the data protection methods and tools employed by enterprise security teams beyond basic full-disk and file-level encryption:

Whichever way you go about it, encryption is critical to protecting your organization’s most prized asset — its data. And as data privacy, data governance and compliance standards become increasingly important, so too will the keys that hold the power in securing that data.

Interested in learning more? Register for the webinar, “Fight Double Extortion and Ransomware with Modern Data Security.”