Encryption is a method for storing or sharing data to avoid compromise of the data. It is a key component in data security strategies.
The encryption process typically involves the use of algorithms to covert data into an unreadable format. To decode the encrypted data, a user must have the correct digital key and/or credentials.
Related: Granular File Encryption Without Passwords
Data encryption has developed into an critical cybersecurity measure in recent years. Numerous factors that have driven encryption’s rise. Factors include the growing series of points that data traverses through, which creates more exposure. In addition, hackers have become more sophisticated in their tactics, making it necessary for organizations to adopt stronger data security techniques like encryption.
Encryption is widely used today in everything from internet communications, internal networks, hard drives, and databases to private and public cloud, data center storage, file systems, backups, and online payment systems.
How Does Data Encryption Work?
Data can be encrypted at rest or in motion.
There are two basic ways to encrypt data: symmetric or asymmetric encryption methods. They can be used separately or together.
In symmetric encryption, the data’s owner shares a private key with another user to access the data. This method is often used when large amounts of data are involved.
Asymmetric encryption requires two keys: a public key for encryption and a private key for decryption. Anyone who needs to encrypt a piece of information can use the public key, but only users with the right private key can decrypt that information.
Email is an example of asymmetric encryption: You may receive an encrypted email from an organization, but only you can open it with your private key.
Asymmetric encryption is typically seen as more secure than symmetric encryption but can slow down traffic.
Symmetric Vs. Asymmetric Encryption
Symmetric and asymmetric encryption have their respective pros and cons. For example, symmetric methods are faster than asymmetric methods, but asymmetric methods are considered more secure.
Choosing between symmetric and asymmetric encryption -- or whether to use them together -- depends on three things: your tolerance for risk, the need for speed, and your individual use case.
Common use cases for symmetric cryptography include anything related to personal identifiable information (PII) or Payment Card Industry (PCI), such as encrypting credit cards or other PII required for transactions. Symmetric cryptography is often also used for confirming the identity of someone sending a message and for data at rest or in storage.
Asymmetric cryptography is often chosen when security is the top priority. Common uses of asymmetric cryptography include digital signatures, blockchain, public key infrastructure, email security, web security, and cryptocurrencies.
There are times when it makes sense to combine symmetric and asymmetric encryption, especially when both speed and security are important. In common cases, symmetric cryptography is used to encrypt most of the data, while asymmetric cryptography is used to encrypt the symmetric encryption/decryption key and the encrypted data itself.
Some of the most important uses for combined methods include messaging applications (authenticating users with asymmetric encryption and encrypting the contents of the conversation with symmetric encryption) and SSL/TLS (asymmetric encryption to establish a secure session between server and client, and symmetric encryption to exchange data within the secure session).
Examples of Encryption in Use
There are two ways to do encryption: through specialized software or through encryption features built into apps and security tools like payment gateways, cloud security software, and email security products.
Prominent encryption vendors include AxCrypt, Kruptos, Baffle, Enveil, ShardSecure, Boxcryptor, Bluefin, Sophos, Kaspersky, Virtru, and Ubiq Security.
Here are some examples of encryption in use:
Securing test results
A DNA and medical testing company needed to securely communicate test results to clients, legal representatives, and the court system. The company deployed technology from Virtru, starting with its Gmail encryption offering, which allowed company staff to share sensitive information securely via email. The company later adopted Virtru Data Protection Gateway to protect sensitive data that flows through its customer relationship management (CRM) system. The Gateway product automatically applies encryption to sensitive messages sent via the CRM. As the result, the company met General Data Protection Regulation compliance standards for managing clients’ sensitive data.
Application-layer encryption for a web application
A managed security services provider (MSSP) was tasked with ensuring the secure transfer and storage of confidential customer data via its client-facing web application. The MSSP adopted application-layer encryption from Ubiq Security, which encrypts data based on the application that owns the data rather than the storage medium or disk where the data is stored. When data is stored or transferred over the network, it remains encrypted until it reaches the destination application that holds the encryption keys. The Ubiq Security offering also added entity-level encryption so that each data element had its own unique encryption key.
Securing data in motion
A Danish company that owns and operates an 18-kilometer crossing needed a more secure way to collect and manage its traffic measurement, control, and monitoring data. The company, which had relied on traditional firewalls to encrypt external connections, acquired Zybersafe, a hardware product. Zybersafe is encrypted according to the AES 256 GCM standard, a so-called block encryption algorithm, where encryption keys can be up to 256 bits in length.
Keeping research projects secure
A university research lab had to encrypt confidential research data and protect it from unauthorized access throughout projects. At the same time, the data needed to be accessible for cloud-based collaboration. In addition, the research team wanted a granular level of control over permissions to access specific files and folders. The team deployed privacy-compliant encryption software from Boxcryptor, which ensured students’ projects and work were stored securely and accessible in the cloud. Today, full datasets containing PII are encrypted using Boxcryptor.
Data encryption has become more important today than ever before. Encryption technology helps organization protect sensitive data, intellectual property and critical applications against data breaches. The technology also helps organizations comply with privacy and data security regulations.
Despite encryption’s broad benefits, however, only about 50% of organizations have developed a comprehensive encryption strategy that is used consistently, according to security firm Entrust.
A multitude of vendors have developed products, and the market continues to grow. There is little excuse for not adopting encryption practices today.