Modern businesses have a wealth of data, from financial information to customer demographics, most of which they wish to keep private. Data encryption allows them, and you, to protect data privacy while keeping it accessible to legitimate users. However, encryption is not infallible. Knowing how data encryption works and what your options are can help you minimize your risks and protect your most valuable assets. Show
In this article:
What Is Data Encryption?Data encryption is a method of protecting data confidentiality by converting it to encoded information, called ciphertext, that can only be decoded with a unique decryption key, generated either at the time of encryption or beforehand. Data encryption can be used during data storage or transmission and is typically used in conjunction with authentication services to ensure that keys are only provided to or used by authorized users. Why is it important?Data is more accessible and desirable to attackers than ever, increasing the need for protection. Additionally, many businesses face data protection regulation requirements, many of which explicitly require the use of encryption. Outside the clear benefit of enhanced security, privacy protection, and prevention of unauthorized access, encryption helps ensure data integrity. Encryption protects content from unwanted modification, and can be used to verify data’s origin and authenticity. Symmetric vs Asymmetric EncryptionThe type of encryption used depends on how data is intended to be accessed and by whom. Symmetric Encryption (Private Encryption Key)Symmetric encryption uses a single, private key for encryption and decryption. It is a faster method than asymmetric encryption and is best used by individuals or within closed systems. Using symmetric methods with multiple users in open systems, such as over a network, requires the transmission of the key and creates an opportunity for theft. The most commonly used type of symmetric encryption is AES. Asymmetric Encryption (Public Encryption Key)Asymmetric encryption uses paired public and private keys that are mathematically linked and can only be used together. Either key can be used to encrypt data but the paired key must be used to decrypt it. Asymmetric encryption is used by multiple users and across open networks, like the Internet, because the public key can be freely shared without risking data theft. The most commonly used types of asymmetric encryption are ElGamal, RSA, DSA, and PKCS. Data Encryption Types – PARTIALExamples of Data Encryption AlgorithmsThere are numerous data encryption algorithms to choose from, depending on the use case, but the ones most frequently used are:
Data Encryption StandardsApart from data encryption algorithms, there are also industry standards that govern their usage in organizations. Here are two important standards. NIST Federal Information Processing Standard (FIPS) 140-2The FIPS standard was developed in accordance with the US Federal Information Security Management Act (FISMA). They are intended for use by the US federal government, and many US government agencies and institutions require FIPS-level encryption. At the same time, FIPS has been voluntarily adopted by many in the private sector as a strong standard for encryption of sensitive data. Common Criteria (CC) for Information Technology Security EvaluationCC is not an encryption standard but a set of international guidelines for verifying that product security claims hold up under testing. Originally, encryption was outside the scope of CC but is increasingly being included in the security standards defined for the project. CC guidelines were created to provide vendor-neutral, third-party oversight of security products. Products under review are submitted on a voluntary basis by vendors and whole or individual functionalities are examined. When a product is evaluated, its features and capabilities are tested according to up to seven levels of rigor and compared to a defined set of standards according to product type. Encryption of Data In Transit vs. Data At RestData is valuable regardless of whether it is being transferred between users or sitting on a server and must be protected at all times. How that protection is accomplished depends on the state of the data. Data Encryption in TransitData is considered in-transit when it is moving between devices, such as within private networks, through the Internet, or from laptop to thumb drive. Data is at greater risk during transfer due to the need for decryption prior to transfer and the vulnerabilities of the transfer method itself. Encrypting data during transfer, referred to as end-to-end encryption, ensures that even if the data is intercepted, its privacy is protected. Data Encryption at RestData is considered at rest when it resides on a storage device and is not actively being used or transferred. Data at rest is often less vulnerable than when in-transit, due to device security features restricting access, but it is not immune. Additionally, it often contains more valuable information so is a more appealing target for thieves. Encrypting data at rest reduces opportunities for data theft created by lost or stolen devices, inadvertent password sharing, or accidental permission granting by increasing the time it takes to access information and granting time needed to discover data loss, ransomware attacks, remotely erased data, or changed credentials. Can Encrypted Data be Hacked?In short, yes – encrypted data can be hacked. There are multiple ways attackers can compromise data encryption systems:
Despite all these risks, encryption is a strong and effective security measure. But in light of the chances that encryption will be compromised, it must be treated as another layer of protection, and not the only defense organizations use to protect their data. What is Cloud Based Encryption?When an organization stores data in the cloud, it can leverage the cloud provider’s ability to encrypt the data. Most cloud service providers offer encryption as a service, either built into cloud services or as a separate offering. Cloud-based encryption is convenient and allows many organizations to meet their compliance obligations in the cloud. Before using cloud-based encryption, it is critical to determine exactly what the cloud provider offers:
Cloud encryption is a central component of any cloud security strategy. However, organizations should be aware of these important concerns:
Key Features of Data Encryption SolutionsData encryption solutions are solutions that enable an organization to implement encryption at large scale. They include advanced encryption algorithms, together with management tools that help deploy encryption, manage keys and passwords, set access policies, and monitor how encryption is performed across the organization. To be useful, data encryption solutions must be easy to use, or even better – completely transparent so they encrypt sensitive data with no human intervention. They must also be highly scalable, to accommodate growing data volumes, and fast, to ensure they have minimal impact on employee productivity. Here are key features you should look for in a data encryption solution:
Data Encryption Trends TypesHere are a few trends likely to drive the development of data encryption in the future: Bring Your Own Encryption (BYOE)BYOE is a cloud computing security model that allows cloud services customers to manage their own encryption keys using their own encryption software. It is also known as Bring Your Own Key (BYOK). BYOE works by allowing customers to deploy virtualized instances of their own encryption software alongside cloud-hosted business applications. Encryption as a Service (EaaS)EaaS is a subscription model in which cloud providers offer encryption on a pay-per-use basis. This approach addresses compliance concerns and provides customers with some capabilities to manage their own encryption, to secure data in multi-tenant environments. These services typically offer full disk encryption (FDE), database encryption, or file encryption. Cloud Storage EncryptionA service in which cloud storage providers use encryption algorithms to protect all data saved to cloud storage. This is similar to encryption performed on-premises but with important differences. Cloud customers should take the time to understand the provider policies and procedures regarding encryption and key management to match the level of confidentiality of their self-managed encrypted data. End-to-End encryption (E2EE)E2EE ensures that an attacker who intercepts a communication channel cannot see the data transmitted between them. The use of Transport Layer Security (TLS) to create an encrypted channel between web clients and web servers does not always guarantee E2EE, because attackers can access the content before it is encrypted by the client and just after it is decrypted by the server. Field-level encryptionField-level encryption is the ability to encrypt data in specific fields on a web page, such as credit card numbers, social security numbers, bank account numbers and health information. Sequential Link EncryptionThis is a method that encrypts data as it leaves a host, decrypts it on the next network link (which can be a host or a relay point), and re-encrypts it before sending it to the next link. Each link can use a different key or different algorithm to encrypt the data, and the process repeats until the data reaches the receiver. Network-Level EncryptionThis method applies cryptographic services at the network forwarding layer (level 3 in the OSI model). This is above the data link layer, but below the application layer. Level 3 encryption is achieved through Internet Protocol security (IPsec). When used in combination with a set of IETF standards, it creates a framework for private communications in IP networks. 6 Benefits of Data EncryptionTo summarize our discussion, here are the main business benefits of data encryption:
Cloudian HyperStore: Secure Mega-Scale Storage with Built-In EncryptionIt takes a lot of work to ensure that your data is encrypted and your security keys are properly managed. Cloudian HyperStore is an on-premise object storage solution that can help you simplify these processes in your cloud, whether it’s private, public or a hybrid. HyperStore is fully S3 API compliant and includes automatic data verification and encryption. It uses two server-side encryption methods, SSE/SSE-C and Keysecure, and supports the use of third-party key management systems to keep your data safe at rest. HTTPS is used for upload and download requests to keep data protected in transit as well. Encryption can be managed at bucket level down to that of individual objects, allowing you full control. Cloudian HyperStore can help you store your data securely and efficiently, keeping it accessible to your broader storage systems and secure from breaches. What type of data should be encrypted?In broad terms, there are two types of data you should encrypt: personally identifiable information and confidential business intellectual property. Personally Identifiable Information (PII)PII includes any kind of information another person can use to uniquely identify you.
What is an example of encrypted data?Encryption is an important way for individuals and companies to protect sensitive information from hacking. For example, websites that transmit credit card and bank account numbers encrypt this information to prevent identity theft and fraud.
What is encryption of data?Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted). Users can access encrypted data with an encryption key and decrypted data with a decryption key. Protecting your data. Types of data encryption: asymmetric vs symmetric. Benefits of data encryption.
What are the 2 types of data encryption?There are two types of encryption in widespread use today: symmetric and asymmetric encryption. The name derives from whether or not the same key is used for encryption and decryption.
|