What is Data Encryption and Why Is It Important?

A majority of businesses today have quite a lot of private information and data stored digitally, whether it’s in the cloud or on internal servers. Technology has advanced to the point where everything is online - medical records, banking info, financials, etc. Data encryption is how all of this information is protected from potential threats, but still accessible to legitimate users.

Data encryption is a way to protect data privacy by converting it to encoded information called ciphertext. Once the data has been converted to ciphertext, the only way to decode it is by using a unique decryption key. Data encryption is used while data is in storage or during transmission and is often paired up with authentication services. This ensures keys are only given to or used by authorized users.

There are 2 main types of data encryption. The first type is Symmetric Encryption, which uses a private encryption key when encrypting and decrypting. Symmetric encryption works faster than the other method, but should only be used by individuals or on closed networks. You increase the risk of a breach if you use this type of encryption with multiple users over an open network. In this case, the second type of encryption should be used - Asymmetric Encryption.

Asymmetric encryption uses paired public keys as well as private keys, which are linked together and can only be used with each other. Either type of encryption can encrypt data, but you will need both keys if you want to decrypt it. This is much better for open networks (like the internet) because the public key can be shared with others but the data is still protected by the private key.

Along with these 2 methods of encryption, there is also a difference in how the data is encrypted. Data in Transit is when encryption occurs when the data is being transferred between devices. Data at Rest is when encryption occurs while the data resides on a storage device.

There are actually quite a few data encryption algorithms which are used depending on the situation. Here is a list of some of the most common.

• Triple DES (3DES or TDES) - This type runs the DES algorithm, which is actually an obsolete standard. The algorithm runs 3 times, starting with encryption, then decryption, and finally back to encryption. The result is a longer key length. Depending on the security level, this algorithm can be run with a single key, two keys, or three different keys. 3DES uses a block cipher method, which makes it vulnerable to attacks like block collision.
• RSA - This is one of the first public-key algorithms and uses one-way asymmetric encryption. RSA is popular because of its long key length and is still used throughout the Internet. It is included in numerous security protocols. For example: SSH, OpenPGP, S/MIME, and SSL/TLS, as well as being used by browsers to create secure connections over insecure networks.
• Twofish - Twofish is one of the fastest algorithms and it’s available in 128, 196, and 256bit sizes. All three of these options have a complex key structure for increased security. This algorithm is free to use and also appears in software like VeraCrypt, PeaZip, KeePass and OpenPGP standard.
• Elliptic Curve Cryptography (ECC) - ECC was developed to replace RSA because it provides better security using much shorter key lengths. ECC is an asymmetric method used in the SSL/TLS protocol.
• The Advanced Encryption Standard (AES) - AES was established as the US government’s standard for encryption. AES is a symmetric key algorithm that uses block cipher methods. Like Twofish, it comes in 128, 192, 256 bit sizes. It was built for easy implementation in both hardware and software.
• Blowfish - Blowfish is a symmetric cipher with a variable key length (32 to 448 bits. How this algorithm performs is dependent on its key length selection. It is also a block cipher, meaning when it encrypts data, it does so by dividing data into fixed blocks of 64 bits.
• Format Preserving Encryption (FPE) - In addition to encrypting data, the FPE algorithm also performs anonymization for content by retaining its existing format. For example, if a customer ID includes two letters and ten digits, the resulting encrypted form will have the same number and type of characters.

• Secures Remote Work - Employees can work outside of the office and still protect any sensitive data.
• Protects data in transit as well as data being stored - Data that is being transferred between devices has increased risk. A way to guard against threats is to use a TLS (transport layer protocol). When data is stored (especially in the cloud), it is exposed to many threats.
• Data integrity - Encrypting data can prevent both accidental and malicious modification of private, sensitive data.
• Intellectual Property is protected - Intellectual property is valuable to many companies, and data encryption protects these assets.

Data encryption will continue to improve, and that advancement will likely come from these trends.

End-to-End encryption (E2EE)
E2EE ensures that a hacker who intercepts a communication can’t see the data being transferred between the devices. This is a big improvement over using Transport Layer Security (TLS) to encrypt the channel. Using TLS does not guarantee E2EE because hackers could view the content before it’s encrypted or just after it’s decrypted by a server.

Field-level encryption
Field-level encryption makes it possible to encrypt the data in specific fields on a web page. For example: credit card numbers, social security numbers, bank account numbers and personal health records.

Bring Your Own Encryption (BYOE)
BYOE is a cloud computing security model that allows customers to use their own encryption software which manages their own encryption keys.

Encryption as a Service (EaaS)
Similar to SaaS, EaaS is a subscription model in which cloud providers offer encryption services on a pay-per-use basis. These services commonly provide full disk encryption (FDE), database encryption and file encryption.

Sequential Link Encryption
This type of encryption encrypts data as it leaves a host, decrypts it on the next network link, and then encrypts it again prior to sending it off to the next link. Every link can use a different key or algorithm to encrypt the data.

Data encryption is extremely important as it provides much needed protection against numerous threats. There are many different types of encryption, so choosing a method should depend on your situation.

If you have any questions about Data Encryption, please reach out!