Updated: Feb 12
Data Encryption in IT Security is the conversion of data from a readable format into a ciphered format. Once data is encrypted it is rendered useless to criminals and unauthorized viewers regardless of whether they access it through storage devices or data-stealing malware. Encrypted data is accessible to the user only after a successful decryption process.
Encryption is one of the foundational blocks when it comes to data security. It is the basic and most important way to ensure a computer system's information is not exposed to theft or accessed by someone with malicious intentions.
In every minute, at least one laptop is stolen somewhere in the world and hundreds of mobile devices and portable storage locations are lost. When a device is lost, only 3% of the cost is for replacing the hardware, the rest of the cost is on data loss and reputation damages to a business or an institution.
Why Encrypt My Data?
Achieve data Confidentiality.
Data should be protected from unlawful, unintentional and unauthorized access, disclosure or theft.
Maintain data Integrity.
Data should not be modified or changed unless it is done with the owner's authorization.
Allow Authentication of data access.
All the users and systems accessing data are recognized before they are given access.
Someone cannot deny the validity of sending, modifying or creating data.
Protect users’ credentials and passwords.
Passwords and user names are encrypted before they are stored. Even if the database is compromised, the user credentials in the database are useless as they are not readable.
Safe data storage locations.
Data at rest in hard drives, portable drives and other storages locations should be encrypted.
Trusted online communications.
Online communication on websites and other systems that exchange data online is encrypted end to end. All the data on transit is unreadable even if it falls in the wrong hands. Man-in-the-middle attacks are averted.
Secure remote working.
There has been an increase in remote working, especially during the COVID19 pandemic. All the data transmitted between the user in the remote location and the company network should always be encrypted.
Types of Encryptions.
1. Symmetric Encryption.
This is an encryption method that uses a secret key to encrypt and decrypt the data.
The secret key is shared with all the users. This encryption is best when the data to be encrypted is in a storage location.
2. Asymmetric Encryption.
This encryption method uses two key combination; a public key and a private key. The public key can only be used to encrypt data while the private key decrypts the already encrypted data using its associated public key. This is a secure method for data intended for transmission because the decryption key is never shared.
When a user wants to receive data in an encrypted format, the user sends his public key to the sender. The sender uses the key to encrypt data to a cipher file and then sends it. When the user receives the data, the private key is used to decrypt the cipher file.
3. Hash Function.
This algorithm is only used for encrypting and does not require keys.
This encryption method accepts random data size as input and produces a fixed size output of encoded text called a hash value. The hash value is stored instead of the plain data.
It is used in passwords and sensitive data in databases.
Data Encryption Standards.
Data Encryption Standard (DES)
In the 1970s, IBM developed the DES encryption algorithm. It was the dominant symmetric-key algorithm until 2000.
DES uses a 56 bytes key size which gave approximately 70, 000, 000, 000, 000, 000 combinations.
DES is currently considered insecure for many applications because it can be cracked with brute force attacks especially because of the increase in processing power of computers.
Advanced Encryption Standard.
Advanced Encryption Standard (AES) is a symmetric key-based encryption algorithm. U.S government uses this standard for secure and classified data encryption and decryption. It was published in 2001 by federal information processing standards.
It has a 128-bit block size. The key sizes vary from 128, 196 and 256 bits respectively for AES-128, AES-192 and AES-256 approximately 300, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000.
The biggest question on data encryption is not really encryption, it is key management.
The encryption method you use must guarantee that only the authorized users have access to the encryption/ decryption keys.
Kaspersky Endpoint Security Encryption.
Kaspersky encryption methods:
1. Full Disk Encryption.
Full disk encryption protects data at rest. Everything in the computer's hard drive is protected i.e. files, metadata and directory structures.
The best advantage of Kaspersky full disk encryption is that it eliminates human error as a point of risk because it encrypts everything. Nothing is exposed.
Unfortunately, it does not protect data in transit.
2. File-level Encryption.
To protect data at rest and in transit, we use file-level encryption. With file-level Encryption, data is protected data from all unauthorized access even if it falls to the wrong hands.
By combining Kaspersky full disk encryption and Kaspersky file-level encryption, data is protected from loss or unauthorized access when at rest and on transit.
3. Removable Drive Encryption.
Removable media and hard drives may contain a lot of sensitive data of an organization. That makes it very important to encrypt them too.
Encrypted drives are only accessible to users with the password or a computer that is authorized to decrypt it.
A TLS certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. TLS stands for transport Level Security but is mainly known as Secure Sockets Layer (SSL), a security protocol that creates an encrypted link between a web server and a web browser. SSL was replaced by TLS.
Companies use SSL certificates to secure online transactions and also keep users' information private and secure.
Digicert offers TLS/SSL certificates with the latest and highest encryption in the market.