Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Encryption, things you should know

March 2020 by Colin Tankard, Managing Director, Digital Pathways

Encryption is the process by which information is converted from a readable format into one that obscures it’s meaning from those without the authorisation or ability to decipher it and has long been used to protect sensitive information from prying eyes.

Encryption is invaluable for ensuring that sensitive information that falls into the wrong hands if it is lost or stolen is prevented from being of use to anyone without the ability to decrypt that information. It satisfies requirements for data confidentiality and integrity by ensuring that information has not been tampered with.

Encryption has a key role to play in keeping sensitive and confidential information safe from criminals and prying eyes. The use of encryption is the best strategy for maintaining security of data when in storage or being transmitted, such as over email.

Originally considered to be a complex technology to deploy and manage, it has now moved on and can be easily used by anyone.

Here are some points you should know about encryption:

1. Due to the increasing levels of both businesses and individuals falling victim to a plethora of cyber attacks, the need for encryption is at an all-time high.

2. The process of encryption scrambles communications into a ciphertext that looks like gibberish. Only those with the correct decoding key will be able to unlock it.

3. Providers such as Google or Microsoft, or other centralised providers, offer encryption, but if they hold the encryption key they may decode data if formerly asked to do so, by say the US government for example, under the Patriot Act.

4. End-to-End encryption stops third parties accessing data, as it flows from the sender to receiver only and is used by apps such as Whatsapp. Also, private networks can be set up to achieve this; these are called Virtual Private Networks (VPN).

5. Private Key encryption is used for both encrypting and decrypting. Both parties use the same key to access and secure the data.

6. Public/Private Key encryption is available for all to use but, only the intended receiver will have the decryption key by which to unlock the communication. This process works so that any person can encrypt a message using the receiver’s public key, but the encrypted message can only be decrypted with the receiver’s private key.

7. The benefits of using encryption include:
. Security of data movement and at rest, within the cloud
. Meeting the requirements of GDPR and other regulations
. Keeps data safe, preventing service providers or third parties accessing or exposing data
. Provides safe harbour from breach notifications.

8. Encryption is based on levels of complexity and thus, security. The higher the encryption number, the better the encryption code. Typically 256bit encryption is the standard level.

9. There are many names for encryption codes. Some are held for government use only, and many others are proprietary. The most common commercial and widely recognised as being of a strong level of encryption are AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adleman) and DES (Data Encryption Standard). These should be chosen as opposed to unproven versions.

10. When linked to access control, encryption can be a powerful tool in the separation of duties, by controlling who or what process can see the data. This means users, in particular system administrators, can be prevented from reading the data but still allowed to manage it, for example, to do backups.

We all want to be able to communicate securely and without interference.
Encryption can help us to achieve this and should be considered a core, if not the starting point, of any data security strategy that organisations, or individuals, develop both for data at rest and in motion.

For both data security needs and for achieving regulatory compliance, encryption should be considered to be a baseline.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts