A quick primer into the technology that forms the bedrock of data security.
Keeping information from unauthorised eyes is a practice as old as recording information. Regents would add their seal into wax to stop snoops from reading orders. Warring nations spend great expense and effort to break the codes of their opponents. And in the modern era, encryption has become the baseline for protecting data.
“You can find examples of encryption everywhere: chat clients, VPN networks, bitcoin wallets, even ransomware attacks,” says Wade Calenborne, Chief Operating Officer at Sithabile Technology Services. “The strength of modern encryption is so good that criminals generally don’t even bother trying to crack it. That’s one reason why phishing attacks are so popular as they give a way around encryption. When the bad guys go around something rather than through it, that tells you something.”
The science of encryption
Digital encryption scrambles data into a coded form that requires a unique string of characters (called a key) to unlock. Longer keys are harder to crack. Current standard key lengths vary between 128 bits and 4,096 bits.
A 128-bit key is already almost uncrackable—it will take a standard computer over a billion years to find the right combination. Though it may seem logical to encrypt everything with even longer keys, these require more time to decrypt information. Encryption has to balance security, access, and data type.
There are different types of encryption. The two most common are asymmetric encryption, which uses two keys, and symmetric encryption, which uses one. Symmetric encryption is faster but requires sharing the key. Asymmetric encryption keys are less likely to be stolen but require more to decrypt data.
Since trying to guess an encryption key can take a long time, criminals instead resort to stealing the account credentials of people with access to those keys, says Calenborne:
“Whoever sends or receives the data will have a key, so criminals focus on stealing their login details with phishing and malware. Encryption is useless if someone can access the key. This is why it is crucial to have proper account security and to make frequent backups of data.”
The future promises more versatile forms of encryption. New and improved encryption standards are constantly being developed. Real-time and in-memory encryption speed up encryption and decryption while using fewer resources. Encryption management is becoming a priority, especially among data services.
One concern is that quantum computers will invalidate encryption. Due to their sheer power, these new types of computers could take seconds to crack 128-bit keys. Fortunately, cryptographers are working on new types of encryption.
“Encryption is always evolving. There are already new encryption techniques that can withstand quantum-powered cracking,” says Calenborne.
Encryption is the bedrock of modern data security. It’s so pervasive that most companies don’t even need to think about it. They can rely on their technology partners to select and invest in the most suitable encryption technologies. Just remember not to let the bad guys in, says Wade:
“All the security in the world doesn’t help if you leave your front door unlocked. Companies must have a strong backup and security culture. Chat to your data management partners about the encryption they use and what you can do to ensure that encryption doesn’t get compromised. They should work to understand your risks and apply the best data strategies to keep you secure. Encryption is amazing—the right partners make sure it works for your business.”