What is Encryption?
Encryption is a method of encoding data (messages, PII data, PHI files, etc.) so that it is unusable or unreadable until it is decrypted. It is, in fact, a crucial layer of protection that can greatly reduce the risk of a breach. When encryption is put in place, only the authorized parties with keys (symmetric or asymmetric) can read or access that data.
Because encryption renders information unreadable to any unauthorized party, the information remains private and confidential, whether being transmitted or stored on a system. Unauthorized parties will see nothing but an unorganized assembly of bytes. Encryption technology therefore can provide assurance of data integrity, as some algorithms offer protection against forgery and tampering.
The ability of this technology to protect information requires that the encryption and decryption keys be properly managed by authorized parties.
A robust cybersecurity program ensures that encryption methodology can be integrated with your existing business technology.
How Does Encryption Work?
How Encryption works: Symmetric vs. Asymmetric Key Systems
Complex algorithms, or sets of rules, are used to scramble the data being sent from plaintext into ciphertext. Once received, the data can then be decrypted only by using the key provided by the message originator.
Cryptographic key systems are essential to encryption technology. The two primary systems are symmetric and asymmetric.
- Symmetric key system: Also known as a “secret” key system, a symmetric key system requires all parties have the same key. The same key can be used to both encrypt and decrypt messages and must be kept secret or the security of the messaging is compromised.
For all parties to have the same key, there must be a way to securely distribute the key. While this can be done, the security controls needed can make this system quite impractical for widespread and commercial use on an open network, like the Internet.
- Asymmetric key system: This system, also known as a public/private key system, solves the distribution problem inherent in the symmetric key system. In this system, two keys are used. One key is kept secret, or “private,” while the other key is made widely available to anyone needing it and is referred to as the “public” key.
- Both the public and private keys are mathematically related so that information encrypted with the public key can only be decrypted by the corresponding private key.
Types of Encryption
The type of encryption organizations need is determined often by the type of information needed to be protected. Here’s a brief roundup of a few of the key encryption algorithms.
AES (Advanced Encryption Standard)
This popular cipher is used by many public and private organizations. In fact, the US Government uses AES to keep its classified data secure, even information designated “Top Secret.” It is considered the Federal Information Processing Standard (FIPS).
As a symmetric, block cipher, AES encrypts blocks of text versus individual characters as some ciphers do. An identical key is used for both encryption and decryption, which explains the symmetry.
AES comes into play when transferring files via HTTPS, as well as in support of SSL encryption, and with the WPA2 protocol.
DES (Data Encryption Standard)
This is an older symmetric key, block cipher encryption standard that has been found less secure than its more evolved 3DES, or Triple DES, version. With its short (56-bit) algorithm, it is vulnerable to brute force attacks. This standard has been withdrawn by the National Institute of Standards and Technology (NIST) and not recommended.
Also known as 3DES, this method applies the DES algorithm to messages three consecutive times for better security against brute force attacks. As a symmetric key cipher, 3DES uses the same key for both encryption and decryption. In most use cases, however, AES provides better protection.
It is expected that the NIST will deprecate this algorithm in the next few years, so it’s recommended other algorithms be used.
RSA is a type of asymmetric encryption that uses a public-key scheme, where one of the keys can be given to anyone, but the other key is more privately held. Messages are encrypted with a public key and can only be decrypted using a private key, which must be kept secret. RSA is useful for situation where there is no opportunity to securely distribute a key before a message is encrypted and sent. This encryption algorithm is also often used in combination with other encryption methods, as well as for digital signatures. It isn’t usually put to use for encrypting entire messages or files as it is quite resource heavy. Some email, VPNs, chat, and other communication channels continue to use it.
SSL (Secure Sockets Layer)
This technology helps keep an internet connection secure, thereby keeping the data being sent between two systems secure. It is often referred to as SSL/TLS. SSL works between systems such as a client and server or server to server. SSL certificates on a website are evidence of a secure, encrypted connection.
An SSL certificate helps establish trust in a secure connection. Trusted websites with SSL certificates often display the padlock symbol.
A public and a private key are used together for an encrypted connection. A third key, the session key or SSL Handshake, occurs invisibly when a browser attempts to access a SSL-secured website. Anything encrypted with the public key can only be decrypted with the private key.
TLS (Transport Layer Security)
Also known as SSL/TLS, TLS is a more secure, current version of SSL. This security protocol ensures privacy and data security for Internet communications (communications between web applications and servers). It can also be used to encrypt other forms of communications, including email and voice over IP. Any website that uses HTTPS uses TLS encryption; and most reputable ones do and should. You’ll know you have TLS encryption in place when you see the HTTPS padlock symbol (or TLS/SSL certificate) on a website.
A TLS connection or TLS handshake is formed with a session key via public key cryptography.
Encryption Solutions from Fortra
Fortra's security suite delivers robust solutions – from managed file transfer, digital rights management, and encryption for IBM i to adaptive data loss prevention and threat protection – for a wide range of encryption needs. Fortra delivers three layers of cybersecurity defense to provide the highest level of protection for your sensitive data at rest and in transit.
Combining automation and security helps ensure the risk of human error is minimized – no matter what platform you’re using. And, you can be assured that working with one solution provider, like Fortra, is a more streamlined, customer-focused experience.
GoAnywhere Managed File Transfer (MFT)
With GoAnywhere in place you can secure, automate, and manage all your file transfers through one dashboard-friendly interface. Plus:
- Create your own multi-step, custom workflows to truly manage, transfer, encrypt, and process sensitive files.
- Allow trading partners to securely connect and exchange files with your organization
- Schedule file transfers to run at future dates and times
- Ensure industry compliance with robust reporting and auditing capabilities
GoAnywhere easily integrates with Clearswift DLP to deliver secure file transfers at rest and in motion.
Clearswift Adaptive Data Loss Prevention (A-DLP)
Clearswift’s DLP solution helps prevent business interruption while enabling organizations to gain more visibility and take tighter control of their critical information. Plus, it provides:
- Data redaction to replace sensitive text with a series of asterisks to protect PII, PCI, HIPPA, and sensitive information from being received or sent out.
- Document sanitization to remove risky metadata from documents
- Structural sanitization to detect and remove active code from emails and attachments
- Optical character recognition to detect and redact text in images
Powertech for IBM i
With Powertech in place, you get automated security and compliance solutions and more for Linux, AIX, and IBM i. You can meet auditor requirements and harden your system to protect business-critical data. Powertech delivers:
- Identity and access management
- Virus protection
- Identity and access management
- Virus protection
- Security and integrity monitoring
- Security policy management
- Intrusion prevention and detection
- Vulnerability assessment
- IBM i security
- Cloud security
Vera Digital Rights Management (DRM)
With robust policy enforcement, strong encryption, and strict access controls, Vera's data-centric security solution enables teams to collaborate freely on files while ensuring the highest levels of security, visibility, and control. Vera uses a secure, HTML shell to protect each of your most sensitive files. Vera encryption includes:
- AES 256-bit encryption for data at rest
- TLS 1.2 and SSL 3.0 to protect customer data in transit
- Protection for any file type, from PDFs and Microsoft Office files to CAD and video files
With Vera's active file protection, you can ensure that your sensitive data is always secure, even while in use. File protection is behind the scenes and seamless for end-users but provides granular visibility and centralized control to those who need it.