Data Security

Data Encryption 101: A Guide to Data Security Best Practices

Data is information. It can be a message, a photo or a file. We encrypt data to keep it confidential. Learn everything you should know about data encryption with Prey.

By
Hugh
Taylor
March 29, 2021

What Is Data Encryption?

Data encryption consists of hiding information from malicious actors or anyone else with prying eyes.

Data is information. It can be an email message, the contents of a database, or a file stored on a laptop.

We encrypt data to keep it confidential. Data encryption is part of a broader class of cybersecurity countermeasures known as data security. Data security is all about keeping our data safe from unauthorized access, ransomware lockup (which is a malicious form of encryption), breach, or malicious corruption, i.e., changing data to make it useless.

How Does Data Encryption Work?

Modern data encryption is a form of cryptography, an ancient technique of hiding information by substituting one character for another. The word ‘encryption’ is a blend of English and Greek that means “in hidden” or, more loosely, “in hiding.”. Encryption works through a complex mathematical algorithm known as a data encryption cipher. Like the secret decoder ring found in your child’s cereal box, the cipher algorithm transforms normalized data (i.e., plaintext) into a sequence of ostensibly random, unrecognizable characters known as “ciphertext.” 

The ciphertext is unreadable. The phrase, “Hi, how are you?” might encrypt into a ciphertext that reads, “8363, 5017, 11884, 9546.” To get back to “Hi, how are you” requires a process of decryption. 

Decoding information from ciphertext to plaintext is called decryption and involves the same algorithmic “key” that data encryption uses.

Infographic about data encryption

Who Needs to Use Data Encryption?

The answer is just about anyone. You don’t have to be a secret agent to want to keep your data confidential. In fact, you might be using encryption without even knowing it. Many technology services encrypt and decrypt your data so it will be safe when they use it. Businesses should encrypt data that could damage their financial results if it were breached. Individuals should encrypt sensitive personal data like their medical histories and social security numbers.

Data Encryption Solutions

There are two basic kinds of encryption solutions: Those for data at rest and data in transit.

At rest, data is information that is stored such as on servers or a computer hard drive. Data in transit means that email or internal system-to-system messages that carry data around your network are transmitting the information. 

Different solutions are available for data at rest versus data in transit. Systemically, each has its own impact. For data at rest, you have to configure any application that needs access to encrypted data with the means to decrypt it. There are quite a few data security solutions for this, such as Bitlocker (for Windows) or Firevault (for macOS). 

For data in transit, you have to arrange for both the sender and receiver to have to encrypt/decrypt capabilities. This type of encryption is known as end-to-end encryption or E2EE. These requirements create administrative burdens, and things can quickly become quite complex when you’re sending encrypted messages outside of your organization and so forth.

Common Data Encryption Methods

image of a screen with encrypted data

Let’s go over the most common data encryption methods and algorithms. The two most widely used methods for data encryption are public key, also known as asymmetric encryption and private key, or symmetric encryption. Both rely on key pairs, but they differ in the way the sending and receiving parties share the keys and handle the encrypt/decrypt process.

Public Key Encryption

With public-key/asymmetric encryption, the sender uses a publicly known key to encrypt the data. The receiver has the private key that forms the other half of the public/private key pair. The receiver can decrypt the data by using the private key in combination with the public key.

Private Key Encryption

In Private key/symmetric encryption, both sender and receiver have the same, secret key. As you might imagine, there’s a lot of management overhead involved in storing and transmitting secret keys.

Companies, encryption products, and government agencies make use of a number of different encryption algorithms today. These include:

  • Triple DES (3DES)—A modernization of the older, but highly influential Digital Encryption Standard (DES). 3DES takes DES’ 56-bit key size up to 168-bits, making it harder to crack, but also more compute-intensive to handle.
  • Advanced Encryption Standard (AES)—A symmetric cipher based on the Rijandael block cipher. It is used in the US federal government as well as in consumer technologies like the Apple Macintosh computer.
  • RSA—One of the first and most widely adopted modes of asymmetric cryptography for data in transit. It originated in 1977. RSA works through a public key based on two large prime numbers, along with an additional value used to encrypt the data.
  • Elliptic curve cryptography (ECC)—A powerful, not-well understood form of data encryption. It is faster than comparable algorithms, so it is favored by government agencies like the NSA.

Data Encryption Made Easy

How complicated is data encryption? It depends on how sophisticated your needs are. You can buy a simple encryption app for your laptop. That’s easy, if it’s just for you. If you’re managing encryption for a Fortune 500 corporation, it’s a job for a team of people and some pretty powerful, expensive tools.

Encryption best practices should align with your broader security policies. It makes no sense, and is too complicated and expensive, to encrypt everything. Data encryption requires specialized software tools. You usually have to purchase keys, either directly or by buying an encryption product that embeds the keys in its functionality. And, encryption slows down processes like emailing and data processing.

It makes sense to be selective about encryption. You should encrypt data which is sensitive, data that would have a negative impact on you or your business if it were breached, blocked by ransomware or corrupted.

How to Encrypt Your Data

You might wonder about actionable steps for basic data encryption on your devices. The good news is that many solutions are available at low or no cost. Android phones have full-device encryption if they run Android Gingerbread (2.3.x) or later. On Pixel Phones and Nexus 5+, encryption is by default. You have to turn it on on earlier versions of Android, but it’s there. Setting up encryption on an Android device involves configuring a lock screen PIN, pattern, or password. Then in Settings/App Settings, you choose Security & Location. Where it says “Encryption” on this screen, select “Encrypt Phone.” That’s all it takes. You can do this process in reverse-to-end encryption.

For your computer, you can encrypt your data at rest with solutions from companies like Symantec, Kaspersky, Sophos, and ESET. You can also get encrypted USB drives. In addition, email can be encrypted through products like DataMotion SecureMail software, Proofpoint Email Encryption, and Symantec Desktop Email Encryption.

Data Encryption Best Practices

Protect your encryption key

Although it should be very clear, it's possible to make mistakes that give unauthorized people access to your data. For instance, there is a considerable risk that someone may uncover your encryption key and cause havoc if you leave it in an unencrypted file on your computer. A few alternatives include:

  • Keeping the keys distinct from the data
  • Separating user roles and access restrictions
  • Rotating your keys periodically.

Evaluate data encryption

Making your data unreadable to unauthorized parties is only one aspect of effective data encryption; another is doing so in a way that makes good use of the available resources. Consider using a new algorithm or playing with the parameters in your data encryption tools if encrypting your data is taking too long or using too much CPU and memory.

Encrypt all sensitive data types

This should also be clearly obvious, but if you read the headlines about IT security, you are aware that many reputable businesses have been compromised simply because they left sensitive data unencrypted and allowed someone else to access it. Encrypting your data makes it much more difficult for someone who manages to hack into your systems to conduct bad things.

The Future of Data Encryption

Data encryption and data security are constantly evolving to keep up with a worsening threat environment. While brute force decryption may be hard, hackers can still steal keys or attack places in the data management chain where encryption is suspended. For example, data is almost always encrypted when it goes through a computer’s Central Processing Unit (CPU). This is changing now, with chip makers like Intel introducing encryption tools for their CPUs.

The future of data encryption promises more innovations. These include encryption algorithms that incorporate biometrics and voice recognition—a sort of unique, personal key, if you will. The industry is also introducing “Honey Encryption” traps that show a fake, but plausible plaintext when a hacker guesses at the decryption key. Blockchain, which is not, strictly speaking, a form of encryption, makes use of encryption-like algorithms to ensure the integrity of data that is stored using a blockchain framework. There is likely to be a lot more of this kind coming in the future.

Using Prey to Encrypt Your Data

From the same Prey Control Panel, you can manage BitLocker for disk encryption in Windows 10 Professional, Enterprise, or Education with a physical Trusted Platform Module (TPM) installed and active. With it, you can select the disk to encrypt, watch its progress and select your preferred security standard between AES128 and XTS_AES128.

Takeaways

Data encryption is a common and necessary element of cyber security, particularly data security. The process requires highly sophisticated technology, but solutions are becoming increasingly easy to use, at least at the consumer level. In some cases, like iOS, encryption happens whether the user knows it. For organizations, encryption should be part of the security mix to protect business-sensitive data.

About the author
Hugh
Taylor

Hugh Taylor is a Certified Information Security Manager (CISM) who has written about cybersecurity, compliance, and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google, and Advanced Micro Devices. He has served in executive roles at Microsoft, IBM, and several venture-backed technology startups. Hugh is the author of multiple books about business, security, and technology

On the same Issue

How to find your BitLocker recovery key

Struggling to find your BitLocker recovery key? We've got you covered! We provide a comprehensive guide on how to find your BitLocker recovery key.

April 26, 2023
keep reading
What is remote wipe and why you might need it 

Prevent data breaches with remote wipes. Discover the benefits and learn how to use this security feature. Read our comprehensive guide!

April 5, 2023
keep reading
What does factory resetting do: a complete guide

Learn how to perform a factory reset on your device. Find out what a factory reset does and how it can help you solve common problems. Read now!

April 4, 2023
keep reading
Data wiping for lost devices

Don't let your data fall into the wrong hands! Explore secure options for erasing data off corporate devices. Stay protected; read on now!

March 21, 2023
keep reading