- Unencrypted data can be read by anyone who has access to it whether this data is stored at rest or sit in between two locations in transit. It knows as plaintext or clear text data.
- The data is plain to see and can be seen and understood by any recipient. There is no problem with that as long as the data is not sensitive in any way and doesn’t need to be restricted.
- However, on the other hand, if you do have data that sensitive and you need to ensure the contents of this data are only viewable by a particular recipient or recipients. then you need to add a level of encryption to that data.
What is encryption?
- Data encryption is a mechanism in which information is altered, rendering the plaintext data unreadable through the use of a mathematical algorithm and encryption keys.
- When encrypted, the original plaintext data is now known as ciphertext which is unreadable. To decrypt the data, an encryption key is required to revert the ciphertext back into a readable format or plaintext.
- A key is a string of characters; the longer the key, the more robust in the encryption
- This encryption can be categorized as symmetric or asymmetric cryptography
- A single key is used to both encrypt and decrypt data.
- If the data was being read by a different person, that person would need to be issued the same key
- If the key is intercepted during the transmission, any data associated cloud be easily decrypted
- Some commonly used symmetric cryptography algorithms are AES (Advanced Encryption Standard), DES(Digital Encryption Standard), Triple DES (Triple Digital Encryption Standard), Blowfish
- Two separate keys, one to encrypt and another to decrypt created both at the same time
- The private key should be kept by a single party and should never be shared
- The public key can be shared with anyone without a secure transmission
- Both keys are required to decrypt the data
- Symmetric encryption is a lot faster from a performance perspective than asymmetric
- Symmetric cryptography carries additional risk
- Examples of asymmetric cryptography algorithms are RSA(Rivest-Shamir-Adleman), Diffie-Hellman, Digital Signature Algorithm
When should you use encryption?
- When sensitive data is stored at rest should be encrypted
- When your sensitive data is being moved, it should be done via a secure mechanism providing encryption in transit
- If encryption in transit is not possible, the data should be encrypted prior to transmission
- When you must adhere to specific compliance and legal controls to meet governing standards