Encryption is the process of encoding a message so it can be read only by the intended recipient.
As discussed in a previous blog article, data encryption is an important and fundamental practice that firms should be engaging in to protect their data. This article takes a look at some of the key aspects of data encryption and how a firm can get started.
It’s important to be aware of two main types of data encryption that can be implemented in your firm:
This type of encryption uses a single key to both encrypt and decrypt a message or file. In order to read the information, the intended recipient must have access to the key.
Symmetric keys are algorithms comprised of a combination of text, numbers, and symbols that is created to lock and unlock data files. Like passwords, a user needs to enter the key on a particular file in order to lock or unlock the information.
The main disadvantage of symmetric encryption is its use of a single key to encrypt and decrypt files. This can compromise the security of the files and the key itself as multiple people will need access to it.
Assymmetric encryption uses two keys where a “public” key is used to encrypt a file and a “private” key is used for decrypting a file.
Most encryption is done asymmetrically as it is considered a safer option. While the public key is known by the sender and recipient, the private key is known only to the recipient which they then use to decrypt the file.
This method helps to cut down on the number of security breaches and ensure that only the intended recipient’s private key works on the encrypted file.
What Should I Encrypt?
A firm can choose to encrypt a variety of different components within their infrastructure. From small-scale encryption such as file and desktop to large scale encryption such as server, database, and application. With encryption, a firm is able to protect their data at all levels of the organization.
When a firm decides to implement data encryption, there are some important factors to keep in mind:
- Never use a proprietary algorithm since the company who owns the algorithm can access your data
- A good algorithm relies on the strength of the key and its implementation into the system infrastructure
- Encryption does not take human fallibility into account. For example, people give away or lose their keys or passwords which can compromise their data’s security
- Ensure continuity by keeping track of who has access to keys, sensitive firm data, etc.
- Encrypted data is not 100% secure. Employ best practices and common sense on who should have access to your data.
Whether or not you decide to implement data encryption within your firm, it is important to have as much information as possible to determine if it is a best practice for your firm.
Courtney Rosebush is a Marketing and Sales Coordinator at Triella, a technology consulting firm specializing in providing technology audits, planning advice, project management and other CIO-related services to small and medium sized firms. Courtney can be reached at 647.426.1004 x 227. For additional articles, go to www.triella.com/publications. Triella is a VMware Professional Partner, Microsoft Certified Partner, Citrix Solution Advisor – Silver, Dell Preferred Partner, Authorized Worldox Reseller and a Kaspersky Reseller.
© 2016 by Triella Corp. All rights reserved. Reproduction with credit is permitted.