The Importance of Encryption: Some Things Never Change
The concept of encryption has been around for centuries. Some say the first instance of it can be traced back to 700 BC when the Spartan military employed a scytale to communicate battle plans.
We humans have long had the desire to protect our important information and have worked to improve how we do so using ciphers and cryptography. By the 1970s we had created a key algorithm for encryption (Data Encryption Standard or DES). Later the Advanced Encryption Standard (AES) was developed and then Pretty Good Privacy (PGP) in 1991. Modern encryption algorithms include:
- Triple DES
- RSA
- Blowfish
- Twofish
- AES
- OpenPGP
The Encryption Debates
The topic of encryption has been enjoying some mainstream fame in the last few years as law enforcement agencies and large tech companies debate access rights to data on personal devices. It has also come up frequently when discussing compliance regulations, such as the looming General Data Protection Regulation (GDPR), and the associated data protection measures.
Both discussions approach encryption from different angles. Law enforcement entities want to be able to access encrypted data when investigating crimes or trying to prevent them. Tech companies vacillate between wanting to protect their customers’ data and wanting to cooperate for the greater good.
When discussing compliance and general data security, encryption is steadily more about preventing breaches and leaks than just meeting regulatory requirements. According to a Global Encryption Trends study conducted by the Ponemon Institute, the need to protect specific data has displaced compliance as the primary reason for implementing encryption. That said, compliance is still a major motivator.
Data Protection at All Stages
While more companies realize encryption is a vital security component, it is still not applied consistently throughout the business world. The same study revealed only 43% of respondents claim to have an encryption strategy applied consistently across their enterprise. Businesses are dropping the encryption ball in one on place or another. They might protect data in transit, but not data at rest or vice versa. Or perhaps they are not encrypting data in public cloud services.
It’s important in today’s cyber-risky world that all of a business’ data is protected at its various locations and stages. This includes emails, storage, and file transfers. Using the right secure email solution and managed file transfer platform can help ensure your data is encrypted throughout its journey. It’s best if these tools offer multiple encryption options, including SFTP, PGP, and SSL/TLS.
More than Just Encryption
Encryption is just one part of an arsenal of security measures enterprises should use to protect sensitive data from prying eyes or mishaps. Other measures include employing firewalls, authentication, virus scanners, DLP tools, monitoring, data sanitation and data wiping, among others. Security testing and auditing are also essential.
If you can find a tool that offers all of these capabilities in one, then data security will be far easier for you to manage. Better still, find a solution that helps enforce security measures by disallowing low-security options, capturing compensating controls, and generating compliance audit reports. By using a solution that facilitates security and data protection, you can efficiently and effectively reduce your risk of breaches.
Related resources
The High Security Module (HSM) for Enhanced File Transfer™ (EFT™) helps organizations achieve or exceed security practices by the most rigorous standards. Transfer Data Within Compliance
Whether you’re managing data for a small to medium-sized business or you’re managing data for a multi-million dollar global enterprise, there are many proactive ways to take back control of data protection within your organization. Three Common Business Mistakes Hackers Love to Take Advantage of
The financial services company was able to enforce data security management best practices through Globalscape’s Open PGP encryption technology. Through EFT, the financial services company was also able to ensure that they continuously met regulatory compliance with the market leading PCI Data Security Standard. Over 2 Million Files Securely Transferred For Global Financial Services CompanyChoosing the right combination of protocol versions, key ciphers, MACs, and key exchange algorithms for your EFT platform. EFT Best Practices -- Optimal Configuration and Encryption