preview.jpg

Data security is a complex architecture involving multiple layers of hardware, software, and expertise. It’s been packaged for the general public in ways that require nothing more than push-button installation. Anyone can set up encrypted Wi-Fi without doing more than setting a password.

While the user-friendly package is convenient, there’s good reason to learn more: you don’t always get what you think you’re paying for. Not all data security software is equal. Experts can easily spot security deficiencies, but can you? If not, it’s time to learn.

Data security software has limitations
Understanding email security in-depth provides the ability to identify where each piece of software falls short. For example, Azure RMS is a popular Microsoft 365 add-on that encrypts email messages using Transport Layer Security (TLS). Although Azure RMS encrypts email messages while in transit, once they reach Microsoft’s servers, they’re stored unprotected. Microsoft, or anyone with access to Microsoft’s servers, can access this data.

Unfortunately, unprotected data at any point makes it difficult to meet data privacy and compliance requirements (like HIPAA, CJIS, and EAR). Businesses with an IT security expert understand this dilemma and often use third-party add-ons like Virtru to cover what Azure RMS misses. Although it might seem redundant to use multiple pieces of software, experts do it, and here’s why:

There are multiple ways to encrypt data
Encryption scrambles text to make it unreadable by anyone who doesn’t have the keys to decode it. Years ago, encryption seemed like something reserved for computer geeks and the government. Today, it’s a must-have strategy for businesses and individuals to deter hackers from stealing data.

Saying data is encrypted isn’t saying much. Data that travels from one point to another might pass through multiple points along the way. If the data is decrypted before it reaches the final destination, it becomes vulnerable.

Incomplete encryption won’t be a problem for everyone, but for those bound by compliance laws like HIPAA, it’s enough to create a violation.

As explained in Upwork’s guide to encryption, data needs to be encrypted while it’s in transit and at rest.

There are multiple ways to encrypt data
Data can be encrypted in various ways. Hard drives can be programmed to automatically encrypt stored data. Files can be manually encrypted on an as-needed basis. Messages can be encrypted and sent to others who have the decryption keys. Websites use SSL or TLS protocols to encrypt data entered in forms, and email servers can be equipped with encryption software that applies to all accounts.

There are secret-key, or symmetric algorithms that use the same key for encryption and decryption, though it’s quite vulnerable. Public-key algorithms use asymmetric keys, which means the encryption and decryption keys are different.  

Block ciphers encrypt data in blocks rather than individual bits, and stream ciphers like Rabbit, W7, and RC4 encrypt plaintext one character at a time.

There are multiple algorithms for encryption
Encrypting data requires using an algorithm. There are multiple types of algorithms, some better than others.

DES was created by IBM in the 1970’s and was the first encryption algorithm approved by the government for public disclosure. This block cipher was easy to crack, and in 1999, the Electronic Frontier Foundation decrypted a message in 22 hours. Since then, many advanced algorithms have been created including:

  • Advanced Encryption Standard. You may have seen the AES option when setting up your Wi-Fi. AES is a block cipher, and is the gold standard according to the government. AES provides 128, 192, or 256-bit encryption for the ultimate protection.
  • RSA. This is a basic asymmetric algorithm that uses paired keys.
  • International Data Encryption Algorithm. IDEA is a block cipher that uses 128-bit encryption and isn’t easily broken.
  • Signal Protocol. This is an open-source, asynchronous encryption protocol.
  • Blowfish and Twofish. These block ciphers are used by ecommerce websites to encrypt payment information.
  • Ring Learning With Errors. This algorithm is a modification of elliptic curves and has a reputation for being unbreakable.

Key management is essential
Encrypted data that gets stolen can’t be read without decryption keys. Once someone has the key, they can read the data; therefore, securely storing your encryption keys is essential.

Data security experts know their field
There’s a reason experts have software preferences that aren’t always user-friendly, while the general public tends to prefer the simplest option. When in doubt, find out what the pros use to encrypt data and follow their lead.