What Is Encryption?
Encryption is a form of data security in which information is converted to ciphertext. Only authorized people who have the key can decipher the code and access the original plaintext information.
In even simpler terms, encryption is a way to render data unreadable to an unauthorized party. This serves to thwart cybercriminals, who may have used quite sophisticated means to gain access to a corporate network—only to find out that the data is unreadable and therefore useless.
Encryption not only ensures the confidentiality of data or messages but it also provides authentication and integrity, proving that the underlying data or messages have not been altered in any way from their original state.
How Encryption Works
Original information, or plain text, might be something as simple as "Hello, world!" As cipher text, this might appear as something confusing like 7*#0+gvU2x—something seemingly random or unrelated to the original plaintext.
Encryption, however, is a logical process, whereby the party receiving the encrypted data—but also in possession of the key—can simply decrypt the data and turn it back into plaintext.
For decades, attackers have tried by brute force—essentially, by trying over and over again—to figure out such keys. Cybercriminals increasingly have access to stronger computing power such that sometimes, when vulnerabilities exist, they are able to gain access.
Data needs to be encrypted when it is in two different states: "at rest," when it is stored, such as in a database; or "in transit," while it is being accessed or transmitted between parties.
An encryption algorithm is a mathematical formula used to transform plaintext (data) into ciphertext. An algorithm will use the key to alter the data in a predictable way. Even though the encrypted data appears to be random, it can actually be turned back into plaintext by using the key again. Some commonly used encryption algorithms include Blowfish, Advanced Encryption Standard (AES), Rivest Cipher 4 (RC4), RC5, RC6, Data Encryption Standard (DES), and Twofish.
Encryption has evolved over time, from a protocol that was used only by governments for top-secret operations to an everyday must-have for organizations to ensure the security and privacy of their data.
Types of Encryption
There are many different types of encryption, each with its own benefit and use case.
In this simple encryption method, only one secret key is used to both cipher and decipher information. While the oldest and best-known encryption technique, the main drawback is that both parties need to have the key used to encrypt the data before they can decrypt it. Symmetric encryption algorithms include AES-128, AES-192, and AES-256. Because it is less complex and executes faster, symmetric encryption is the preferred method for transmitting data in bulk.
Also known as public key cryptography, asymmetric encryption is a relatively new method that uses two different but related keys to encrypt and decrypt data. One key is secret and one key is public. The public key is used to encrypt data, and the private key is used to decrypt (and vice versa). Security of the public key is not needed because it is publicly available and can be shared over the internet.
Asymmetric encryption presents a much stronger option for ensuring the security of information transmitted over the internet. Websites are secured using Secure Socket Layer (SSL) or Transport Layer Security (TLS) certificates. A query to a web server sends back a copy of the digital certificate, and a public key can be extracted from that certificate, while the private key stays private.
Data Encryption Standard (DES)
DES is a deprecated symmetric key method of data encryption. DES works by using the same key to encrypt and decrypt a message, so both the sender and the receiver must have access to the same private key. DES has been superseded by the more secure AES algorithm. It was adopted by the U.S. government as an official standard in 1977 for the encryption of government computer data. It can be said that DES was the impetus for the modern cryptography and encryption industry.
Triple Data Encryption Standard (3DES)
The Triple Data Encryption Standard involved running the DES algorithm three times, with three separate keys. 3DES was largely seen as a stopgap measure, as the single DES algorithm was increasingly becoming seen as too weak to stand up to brute force attacks and the stronger AES was still under evaluation.
Rivest-Shamir-Adleman (RSA) is an algorithm and the basis of a cryptosystem—a suite of cryptographic algorithms used for specific security services or purposes. This enables public key encryption and is often used by browsers to connect to websites and by virtual private networks (VPNs). RSA is asymmetric, in which two different keys are used for encryption: one public and one private. If decryption is carried out with the public key, encryption is performed with the private key, or vice versa.
Advanced Encryption Standard (AES)
Developed in 1997 by the National Institute of Standards and Technology (NIST) as an alternative to the Data Encryption Standard, the Advanced Encryption Standard is a cipher chosen by the U.S. government to protect sensitive information. AES has three different key lengths to encrypt and decrypt a block of messages: 128-bit, 192-bit, and 256-bit. AES is widely used for protecting data at rest in such applications as databases and hard drives.
Encryption in the Cloud
Cloud encryption is a service offered by cloud storage providers in which data is first encrypted using algorithms before being pushed to a storage cloud. Customers of a cloud storage provider must be aware of and comfortable with the level of depth of the provider's policies and procedures for encryption and encryption key management.
Because encryption consumes more bandwidth, many cloud providers only offer basic encryption on a few database fields, such as passwords and account numbers. This is often not enough for some organizations. So they rely on a Bring Your Own Encryption (BYOE) model in which they use their own encryption software and manage their own encryption keys to ensure a level of cloud computing security they are comfortable with.
As an opposite approach, Encryption as a Service (EaaS) has emerged as a simple, pay-as-you-go service customers can purchase from a cloud provider, managing encryption themselves in a multi-tenant environment.
End-to-end encryption (E2EE) ensures that only the two users communicating with one another can read the messages. Even the intermediary, such as the telecom or internet service provider, cannot decrypt the messages. E2EE is generally seen as the most secure way to communicate privately and securely online. Examples of E2EE in use include the WhatsApp messaging service, which famously asserts that users' messages are secured with "locks."
Attackers will still attack even when they know that data or devices are encrypted. They figure that with some effort, they might get through. For many years, weak passwords served as the impetus for attackers to keep trying, as some sophisticated software could sooner or later figure out passwords.
Such brute force attacks have become more sophisticated, as attackers hope that by making thousands or even millions of guesses, they will figure out the key for decryption. However, most modern encryption methods, coupled with multi-factor authentication (MFA), are helping organizations to become more resistant to brute force attacks.
The Benefits of Encryption
Encryption has become an enormous asset to organizations, allowing them to confidently offer a more secure experience for employees, customers, and other stakeholders.
Privacy and Security
Encryption can prevent data breaches. Even if an attacker maliciously gains access to a network, if a device is encrypted, the device will still be secure, rendering attempts by the attacker to consume the data useless. Encryption ensures no one can read communications or data except the intended recipient or data owner. This prevents attackers from intercepting and accessing sensitive data.
Encrypting data allows organizations to protect data and maintain privacy in accordance with industry regulations and government policy. Many industries, especially those in financial services and healthcare, have explicit rules on data protection. For example, the Gramm-Leach-Bliley Act requires financial institutions to let customers know how their data is being shared and also how their data is remaining protected. Encryption helps financial institutions comply with this act.
Secure Internet Browsing
Encryption also keeps users safe while browsing the internet. Earlier in the internet's history, attackers found ways to steal unencrypted information sent between users and web services over the Hypertext Transfer Protocol (HTTP). The standard to encrypt web content by running HTTP over the Secure Socket Layer protocol emerged, soon to be replaced with the Transport Layer Security protocol, enabling enterprises, publishers, and e-commerce providers to offer a secure experience for users.
With encryption, users feel safer entering personal information into webpages and carrying out financial or e-commerce transactions.
Encryption Keeps Sensitive Data Safe
Encryption will continue to be a core security feature in everything from video chats to e-commerce to social media. Basically, if it can be shared or stored, it will be encrypted. Both organizations and individual users would benefit from keeping on top of encryption standards to ensure that both their personal and professional data is safe from misuse or compromise.
How Fortinet Can Help
FortiGate next-generation firewalls (NGFWs) help organizations ensure that malware does not slip into encrypted network traffic using SSL deep inspection and threat protection. The VPN built into FortiGates encrypts traffic in transit.