Encryption is a critical tool that businesses like yours use to protect data, establish trust, and maintain regulatory compliance. Whether you realize it or not, encryption is used in nearly every digital business interaction. In fact, when you clicked a link to read this article, your web browser used a form of encryption to ensure your connection to our website is secure.
If you're struggling to understand how your business can benefit from encryption, you're not alone. According to our research, nearly one in four IT professionals say unencrypted data is one of the top security vulnerabilities their company is facing. Read on to learn about common encryption methods, the ways in which they’re used, and how you can implement them.
(See our survey methodology at the bottom of the page.)
Encryption software converts large volumes of data into cryptic text or numbers using algorithms. Only those people or systems with the decryption key can decipher the encrypted data.
A four-bit key uses 2^4 (i.e., 2 to the power of 4) combinations. That means a four-bit key only has 16 possible combinations, which makes the key easy to guess and thus insecure. That’s why the current standard is a 256-bit key that uses 2^256 possible combinations, a 78-digit number that results in very strong encryption.
To be clear, when we talk about key strength, we’re essentially talking about how well it can withstand a brute force attack whereby a hacker tries endless combinations of characters to guess the correct combination. The more possible combinations, the longer a brute force attack will take.
There are two fundamental types of encryption: symmetric encryption (which uses a single key) and asymmetric encryption (which requires two keys).
Symmetric encryption: A symmetric key encryption scheme uses a single symmetric key to both encrypt and decrypt data. The key needs to be shared with all authorized people. While symmetric encryption is much faster and less resource-intensive than its asymmetric counterpart, it’s also less secure.
Symmetric encryption is useful when processing speed is important (payment transactions) or if you don't need to share the data with another party (personal backup drive).
Asymmetric encryption: Also called public key cryptography, this encryption method uses two separate keys. One key is made public (shared with everyone) and one key is kept private (known only to the key’s generator). The public key is used to encrypt the data and the secret key is needed to decrypt it.
Asymmetric encryption offers more security than symmetric encryption, but it might be overkill for some purposes and its processes can slow down transactions, networks, and machines.
Hashing is often confused with encryption but the two are quite different. Encryption’s purpose is to transmit or store data securely, whereas hashing is used to verify data. Hashing allows you to verify data is correct without needing to see it.
For example, when you enter a password into a website, the plain text will typically be converted to a fixed output using a hashing algorithm (also called a hash function). Instead of checking to verify the password itself is correct, the system checks to verify that the hashed output is correct. This way, the password is never actually revealed.
Unlike encryption, which is meant to be unscrambled using a key, a hash value is virtually impossible to revert back to the original input value.
Different encryption methods are based on the type of keys used, key length, and size of data blocks encrypted. Here are some of the common encryption methods that you might see used in various encryption tools:
Advanced Encryption Standard is a symmetric encryption algorithm that encrypts fixed blocks of data (of 128 bits) at a time. The keys used to decipher the text can be 128-, 192-, or 256-bit long. The 256-bit key encrypts the data in 14 rounds, the 192-bit key in 12 rounds, and the 128-bit key in 10 rounds. Each round consists of several steps of substitution, transposition, mixing of plaintext, and more. AES encryption standards are the most commonly used encryption methods today, both for data at rest and data in transit.
Rivest-Shamir-Adleman is an asymmetric encryption algorithm that is based on the factorization of the product of two large prime numbers. Only someone with the knowledge of these numbers will be able to decode the message successfully. RSA is often used when transmitting data between two separate endpoints (e.g., web connections), but works slowly when large volumes of data need to be encrypted.
Triple DES is a symmetric encryption and an advanced form of the DES method that encrypts blocks of data using a 56-bit key. Triple DES applies the DES cipher algorithm three times to each data block. Triple DES is commonly used to encrypt ATM PINs and UNIX passwords.
Twofish is a license-free encryption method that ciphers data blocks of 128 bits. It’s considered the successor to the 64-bit Blowfish encryption method and more versatile than its specialized successor, Threefish. Twofish always encrypts data in 16 rounds regardless of the key size. Though it works slower than AES, the Twofish encryption method continues to be used by some file and folder encryption software solutions.
Whether your data is at rest in a database or in-transit via email, it needs to be encrypted. Here are a few scenarios for which businesses commonly use encryption to secure their information:
Online payments: PCI-DSS standards mandate that payment card data (stored as well as in-transit forms) be encrypted using algorithms such as AES-256.
Data in the cloud: In public and hybrid cloud models, your data resides at a third-party data center. Any attack on co-tenants of that data center can result in your data getting exposed too. Encrypting your data in the cloud prevents hackers from being able to read it correctly. Your cloud provider will also be unable to spy on your data if you alone have the encryption key. Check with your cloud provider to understand what security measures it offers.
Databases: Encrypting databases help to restrict external hackers as well as insiders from seeing specific organizational data.
Emails: Email encryption helps to protect sensitive information sent through email channels. Public key encryption methods along with digital certificates are the typical methods used for securing email communication.
Building and implementing an encryption strategy is a collaborative effort between your IT, operations, and management teams. Here are some steps that’ll help you build an effective encryption strategy:
Classify data: First, you need to identify what data to encrypt. Understand and classify different types of data you transmit and store (e.g., credit card numbers, customer information, company proprietary data) based on sensitivity, use, and regulatory impact.
Identify the right encryption tools: In most cases, you won't need to implement separate encryption software. Encryption features are present in commonly used apps and security tools such as email security , payment gateways , and cloud security software. But for encrypting databases or sensitive individual files, you might need separate encryption tools.
Implement strong key management practices: If your keys fall into the wrong hands, your data security is at stake. You need to keep an inventory of all your encryption keys, along with information on who has access to them and how and when the keys have been used. Key management solutions help you to store and manage encryption keys.
Understand the limitations of encryption: Encryption does not help you prevent or detect cyberattacks, but it does reduce an attack’s impact by ensuring hackers are unable to read your data. Along with encrypting data, it is also important to implement other strong cybersecurity and intrusion detection measures such as firewalls and endpoint protection tools.
GetApp’s 2020 Data Security Survey was conducted from September 10 to September 11 among 868 respondents who reported full-time employment. Of the 868 respondents, 267 identified as IT professionals.
Explore by topic