General Data ProtectionRegulation (GDPR) for the U.S.

Why encryption is an important element in data security


What is encryption?

Encryption is the process of encoding information in a way that prevents unauthorized parties from being able to read it.

Key length and encryption strength

Encryption strength is most commonly equated to key length (bits) and the encryption algorithm used. The simplest way to defeat encryption is to try all the possible keys. This is known as a brute-force attack, but longer keys have made this approach ineffective.

To brute force a 128-bit AES key, every one of the roughly 7 billion people on Earth would have to check 1 billion keys a second for around 1.5 trillion years to test every key.

So attackers do not typically try to reverse-engineer the algorithm or brute force the key. Instead, they look for vulnerabilities in the encryption software, or attempt to infect the system with malware to capture passwords or the key as they are processed.

To minimize these risks, you should use an independently validated encryption product and run an advanced, up-to-date anti-malware solution.

How does it work?

Encryption is applied, most commonly, in two different ways:

Encrypted storage – often referred to as ‘data at rest’ – is most commonly used to encrypt an entire disk, drive or device.

This type of encryption becomes effective only once the system is stopped, the drive ejected or the encryption key blocked.

Encrypted content also referred to as granular encryption – means, typically, encrypting files or text at the application level.

The most common example is email encryption, where the message format must remain intact for the email client application to be able to handle it, but the text body of the email is encrypted along with any attachments.

What do I need from encryption?

While key length and the range of software features are important, they do not tell you how well a product will perform from the user’s point of view – or from the administrator’s.

FIPS - 140 Validation

The most widely accepted independent validation is the FIPS-140 standard. If a product is validated to FIPS-140 then it is already more secure than most situations demand and will be acceptable under the GDPR and other regulations.

Ease of use for non-technical users

There will always be situations where your employees will need to decide whether or not to encrypt a document, email, etc. It is vital that they are able to use the software provided and can be confident that encrypting data will not lock them – or authorized recipients – out.

Remote management of keys, settings and security policy

To avoid staff having to make security decisions, encryption can be enforced everywhere – but this tends to restrict legitimate business processes and can stifle productivity. The inclusion of a remote management capability – one that allows changing of encryption keys, functionality or security policy settings for remote users, who typically represent the biggest security issue – means that the default settings for enforced encryption and security policy can be set higher without limiting normal processes elsewhere in the business.

Management of Encryption Keys

One of the biggest usability challenges is how users are expected to share encrypted information. There are two traditional methods:

Shared passwords, which suffer from being easy-to-remember-and-insecure or impossible-to-remember-and-secure-but-written-down-or-forgotten.

Public-key encryption, which works well across smaller workgroups with no or low staff turnover, but becomes complex and problematic with larger or more dynamic teams.

Using centrally-managed, shared encryption keys avoids these problems, with the added bonus of mirroring the way that physical keys are used to lock our houses, apartments, cars, etc. Staff already understand this concept, and it only needs explaining once. Coupled with a premium remote-management system, shared encryption keys strike the optimum balance of security and practicality.

Try ESET Endpoint Encryption for free

Complete your contact info below to receive a free trial of ESET Endpoint Encryption

We use cookies to ensure you get the best experience on our website. More info.