Overview
Throw on any spy movie from years ago and you are guaranteed to get a scene where a code is being written or cracked in some clever manner. While ciphers, lemon juice as invisible ink, and number coding are fun, these methods are easily revealed and used more for entertainment purposes than real security.
What is Encryption?
Encryption is a way of encoding data so that only authorized parties can receive and understand the information. To successfully encrypt data, an encryption key (a set of mathematical values that both the sender and the recipient have access to) must be available to secure and decrypt the ciphertext upon request.
Generally, encrypted data is referred to as being “at rest” (stored digitally), or “in-transit” (sent through an email or a VPN). Another common term for “in transit” data is “data in use” (data that is subjected to frequent changes as in an operational database).
It is worth noting that not all phases of data need to be encrypted, by the letter of the law, but today most are, so it might be more advantageous to adopt this approach from a future-proofing perspective.
Encryption Strategies for “Data at Rest” Data “at rest” poses a growing concern for businesses and government institutions which have individuals who access this data through mobile devices, which also exposes database management systems and file servers to more risk in the event these devices are lost or stolen.
Encryption best practices typically include methods like AES or RSA:
“The encryption of data at rest should only include strong encryption methods such as AES or RSA. Encrypted data should remain encrypted when access controls such as usernames and passwords fail. Increasing encryption on multiple levels is recommended. Cryptography can be implemented on the database housing the data and on the physical storage where the databases are stored. Data encryption keys should be updated on a regular basis. Encryption keys should be stored separately from the data. Encryption also enables crypto-shredding at the end of the data or hardware lifecycle. Periodic auditing of sensitive data should be part of the policy and should occur on scheduled occurrences. Finally, only store the minimum possible amount of sensitive data.”
