Encryption. It’s a word we hear frequently in the media. Encrypted applications should have backdoors, insists one popular publication. No, it should not, insists another. Make sure you encrypt your data a newspaper tells you. Make sure you encrypt your sensitive data but you don’t need to encrypt all your data, another advises. It’s a sexy word, a hot topic. I think, loosely, we all know what many people mean when they talk about encryption—protection of data and information. But what is it actually and why is it so important? Below, are some thoughts.
Simply put, encryption is the translation of data into a secret code. But that’s a fairly modern definition and encryption goes way back. Historically (and today, as well) encryption is the act of scrambling communication so that only the intended recipient can read it. Early tools, like the Scytale—a tool used by the ancient Greeks — allowed users to wrap a strip of parchment around a rod, write the message, and then when unwound, the message would not make sense, unless the recipient had a rod of the same diameter to read the message. Ancient Romans used the Caesar cipher, by this process each letter in the message would be replaced by a letter a set number of positions to the left or right in the alphabet (for example, a left shift of 2 would mean B is D, F is H etc.). More recently, and quite famously, Nazi Germany used a cipher machine call The Enigma to transmit encrypted messages. The eventual cracking of these messages was key to Allied forces victory.
Encryption today is more or less the same thing—encoding a message or information so that only intended parties can access it. These days we see it in use with online transactions and messaging. A common analogy for encryption is the digital version of sending a message in a locked case. Only people with the correct key can unlock the case.
Two critical kinds of encryption are symmetric key algorithms and asymmetric key algorithms.
Symmetric encryption uses identical keys for both encryption and decryption. As this article explains through analogy, Alice locks her message in a box using her key and sends it to Bob to open, which they do using an identical key. Bob then uses that same identical key to lock the box and send his response back to Alice. In asymmetric encryption, or public-key cryptography, Bob and Alice have separate locks for the boxes they send messages back and forth to each other in. Bob sends Alice his lock (open), and Alice puts the message in the box and locks it using Bob’s lock. Bob can then use his personal key to unlock the box and read the message. In order to respond, Bob must get Alice’s padlock (unlocked) so that he can use to it to lock the box with the response message. Once Alice receives the box, she can unlock it with her personal key. In this situation, Bob and Alice do not have copies of each other’s keys, making it more difficult for a third party to copy one of these keys. Even if one of their keys were copied—let’s say Bob’s—Alice’s messages to Bob would be compromised, but they would not be compromised to anyone else because that key belonged to Bob alone.
It’s easy to take a cursory glance at encryption and think oh that’s not for me I don’t communicate sensitive information. But chances are, you do. There is a myriad of situations in which people, organizations and companies of all sizes communicate sensitive information and should be using encryption. Journalists working with sources, politicians discussing strategy, doctors sharing patient information, lawyers advising their clients…the list could go on. Even the average person shares sensitive information on-the-go—their social security number, their passport number, bank account number or the passcode to enter the garage. Encryption is not a tool for a select group of people, it’s for everyone.
It’s important to note though, that when it comes to handling sensitive information, Encryption is step one—it is foundational for security. You don’t install a lock on your house but then walk around outside with your prized possessions hanging freely out of your pockets. There are security best practices you can adopt—learning to recognize when a website or email is fishy, making sure not to connect to unprotected wifi. On the tools side, even if your messages are encrypted, that doesn’t stop people from screenshotting, forwarding, or sharing them with malicious third parties. Be careful who you share sensitive information with. Verify that you’re messaging the correct person. In fact, encryption is not the only step to be aware of, as Vaporstream CEO discusses why encryption is not enough in this recent blog post. Adoption of applications like Vaporstream which combine encryption with sender control—can be game changing for an organization looking to protect against data leaks and surveillance.
To find out more about why encryption is not enough, how Vaporstream can help secure your data, or to see Vaporstream in action contact us.
Contributor- The Vaporstream Team