Owt trap, noitneverp ssol atad fo tra eht dna noitpyrcne (Encryption and the Art of Data Loss Prevention, Part Two)

With cyberthreats on the rise, and hackers becoming more sophisticated, strategies to protect your files are critical—and encryption is a tool too important to ignore. In our last post, we explained the basics and importance of data encryption. Now, we will dive a little deeper into the different types of encryption strategies and options.

Symmetric vs Asymmetric

If you delve into the world of encryption, the two terms you will commonly find are Symmetric and Asymmetric, which are two different encryption methods. Symmetrical encryption is the older of the two. With symmetrical encryption, both parties need the same code to read the same file. This code can be a word or a series of letters. One party enters a code to encrypt the document, and the second party enters the exact same code to open it. Simple, right? It’s like making a copy of the same key. But what if you don’t know the other party? How do you share the code? Do you email it? Send it in the mail? What if that code is intercepted or falls in the wrong hands?

Asymmetrical encryption on the other hand, uses two different encryption keys—one to lock it, and one to unlock it. This is also referred to as Public-key cryptography. One person has a public key, which encrypts the message or file, while the person on the other ends holds a private key—the only key that can decrypt it. With this approach, since the code does not need to be shared, there’s less risk of the key being swiped by someone else.

One even newer form of encryption that is growing in popularity is Elliptic curve cryptography. This is a form of public-key encryption that is practically unbreakable. It’s a complicated subject, and technology information provider Arstechnica does as good of a job as any in explaining how this works but it’s a bit too complicated to get into here and takes advantage of concepts such as Extended Euclidean algorithms.

How do you want to Encrypt?

Encryption can be simple or complex. It can take very little processing power, or quite a bit. You can encrypt everything or only some things. You can encrypt them only some places or every place. Here are the basic options.

  • Full disk encryption (FDE): An entire hard drive is automatically encrypted. This is particularly useful for a laptop or machine that could be stolen. There are intermediate options for disk encryption, as well—folder encryption, volume encryption, etc.—that aren’t quite full-disk encryption, but in between.
  • File encryption: a way to encrypt data on a file-by-file basis. This is helpful for individual files that have to be shared or protected, while others do not.
  • End-to-end (E2E) encryption: This obscures the content of messages while it is in transit, so only senders and receivers can read it. Such encryption is now embedded into platforms like Facebook Messenger and Apple’s iMessage.
  • Encrypted web connections: The familiar ‘https://’ at the beginning of most URLs (along with the small padlock icon) means your web connection is using Secure Sockets Layer (SSL) or transport layer security (TLS) protocols. This means the data you are sharing on that site, such as credit card numbers, are being encrypted.
  • Encrypted email servers: These are email servers that use S/MIME (Secure/Multipurpose Internet Mail Extensions) so they can send and receive encrypted messages, not just simple text messages.
  • Cloud Encryption: Cloud-Encryption software encrypts all data as it is stored on the cloud. It is still completely accessible (and vulnerable) on a computer, but not on the general network.

Key Management and Other Security Needs

As we detailed in our recent two-part posts on phishing strategies (Phishing Part One and Part Two), there are a great many malicious schemes out there, some more clever than others. So, having a solid encryption strategy will only go so far—you also need a system to keep your encryption keys safe. That’s why key management—the process of storing and keeping encryption keys protected but also accessible—is just as important as keeping the data itself safe.

Computer Weekly suggests the following protocols be kept in place:

  • Have one point of contact for cryptography; don’t spread it among operational users.
  • Ensure the central key repository is well protected.
  • Decide whether your outsourcer will have any role in key management, such as key pair generation, recovery of keys and escrow access.
  • Decide whether information security should manage keys as well as encryption policy.

What you need to know

As the data loss prevention experts at Digital Guardian wrote, “Companies and organizations face the challenge of protecting data and preventing data loss as employees use external devices, removable media, and web applications more often as a part of their daily business procedures. Sensitive data may no longer be under the company’s control and protection as employees copy data to removable devices or upload it to the cloud.”

Fortunately, you don’t need to be an expert on encryption and algorithms—you just need a partner that is. At Single Path, we’re adept at providing security offerings and tools for our clients, so that they are prepared for and protected against malicious attacks. We also provide proactive desktop and network infrastructure patch management, Security Risk Assessment, Managed Firewall Services and more. We’ll keep your data safe, and your organization worry-free.

Ask us how to get started!