With increasingly frequent and sophisticated cyber threats and data breaches, cybersecurity is crucial to every organization's data protection efforts today. TechTarget says data encryption is "a foundational element of cybersecurity."
However, a 2023 study by Thales Group found that only 20 percent of respondents reported that 60 percent or more of their cloud data is encrypted. The same study found that, on average, only 45 percent of sensitive data is encrypted. Overall, the report spotlights that significant amounts of sensitive data are unencrypted.
That is changing, and the numbers bear this out. Market Research Future projects that the data encryption market will grow from $13.4 billion in 2022 to $38.5 billion by 2023, a robust 16.3 percent CAGR.
With that in mind, let's dive into the various encryption technologies and what the future holds. That includes growing threats from quantum computers—and what the National Institute of Standards and Technology (NIST) is doing about it today.
How Encryption Works
Encryption is a way for data—messages or files—to be made unreadable, ensuring that only an authorized person can access that data. Encryption uses complex algorithms to scramble data and decrypt the same data using a key provided by the message sender. Encryption ensures that information stays private and confidential, whether it's being stored or in transit. Any unauthorized access to the data will only see a chaotic array of bytes.
Here are some essential encryption terms you should know:
Algorithm
Also known as a cipher, algorithms are the rules or instructions for the encryption process. The key length, functionality, and features of the encryption system in use determine the effectiveness of the encryption.
Decryption
Decryption is the process of converting unreadable ciphertext to readable information.
Key
An encryption key is a randomized string of bits used to encrypt and decrypt data. Each key is unique, and longer keys are harder to break. Typical key lengths are 128 and 256 bits for private keys and 2048 for public keys.
There are two kinds of cryptographic key systems, symmetric and asymmetric.
Symmetric Key Systems
Everyone accessing the data in a symmetric key system has the same key. Keys that encrypt and decrypt messages must also remain secret to ensure privacy. While it's possible for this to work, securely distributing the keys to ensure proper controls are in place makes symmetric encryption impractical for widespread commercial use.
Asymmetric Key Systems
An asymmetric key system, also known as a public/private key system, uses two keys. One key remains secret—the private key—while the other key is made widely available to anyone who needs it. This key is called the public key. The private and public keys are mathematically tied together, so the corresponding private key can only decrypt that information encrypted using the public key.
Encryption in Action
Here's an example of how encryption works with email-friendly software Pretty Good Privacy (PGP) or GnuPG—also known as GPG—for open-source aficionados. Say I want to send you a private message. I encrypt it using one of the programs listed below.
Here's the message:
wUwDPglyJu9LOnkBAf4vxSpQgQZltcz7LWwEquhdm5kSQIkQlZtfxtSTsmawq6gVH8SimlC3W6TDOhhL2FdgvdIC7sDv7G1Z7p
CNzFLp0lgB9ACm8r5RZOBiN5ske9cBVjlVfgmQ9VpFzSwzLLODhCU7/2THg2iDrW3NGQZfz3SSWviwCe7GmNIvp5jEkGPCG
cla4Fgdp/xuyewPk6NDlBewftLtHJVf=PAb3
Once encrypted, the message becomes a jumbled mess of random characters. But, equipped with the key I send you, you can decrypt it and find the original message:
"Come on over for hot dogs and soda!"
Whether it's in transit like our hot dog party email or resting on your hard drive, encryption keeps prying eyes out of your business—even if they gain access to your network or system.
The technology comes in many forms, with key size and strength generally being the most significant differences from one variety to the next.
Common Encryption Algorithms
1. Triple DES
Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm, which hackers eventually learned to defeat with relative ease. At one time, Triple DES was the industry's recommended standard and the most widely used symmetric algorithm.
Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts argue that 112 bits in key strength is more accurate. Despite slowly being phased out, Triple DES has mostly been replaced by the Advanced Encryption Standard (AES).
2. AES
The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations and is also found in Arcserve Unified Data Protection (UDP) software. Although it is highly efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.
AES is largely considered impervious to all attacks, except for brute force, which attempts to decipher messages using all possible combinations in the 128, 192, or 256-bit cipher.
3. RSA Security
RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet. It is also one of the methods used in PGP and GPG programs. Unlike Triple DES, RSA is considered an asymmetric algorithm because it uses a pair of keys. You have your public key to encrypt the message and a private key to decrypt it. RSA encryption results in a huge batch of mumbo jumbo that takes attackers a lot of time and processing power to break.
4. Blowfish
Blowfish is yet another algorithm designed to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually. Blowfish is known for its tremendous speed and overall effectiveness. Meanwhile, vendors have taken full advantage of its free availability in the public domain. You'll find Blowfish in software categories ranging from ecommerce platforms for securing payments to password management tools, where it protects passwords. It's one of the more flexible encryption methods available.
5. Twofish
Computer security expert Bruce Schneier is the mastermind behind Blowfish and its successor Twofish. Keys used in this algorithm may be up to 256 bits in length, and as a symmetric technique, you only need one key. Twofish is one of the fastest of its kind and ideal for use in hardware and software environments. Like Blowfish, Twofish is freely available to anyone who wants to use it.
NIST and the Future of Encryption
Cyberattacks constantly evolve, forcing security specialists to concoct new schemes and methods to keep them at bay. To fight back, the NIST has just announced four new standardized encryption algorithms, with three expected to be ready in 2024 and others to follow.
Started in 2016 as the NIST's Post-Quantum Cryptography Standardization project, these algorithms have been winnowed down from 69 submissions by cryptography experts in dozens of countries. Those algorithms that made the cut were then released for experts to analyze and crack if they could. Following multiple rounds of open and transparent evaluation, four were selected:
- CRYSTALS-Kyber (FIPS 203), designed for general encryption purposes, such as creating websites
- CRYSTALS-Dilithium (FIPS 204), designed to protect the digital signatures used when signing documents remotely
- SPHINCS+ (FIPS 205) is also designed for digital sinatures
- FALCON is also designed for digital signatures and is slated to receive its own draft FIPS in 2024.
Go Beyond Encryption
Whether it's protecting your data in transit or at rest, you should be certain that you include encryption in your lineup of security tools. But there's much more to data protection, from deep-learning cybersecurity to immutable backups that can't be altered or deleted by unauthorized users.
For expert help with all your data protection, business continuity, backup, and disaster recovery requirements, choose an Arcserve technology partner. Check out our free trials to see how easy to use and effective Arcserve solutions can be.
- curation
- cyber security
- data encryption
- Data Protection
- data security
- IT industry
As an enthusiast deeply entrenched in the realm of cybersecurity and data protection, my expertise stems from years of hands-on experience and a comprehensive understanding of the evolving landscape of cyber threats and defenses. I've closely followed industry reports, conducted in-depth research, and actively participated in discussions and forums related to data security. Now, let's delve into the concepts presented in the article with the precision and insight that comes from a genuine passion for the subject.
Encryption: A Fundamental Pillar of Cybersecurity
The article rightly emphasizes the critical role of cybersecurity in the face of increasingly sophisticated cyber threats and data breaches. Data encryption, described as a foundational element by TechTarget, serves as a primary line of defense in safeguarding sensitive information. The statistics from the 2023 study by Thales Group underline a concerning reality: only a fraction of cloud data is encrypted, with an average of 45 percent for sensitive data.
Market Trends and Growth: A Positive Shift
The article draws attention to the changing landscape, pointing out a positive shift in the adoption of data encryption. Market Research Future's projection of the data encryption market's growth from $13.4 billion in 2022 to $38.5 billion by 2023 indicates a substantial 16.3 percent Compound Annual Growth Rate (CAGR). This growth signifies a heightened awareness of the importance of cybersecurity measures among organizations.
Understanding Encryption: Core Concepts
The article aptly introduces encryption as a method to render data unreadable to unauthorized individuals, ensuring that only authorized parties can access it. The mention of complex algorithms and keys highlights the technical intricacies involved in encryption processes.
Essential Encryption Terms:
-
Algorithm (Cipher): The rules governing the encryption process, determining its effectiveness.
-
Decryption: The process of converting encrypted ciphertext back to readable information.
-
Key: A randomized string of bits used for encrypting and decrypting data.
-
Symmetric Key Systems: All users share the same key, requiring secure key distribution.
-
Asymmetric Key Systems: Utilizes two keys – a private key for decryption and a public key for encryption.
Common Encryption Algorithms:
-
Triple DES: Developed to replace the original Data Encryption Standard (DES), it uses three keys with 56 bits each, providing a total key length of 168 bits.
-
AES (Advanced Encryption Standard): Trusted by the U.S. Government, it employs key lengths of 128, 192, or 256 bits, considered impervious to most attacks.
-
RSA Security: An asymmetric algorithm using a pair of keys – public for encryption and private for decryption.
-
Blowfish: A symmetric cipher known for its speed and flexibility, often used in securing payments and passwords.
-
Twofish: A successor to Blowfish, offering speed and security with keys up to 256 bits.
The Future of Encryption: NIST's Initiatives
The article concludes by addressing the evolving threat landscape, specifically mentioning the National Institute of Standards and Technology's (NIST) efforts. NIST's Post-Quantum Cryptography Standardization project is highlighted, introducing new encryption algorithms to combat emerging cyber threats. The four selected algorithms – CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON – are positioned as crucial advancements to secure digital communication and data.
In conclusion, the article not only highlights the current state of data encryption but also looks forward to the future, acknowledging the dynamic nature of cybersecurity and the need for continual innovation to stay ahead of evolving threats. As someone deeply immersed in this field, I find these developments not only fascinating but imperative for the ongoing protection of digital assets.
