What We'll Cover:
1. Data encryption definition and applications.
2. Various pros and cons of using data encryption.
3. The value it can bring your business.
The move to cloud services has exploded as people continue to work from home. However, with this rise, there’s been an equally big uptick in something not as nice or useful: cyberattacks. The Cloud has allowed businesses to keep things running, but as people take laptops home and internal servers are moved online, cyberattackers aren’t slowing down.
So, are we doomed? No, we just need to make sure our data is protected. That’s where data encryption comes in.
What’s Data Encryption, Really?
Data encryption is defined as the process of translating data from a readable format into code that is only accessible to those who have a secret key (aka the decryption key.) Once data has been encrypted, it must be decrypted using the secret key in order to be usable or readable again. This is a cornerstone of data security because it ensures that, if someone somehow gets a hold of the encrypted data and they don’t have the key, they will not be able to access the data.
Can said hypothetical cyberattacker guess the key? It depends on its strength. In theory, yes, but in execution it’s almost a guaranteed no. The Advanced Encryption Standard, otherwise known as AES, is an encryption process that has secret keys ranging from 128 to 256 bits.
According to TechNadu, “For something like AES, with a 256-bit key, even the might of the best supercomputers we have today would take more time [to crack the key] than the universe itself has left.” So, you’re probably going to be okay (just make sure your secret keys are super safe!).
While data encryption is great, it’s not without its limitations. Let’s go over the pros and cons of utilizing data encryption within your data security strategy.
Pro: Limit the Reach of the Breach
As we mentioned earlier, encrypting your data is one of the most powerful tools at your disposal when it comes to reducing the damage of data breaches.
Whether someone’s laptop got stolen or a system was hacked, data breaches can happen at any time. Not to mention, they’re expensive. The average cost of a data breach in the US is $8.64 million per breach (which is more than double the world average at $3.86 million). It also takes roughly 280 days to identify and contain a breach.
Because the encryption is placed on the data itself, you protect more than your data — you save money, time, and a lot of headache from potential breaches.
This also means that once data has been encrypted, it can exist pretty much anywhere in your company. Laptops, in-office desktops, portable hard drives or USBs, internal servers — the data is secured, giving you the freedom to share or access it with ease.
Pro: You Don’t Have to Be a Cryptographer
Luckily, data encryption has never been easier. Take, for example, HTTPS encryption. HTTPS is the secure version of HTTP; used to communicate data between a website and a web browser. It’s now easier than ever for web admins or website owners to configure their site to use HTTPS. In fact, search engines like Google expect every website to have it at this point and often display a giant red warning when it doesn’t, clearly labeling it as a security risk.
Some modern devices are even encrypted from the get-go. The iPhone, for example, is encrypted by default as long as a passcode is set on the device. So, if you ever misplace your iPhone and are worried about your sensitive information, the best thing you can do to protect yourself is to make sure you have a strong passcode!
While the benefits of data encryption aren’t in short supply, nothing is perfect — let’s cover some of the cons.
Con: Lost Key = Lost Sanity
A lot of the cons revolve around the secret keys needed for your encrypted data. If a secret key is ever lost and there’s no way of knowing what it was (ex. backups, multiple keys, etc.), you’ll have no better luck accessing the data than a cybercriminal. Losing a key is basically losing the data.
This is, without a doubt, one of the baseline risks of encryption. It’s important to treat your secret keys as high-value assets and make sure they are kept safe, secured, and accounted for.
As your encryption needs grow, so will the number of secret keys. While it makes sense to utilize multiple keys to prevent a total data loss in the event of one key getting lost, more keys can be harder to keep track of. There’s a healthy balance that needs to be kept in order to ensure your keys are tucked away safely and your IT team is able to maintain them.
Con: Human Passwords are Easy to Crack
We mentioned earlier that the iPhone is already encrypted at purchase, but you should have a strong passcode. That’s a potential con when weighing in on data encryption: encryption is only as strong as the passcode.
Not every encryption solution is going to be AES with a 256-bit key; many devices will require a human to choose the password. Since we’re people, we tend to choose passwords that are easy to remember but could potentially be insecure. This means that a brute force attack or other attacks from cybercriminals could actually be doable. So, it’s extremely important to create strong passwords that avoid simplicity. If you can commit to choosing strong passwords, you can overcome this con on your own.
Data Encryption and You
It is up to you to decide how valuable data encryption would be for your business. With the massive increase in cybercrime over the past few years, it’s clear that the technology isn’t going anywhere anytime soon. Whether it’s in a limited capacity or deeply rooted in all your systems, data encryption is an extremely powerful tool to ensure sensitive information doesn’t fall into the wrong hands.
Looking for how to get started? We can help. If you’re ready to take the next step with your technology and discover what’s possible, let’s start talking strategy. We’ll get to know your organization, your goals, and your existing tech infrastructure before mapping the journey to your moonshot so you can reach your greatest potential.