Companies use encryption software to protect the confidentiality of their data, ensure that only intended parties can access the data, and reduce their liability if the data is inadvertently exposed or hacked.
At a basic level, encryption software protects data by converting normal data into scrambled, unintelligible data that is rendered unusable to others. Most commonly, companies use encryption software to protect sensitive data such as their customers’ personally identifiable information (PII), proprietary company data such as trade secrets, and communications such as company emails or business instant messaging. Encryption can be applied to files, folders, disks, other storage products including cloud storage, and for secure communications such as transferring data over networks.
Encryption has historically been used for protecting military communications, however, with the rise of the internet and online storage, many companies use encryption to protect corporate assets, as well. Particularly with the increasing cyber threats and requirements from data protection and data privacy regulations, more and more companies are using encryption software to protect their data and reduce risks and liability in the event the data is lost or stolen. In fact, many data privacy regulations specifically cite properly encrypted data as sufficiently protected and therefore either out of scope of the regulation or subject to less intensive regulatory scrutiny.
Encryption software works by using modern cryptography methods to convert data from legible plaintext to unintelligible ciphertext using a pair of cryptographic keys. The original data is converted from plaintext to ciphertext using an encoding key known as a cipher, while the permissioned recipient of the data would use the corresponding decoding key to decrypt the data in order to return it to usable plaintext. Without the appropriate decryption key, the data is virtually unusable by interceptors or other non permissioned parties.
Cryptographic keys to both encode and decode encrypted data come as either symmetric or asymmetric keys. With symmetric keys, the key used to encode the data is the same key needed to decode it. This requires the key itself to be closely guarded. With asymmetric keys, however, the two keys are different—one key is a public key and the other key is a private key. A public key can be openly distributed to other parties, while the private key should be closely protected by its owner. A message can be encrypted using a recipient’s public key of the key pair, while only the recipient’s private key has the ability to decrypt it. Companies can protect and manage their encryption keys by utilizing encryption key management software solutions.
What Types of Encryption Software Exist?
Encryption software can be used to protect data at rest, such as data stored in files and folders, data in transit, such as data being transferred over networks or mobile devices, and more recently data in use, particularly when processing data stored in cloud storage.
Encryption for data at rest
Data at rest is data that is in storage and is not actively being used. This data can be stored on physical storage devices, in databases, data warehouses, on mobile devices, laptops, other endpoints, and in cloud storage. Data encryption software is used to protect this data from being accessed, modified, or stolen while at rest. Common types of encryption solutions for these include file encryption, folder encryption, database encryption, full-disk encryption, hard drive encryption, USB encryption, application encryption, and other storage encryption.
Encryption for data in transit
Data in transit is data that is traveling over networks like the internet, internal corporate networks like corporate local area networks (LAN), and mobile networks. Data in transit is sometimes referred to as data in motion, as well. Encryption is used for data in transit to prevent plaintext data from being intercepted by unauthorized persons like hackers. If the data is encrypted and intercepted while in transit, the data has little or no value to the party that intercepted it. Common types of encryption solutions for data in transit include network encryption, mobile data encryption, and website encryption.
Encryption for data in use
Risks to data in use are becoming more prevalent as more companies employ cloud computing resources to analyze data. Previously, unencrypted data was most at risk of interception or unauthorized disclosure during states of transit or at rest, but with greater use of processing in cloud computing, data can become susceptible to inappropriate disclosure or leaks during processing, as well. To address this risk, companies are beginning to utilize a technique known as homomorphic encryption.
Homomorphic encryption allows the processing of data while it remains encrypted; homomorphic encryption does not require the dataset to be decrypted prior to processing. Companies can store encrypted data in the cloud, run operations on that encrypted data without decrypting it, and the results of that computation will remain in an encrypted format, requiring the same encryption key to decrypt the computational results as would be needed to decrypt the initial data set.
