|
Advances in modern computing technology—ranging from faster processors to expanded memory to new storage devices—have brought certain applications into mainstream use. For example, non-linear digital video editing has become practical on a large scale since compression algorithms, system microprocessors, and graphics processors have advanced enough to cope with the massive volumes of video data involved.
Similarly, data encryption has been available for a number of decades, but practical applications have been largely restricted to high-end systems in the banking, military, and scientific sectors. In recent years, these restricted uses have been overcome by the greater availability of desktop and notebook computers that compare favorably to supercomputers of years past. Currently, state-of-the-art techniques capitalize on the features in business and personal computer systems and deliver the data security benefits of encryption to everyday users. Modern systems can routinely encrypt and decrypt data in the background using 128-bit (or larger) keys and advanced algorithms while causing minimal, nearly imperceptible effects on performance. Problems that limited the usefulness of past-generation encryption tools have been largely overcome by enhanced application designs, improved deployment processes, better maintenance tools, more efficient algorithms, and standards-based architectures that simplify integration of encryption solutions with network infrastructures.
With these advances, encryption has become integral to today’s business processes, providing an effective means of ensuring the privacy of information exchanged among partners, customers, staff members, or other parties. Encryption has been embraced in a variety of areas where the sensitivity of data being transferred is extremely important. This includes the banking industry (particularly automated kiosks and teller machines), business transactions conducted over the Internet, email communications where privacy is essential, and mobile telephone technology.
Despite the advances in encryption techniques and vastly improved computer capabilities, however, many of the fallacies and outdated understanding about encryption persist. Sometimes these myths are even being perpetuated in popular technology publications where some authors and editorial staff fail to do their research thoroughly. This paper examines the common myths that exist about data encryption and discusses the most recent techniques and changes in computing environments that have elevated encryption as a data security tool and enabled practical everyday use of this valuable technology.
Essential Characteristics of Encryption
Encryption can be applied to data in any of the three following conditions:
Data at rest: where information is stored on desktop or notebook computers, handheld computing devices, network storage devices, or servers.
Data in motion: where information is being exchanged as a part of e-mail communication, e-business transactions, or removable media being transported from one location to another.
Data in use: where information is being actively used in the form of an electronic payment, document management activity, or e-card personalization.
While the implementations differ and the tools vary widely, the fundamentals of encryption are strikingly similar for most applications. In typical applications, a cipher is used to scramble the information stored in a data set, which is referred to as encrypting the data. Once encrypted, the data is unusable for viewing or access until it is decrypted using a key. The key completes an algorithm that translates the scrambled information back into usable data. This encryption/decryption process can be applied to protect various kinds of data communication, such as encrypting the contents of an email message containing sensitive data. The recipient of the message can decrypt and read if in possession of the correct key. The complexity of the cipher determines how difficult it is to break the cipher and read the encrypted data. Strong encryption is generally regarded as being essentially unbreakable, due to elaborate cipher algorithms, which make it unlikely that hackers can use brute force techniques to discover the keys.
The emerging model of the open enterprise has raised the stakes on ensuring data protection throughout every organization. Companies collaborate more freely and more often with partners and suppliers, responding to supply chains that now stretch across the world. Web-based business processes and e-commerce have combined to create a much more open IT infrastructure and corresponding protections must be put in the place to counteract possible network vulnerabilities. The ubiquitous portable computing devices in use by employees often contain very sensitive data that must be shielded from prying eyes in the event of loss or theft of the device.
|
