We’ve all heard stories about serious cyber attacks and embarrassing security breaches. They are as common today as hot temperatures in a Florida summer. So we’re well aware encrypting our business data is an essential element in securing sensitive information. But how does it work and how much do you know about it? And which type is the best one for your business?
The answer to these questions is one of the most annoying responses one can receive: It depends. But before you roll your eyes and decide to just pick one to get it out of the way, it is best to be acquainted at least with the basics, so that you can make an informed decision.
With Symmetric Encryption, every single person who is authorized to review the data, will have the same key or passcode. Once the correct combination is entered, voilá, the jumbled mess of encrypted information becomes readable. Anyone with the key can encrypt and decrypt the data.
Public Key or Asymmetric Encryption
With Public Key Encryption, both the original user and the additional people who will be allowed to view the information will hold a code to encrypt and decrypt the information. However, what differentiates it from symmetric encryption is that the originating user has a unique specific key that will allow the rest of the users to know he or she was the person who encrypted the information; thus giving the originating user what would be akin to a “digital signature.”
If the data was encrypted with that one specific key, only one person could have done so.
Everyone else who can read the data has the same key, which is the “public key.” Users with the public key can also send encrypted information to the holder of the private key.
Let’s say Jane has a private key and encrypted data for her company. Everyone who has the public key will be able to decrypt and read it, and they will all know that only Jane could’ve sent the information because she’s the one who “digitally signed” the data.
Additional things to keep in mind
When choosing an encryption method, it’s important to allow for scalability, and that it properly works on all required platforms (there’s no point in encrypting something from a computer if you’ll need to access it from your phone and you’re unable to do so). You’ll also need to protect your information in all states of data:
Data in use: When a user is creating or updating data.
Data in motion: When a user is sending information to another user, whether via e-mail or other forms of communication.
Data at rest: When your data is being stored on a server or cloud.
Each state requires different components to adequately protect information.
The only way to truly protect your sensitive data is to have experienced IT experts do the job for you. Soaring Eagle Database Consulting can assess your company’s needs and advise you accordingly. Contact us and see how we can help you.