What is Encryption?
Encryption is the cryptographic transformation of data to produce ciphertext using various encryption algorithms(Al-Shabi, 2019). Encryption converts data into secret codes to conceal the true meaning of the information, thereby making cryptography the science of encrypting and decrypting information. If encryption utilizing robust algorithms such as Advanced Encryption Standards (AES) 256 and Rivest-Shamir-Adleman (RSA) is impenetrable, then how can we explain the high number of cyberattacks that occur within organizations and governments around the world?
Does Encryption Mean Data is Secured?
It is undeniable that encryption is used to prevent unauthorized access to data at rest, in transit and in use. Why are there still so many cyberattacks in this day and age, despite the fact that robust encryption techniques are utilized to keep data from falling into the wrong hands? While unbreakable encryption algorithms are readily available, cyberattacks persist for the reasons discussed in this article.
Who has the Encryption Keys?
First, it is important to note that encryption as a security measure is only as good as the security of the encryption keys. Thus, encryption key management, which includes controlling and maintaining encryption keys, is critical in maintaining an effective encryption strategy. Thus, the use of Public Key Infrastructure (PKI) to authenticate users and servers involves using digital identities referred to as Digital Certificates; the Certificate Authority which authenticates the digital identity, and the Registration Authority whose function is to issue the digital certificates to users. These three components that make up the Public Key Infrastructure (PKI) are critical aspects in encryption key management (Lozupone, 2018). Encryption key management has always been a problem, especially with cloud-based service offerings such as Software-as-a Service (SAAS), where the cloud service provider (CSP) controls and manages the encryption keys.
How Secured is the Encryption Key Management Life Cycle?
Furthermore, encryption is only considered secure when the encryption keys are properly managed from the key generation, exchange, storage, use, destruction, and replacement phases of the key management lifecycle. This is critical even if the keys are managed using Hardware Security Modules (HSM) or other hardware key management solutions, trusted third party, key management virtual appliance, or key management software.
What Type of Encryption is in Use?
More so, even though encryption is a major security technique to protect data from unauthorized access, it is commonly known to degrade performance (Lozupone, 2018). This is true because encryption and decryption require significant compute resources. However, different types of encryptions exist with different overhead levels that offer varying levels of security to system resources. Symmetric encryption, for instance, is high-speed, uses the same encryption and decryption keys, uses less compute resources, thereby having less impact on system performance (Ambili & Narasimhan, 2021). However, symmetric encryption only provides confidentiality to system resources. On the other hand, asymmetric encryption, which uses a private and a public key for encryption and decryption keys, is slow and puts significant strain on computing resources, thereby significantly affecting performance of applications (Ambili & Narasimhan, 2021). In contrast, asymmetric encryption protects system resources from prying eyes while also guaranteeing their authenticity and non-repudiation. However, it places a significant burden on the system’s computing resources, which in turn affects its overall performance. Therefore, management must make a decision between the competing priorities of encryption and performance.
How Secured are Coding Practices?
Every day new applications are developed with cryptography at the backend to make these applications secure. Developers do a great job writing codes that provide intelligent solutions. The real question is, how secure are these codes and are these cryptographic codes implemented correctly (Nakov et al., 2021)? However, encrypting data does not mean the data is secured. When it comes to implementing encryption the right way it is always tough to detect developer errors that could leave the organization’s sensitive data at risk. Organizations are thus left with a false sense of security that only becomes evident when the organization experiences a data breach or cyberattack.
Encryption and Insider Threats
Also, encryption does not mean security when it comes to insider threats as the insider is an authorized user who is in possession of the decryption keys. An insider threat is a type of security risk that originates from within the organization. As a result, other methods have to be used to protect confidentiality, integrity, and data availability even from authorized users. The most effective method of detecting and preventing insider threats is to monitor user activity in real time. Detecting atypical behavior associated with hostile and suspicious activities, data theft, or exploitation is thus the best way to prevent authorized individuals with decryption keys from jeopardizing the confidentiality, integrity, and availability of sensitive information. The key to identifying insider threats and putting preventative measures in place is determining when user behavior becomes unusual.
Inefficient Data Loss Capabilities with Encryption
Encrypting data streams within the network reduces the effectiveness of Data Loss prevention solutions, which would probably not identify if sensitive information is being moved across the network. Cyber intruders could facilitate data exfiltration if other perimeter security technologies are not employed within the enterprise. On the other hand, it is good practice to encrypt sensitive data in transit. However, depending on the industry, most regulatory bodies require encrypting sensitive information in transit using robust encryption algorithms like TLS 1.3. Given the pros and cons of encrypting data streams within the network, it is better to encrypt data in transit and implement other security measures to identify and block unauthorized data exfiltration.
Al-Shabi, M. (2019). A survey on symmetric and asymmetric cryptography algorithms in information security. International Journal of Scientific and Research Publications (IJSRP), 9(3), 576-589.
Ambili, T., & Narasimhan, V. L. (2021). Symmetric and Asymmetric Encryption Algorithm Modeling on CPU Execution Time as Employed Over a Mobile Environment. International Journal of Natural Computing Research (IJNCR), 10(2), 21-41. https://doi.org/10.4018/IJNCR.2021040102
Lozupone, V. (2018). Analyze encryption and public key infrastructure (PKI). International Journal of Information Management, 38(1), 42-44. https://www.sciencedirect.com/science/article/abs/pii/S0268401217303195