Blog | 24By7Security

Protecting data in motion and at rest

Written by Sanjay Deo | August, 24 2021

Protecting Data In Motion and At Rest

Data encryption as a security measure has been around for a long time. The word itself was created by the ancient Greeks, in the form of kryptos, which means hidden.

Evidence of encryption has been found in the Old Testament, in ancient Spartan military communications, and in messages sent between Julius Caesar and his armies. Clearly, man has felt the need to cloak his communications in secrecy for at least 2,500 years.

A number of modern words derive from kryptos. Crypt, for example, refers to an underground (or hidden) chamber. Cryptic describes a word or message whose meaning is not immediately clear (or hidden). And a very recent addition to the dictionary, cryptocurrency, refers to digital coin transactions that are encrypted (or hidden).

Types of Encryption

Encryption is the process of encoding information. It converts the original human-readable plaintext into an alternative form known as ciphertext. The idea is that only authorized parties can decode the ciphertext back into plaintext in order to read the original information.

Data encryption does not prevent interference by unauthorized parties. However, it does prevent them from being able to read the original information.

Two main types of encryption are in use today to keep business communications safe from the idly curious and the evilly curious.

  • Encryption in transit. This method encodes information only when it is moving, not when it is at rest. It protects data during the most vulnerable part of its journey – when it is traveling through the corridors of the Internet and more thus likely to attract unwanted attention.
  • End-to-end encryption. This method encodes information from point of origin to destination and everywhere in between. It protects data throughout its journey – when it is in motion as well as when it is sitting idle, waiting to be moved along.

Most businesses that use encryption today are using encryption in transit. The data or message is encrypted on the originating device, sent to the server where it is decrypted for processing on the server, then re-encrypted before being sent on to its destination. Chances are it will be decrypted at the receiving server, processed, and re-encrypted before arriving at its ultimate destination. This is an effective methodology with many applications and users.

However, end-to-end encryption also has precise and important uses. All businesses who transmit data need to be familiar with this encryption format and understand why and when they should employ it.

What is End to End Encryption?

End-to-end encryption protects the exchange of data between the originator (at one end) and the recipient (at the other end) by ensuring that only the intended recipient can decrypt and read it. It is the most effective encryption format for business email communications.

As the data moves from one end to the other end, anyone attempting to view it for whatever reasons – idle or evil – will be unable to decrypt it or read it. This includes not only cyber criminals but also ISPs, telecoms and other communications providers, and government entities.

How It Works

End-to-end encryption uses keys, kind of like the secret decoder rings that allow caped crusaders to decode simple ciphers or encrypt messages. End to end encryption can use either two keys, one to encrypt and another to decrypt, or a single key that does both.

  • Two Keys. This format is known as asymmetric encryption because of the two different (i.e., asymmetrical) keys. It’s often called public-key encryption because the encryption key can be shared with others, without risk, as long as the decryption key remains private to ensure effective encryption.
  • One Key. The single-key format is known as symmetric encryption, or sometimes private key encryption. There is no public encryption key. Instead, the sender and recipient share a single key for both encryption and decryption. But they must keep it safe and secure from other parties to ensure effective encryption.

Because of the way end-to-end encryption works, the user device must be hacked in order for a cybercriminal to access the data. Most cybercriminals don’t bother with this type of activity due to its complex and labor-intensive nature. Good to know!

Common Uses of Encryption

Businesses who transfer masses of data across the Internet, up into the cloud, down from the cloud, and in or out of data processing or data storage centers, have long relied on encryption to secure that data, including end-to-end encryption.

However, most businesses that use email communication systems still have not adopted encryption. This is despite the fact that hackers, ransomware criminals, and other bad actors have stepped up their efforts to read company emails.

Their goal is to hijack data embedded in or attached to emails. They may want to sell that data on the black market. Or spoof a strategic email to lure unsuspecting employees into divulging information that can compromise the company.

TrendMicro, Proofpoint, VMware, AxCrypt and other firms offer encryption solutions for business. Citrix SharePoint collaboration software comes with email encryption, and both Microsoft and Apple provide encryption with their operating system software.

There are many benefits to be gained from the end-to-end encryption of your data, including your email communications. Let’s outline a few.

Benefits of End to End Encryption

Layered Security. Encryption is one of many security technologies businesses can use to safeguard customer information as well as their own private and proprietary data. By encrypting data that is either in transit or at rest, IT teams can prevent unauthorized access to it. Encrypting sensitive data is an industry best practice, even if other technical security measures are in place.

Insurance Against Data Breaches. Encryption is a particularly useful measure to protect information in the event of a data breach. In the event hackers gain unlawful entry to a company’s network or systems, they may be able to copy and remove encrypted data, but they will not be able to read it.

Complete Sender Control. End-to-end encryption provides the data or email sender with full control over the transmission process. No matter where the information moves, the data owner can change encryption keys or revoke access across the board if data is threatened or users have been compromised, for instance.

Flexibility in Use.  Not all data needs to be encrypted. Normally only proprietary information and highly sensitive data are selected for this level of protection. Companies can determine, through security policies or user permissions, what type of data should be encrypted in each department or operation.

Promoting Compliance. Today, nearly every industry is regulated, and security and privacy protections are included in the requirements. By enabling any business to protect the security and privacy of their data, both in transit and at rest, end-to-end encryption meets the highest standards for data security and privacy. Other measures are required to address security and privacy across the board, of course, but data encryption is a vital component of compliance.

Personal Privacy. End-to-end encryption helps to promote the free exchange of ideas, even in oppressive environments where nations or governments attempt to intrude on private lives, disrupt free enterprise, or otherwise curtail individual freedoms.

Despite these six important benefits, there are a few downsides to end-to-end encryption.

Downsides of End to End Encryption

Complexity. If you aren’t familiar with using end-to-end encryption you may be thinking, “This sounds like a lot of trouble.” Or “This seems really complicated.” And it certainly can be, especially if you have no first-hand experience installing or configuring an email encryption system or managing an end-to-end program for your company. In these scenarios, consulting with an encryption expert is a good place to begin.

Readable Data. Many encryption users don’t understand that certain information remains visible and readable to anyone who can access the email. Despite the message body and attachment being encrypted, information about the sender is still visible. Metadata can display sender name, email addresses, and IP addresses, whose value on the black market makes them attractive targets for theft.

Two Parties Involved. End to end encryption involves two parties, the sender and the receiver. Ideally, both parties should maintain good security practices around their devices, whether laptops or smartphones. If a device is lost or stolen and is not secured, even with just a PIN, the person who gains access to it will be able to read and send messages in the device owner’s name.

Illegal activity. Some law enforcement entities are concerned that end-to-end encryption makes it easy for individuals to share illicit or illegal content without detection. Data encryption can make it impossible to prove malfeasance and therefore to bring criminals to justice.

Summary

Emails and their attachments can be gold mines for ransomware perpetrators and other cybercriminals. Despite the downsides of using end-to-end encryption, the advantages of using it are more compelling—especially for businesses who regularly transmit sensitive data. Every time important information is sent in plain text, the risk of interception increases.

Businesses can operate more securely, demonstrate improved compliance, and protect customers, employees, and other stakeholders more effectively by incorporating end-to-end encryption into their cybersecurity programs.

If your company is not using end-to-end encryption in some manner, make it a point to learn more about data encryption and what it can do for you.