Encryption, any encryption, is better than no encryption, but it’s not a magic bullet. Improper implementation, or using out of date technologies, can easily mean that your encryption does little to protect your data.
What is encryption anyway?
The internet is an open network; anyone can access it, and that’s what makes it useful. Unfortunately, it also means it may be possible that someone can see the data that’s travelling through the cables and servers that make the internet work. A little like Royal Mail can read what you write on a postcard, internet service providers and others can read what you send over the internet.
Encryption works like an envelope; a really strong envelope with a really strong padlock keeping it closed. Properly used encryption means that only the people with the key can open the envelope and read the data inside. Not only does it protect against people reading your data while it’s travelling over the internet, it stops them changing what it says as well.
The technical bit
Most encryption in use today is based on a concept called “Asymmetric Key Cryptography,” discovered by James Ellis in the top-secret world of British spy agency GCHQ in the 1970s. The system works by using one-way mathematical functions: sums which are quick and easy to perform in one direction, but practically impossible to solve the other way around.
Under this system, encrypted data needs two keys:
- public key, which is shared widely (hence the name) and is used to encrypt the data, making it unreadable
- a private key, which must be kept secure and is the only way to decrypt the data (make it readable again)
Different mathematical algorithms can be used to encrypt data. AES is one of the most widely used and more secure options, but others are available.
Encryption rule number one: never share your private key. This is where many secure services go wrong. Cloud platforms especially have a habit of selling their services as encrypting your data, when in fact they control the private key. So yes, your data may be encrypted… but if you don’t control the private key, how do you know who can decrypt your data?
If you don’t control your private key, you can’t be sure your data is safe.
True encryption, from end to end
End to end encryption (e2e) means that your data is encrypted before it leaves your device (laptop, phone, PC, etc) using a key you control and stays secured until it arrives back on your device where it can be decrypted, once more using a key which you control. The private key never leaves your device, is never out of your control, and nobody other than you can decrypt your data. A man-in-the-middle attack could be used where an attacker gets in the middle of the communication and pretends to be the other side. A common man-in-the-middle attack is to pretend to be a legit wifi access point and relay all information between the access point and your device, thus allowing the attacker to intercept the data. This kind of attack may be used in coffee shops for example.
Using end to end encryption unencrypted data never leaves your device, which makes is much harder for anyone to eavesdrop on you or steal your data while it’s passing through the internet.
When choosing cloud services, communicating online, or setting up your business’ computer network, always make sure that your data is fully protected with end-to-end encryption.
Contact Nimbus CS to discuss your business needs