What is Encryption and How Does it Work?

What is encryption?

Encryption is the process of encoding or transforming meaningful information (plaintext) into non-useful information (ciphertext). 

Encryption and decryption, the process of returning non-useful information into useful information are two of the main functions that make up the practice of cryptography, and the two approaches are arguably most useful in everyday life in keeping data secure. Both processes are dependent on a key or keys that provide information on how to transform plaintext information into ciphertext (encryption) or transform ciphertext back into plaintext (decryption). Keeping keys secure is of paramount importance to maintaining the integrity of any cryptographic platform.

Types of Encryption

In practice, cryptographic systems (that being the collective term for both the encryption and decryption of information) fall into two camps: Symmetric Key systems and Public Key systems. In Symmetric Key systems, as the name implies, the key by which useful information is encrypted and non-useful information decrypted is the same.

The other cryptography type, Asymmetric or Public Key Systems differ from Symmetric Key systems. The difference is present due to the use of two keys, one Public which anyone can use to encrypt data and a second, Private key that only the receiving party has and can use to decrypt an incoming encrypted message. Public Key systems have become the de-facto standard in IT encryption systems for their inherent greater security principle and also the ease from an end-user perspective. For example, when you visit a bank’s website (clearly this is information you would like to keep secure!). Your web browser will use the bank’s public certificate to encrypt the data leaving your computer via your web browser, and the bank’s web server will decrypt the data using its Private key. This is achieved without you having to worry about keys or setting anything up in advance of using that website.

How does encryption keep your data safe?

The act of encrypting data, in its simplest form is to make the information unintelligible to anyone who may view the information you wish to keep secret. By employing strong modern encryption standards, organizations can ensure their data that is either accidentally lost or intentionally stolen is of little worth to anyone who gains access to it. 

As an example, you can run BitLocker on a Windows 10 laptop with multiple keys required to gain access to the computer, one to ‘unlock’ the hard drive and the second to get into Windows. These keys are the safeguard to ensure, should the computer be stolen and therefore all the contents will be kept safe.

What is encryption used for?

In IT, there are typically two situations where encryption is deployed; Data In Transit and Data At Rest. 

Simply put, Data In Transit is seen where information is moving from Location A to Location B, and should someone intercept that communication, they would be unable to get at the communication you wish to keep private. In my earlier example, let’s say you were using your banking app on your mobile phone whilst using a coffee shop’s public wireless network. For ease, the coffee shop has a completely open public network which unfortunately means that anyone who knows what they’re doing could listen in and see the raw data, thankfully though, your banking app is using Transport Layer Security (TLS) to encrypt the data as it leaves your phone and heads off to the bank’s servers. As such, the most private of data is secured, but it would still be possible to glean useful information such as the name of your phone and the bank your using amongst other information. As such, again, in the hands of someone who knows what they’re doing, they could potentially trick you into trying to authenticate against their own devices, and as part of this authentication process, steal your login details for your bank! It is still best not to use unencrypted wireless networks for sensitive data transmission. However, an encrypted wireless network (if you can trust it!) should be perfectly fine as all the information between your phone and the wireless mast is encrypted as well as the communication within the banking application to and from the banking server.

Does encryption reduce data security?

Correctly implemented, encryption dramatically enhances an organization’s data security posture and should be considered as ubiquitously as the deployment of anti-virus products. One of the critical challenges of data encryption rollouts is to make sure it’s implemented in a convenient form to stop users attempting to bypass the same security measures that may well save them and their organisation’s graces.

Aside from the potential fallout from this type of data breach though there is, of course, a legislative angle to data security now, The Data Protection Act 2018, which is the UK’s implementation of the EU’s General Data Protection Regulation (GDPR). Article 32 of the GDPR includes encryption as a suitable technical measure organisation’s can take to ensure personal data is processed securely.

With the relatively low cost of suitable encryption for an organisation and the increased punitive actions, the Information Commissioner’s Office can take under The Data Protection Act 2018. it should be a no-brainer for the vast majority of organisations to implement a data security strategy with encryption at its heart.

Why is encryption important in cyber security?

Encryption plays a vital role in cyber security in general, as, nowadays, simpler security systems are simply not enough. Depending on the nature of the data you are working with, various encryption methods will be more suitable than others. With more of our lives becoming digital, the opportunity for theft of data or its malicious use is only increasing. All appropriate security measures should be taken and used to give peace of mind.

Want to know more? Check out CIS’ cybersecurity and encryption services to find out more.