Cybersecurity
A Brief Explanation of Encryption and Why it Matters in the Cloud Age
Encryption has become so ubiquitous that one could assume that most people understand what it is, how it is used, and why it is important in the digital age. Of course, we all know what happens when you assume, right?
Simply put, encryption is how the content of a message between two or more trusted parties is hidden from untrusted or unintended recipients of that message.
In the early days of the Internet, there were no widely used methods to encrypt information sent over public or private networks. As a result, any individual with basic skills could intercept and read content as it was sent over a network to which they had access. For the Internet to grow into a digital marketplace, it was critical to secure sensitive data as it was in transit. To accomplish that goal, engineers at Netscape created the SSL protocol to encrypt content as it passed from webserver to web browser. SSL has since been replaced by TLS, but the underlying mechanics remain the same.
- A web browser extracts the public key from a website’s certificate
- The browser generates itself a new key, uses the website’s public key to encrypt it, and sends the new key to the website’s server
- The server then decrypts the key using its own private key and uses that new key to encrypt all information exchanged between the web browser and website
The exchanged cipher keys are how text can be encrypted and then translated back to the original text. Whether data is at rest or in transit, encryption of that data still relies on cipher keys to encrypt and decrypt that data. Thus, encrypted data is only as secure as the keys used to encrypt that data.
In the modern cloud era, it’s safe to say that most data is encrypted as it’s transmitted and stored. The important question to ask is who has access to the keys used to encrypt that data. This is particularly important as more and more organizations move their data to Cloud Service Providers (CSP). It’s a given that nearly every CSP will encrypt your data, but how will they secure the keys used to encrypt that data? Do they support BYOK (bring your own key) options? If so, do you have the in-house expertise and infrastructure to deal with the added responsibility of managing your own encryption keys?
These are but a few questions that any organization should consider when moving data to CSPs. However, it’s important that business owners and decision-makers first understand the basics of the underlying technology used to secure their data before evaluating the answers to those questions.