What It Means When We Say “It’s Encrypted”

Originally published by ShardSecure.

Written by Julian Weinberger, Sales Engineering & Partner Lead, ShardSecure.

In the realm of digital security, the term “encryption” is thrown around all the time. But encryption is not always the actual technique being leveraged.

Instead, encryption has become an umbrella term for protecting valuable data. What people are usually referring to is cryptography, which uses methods like encryption, digests, and permutations to achieve data integrity and confidentiality.

Below, we’ll break down these three cryptographic data protection types and explain how each can help keep data secure.

What is encryption?

Encryption is a cryptographic method of obscuring information by transforming it into an unreadable format. It ensures that data does not fall into the wrong hands and instead remains private and secure. Encrypted data cannot be read unless the user has the key that unscrambles the data.

Encryption algorithms protect information such as passwords, credit card numbers, user names, files, systems, and more. They transform readable data into an unreadable format, preventing information from being accessed by unauthorized users. They can be used to encrypt data at rest (e.g., hard drives), in transit (e.g., over the internet), or in use (e.g., memory).

As technology advances, encryption methods improve. The most common uses of encryption today are:

• Communication, to protect data while in transit over an unsecure medium like WiFi.
• Data storage, to ensure that no one can access stored data without the decryption key.
• Digital signatures, to ensure that digital documents have come from the right person and have not been modified in transit.

Downsides of encryption

While encryption does offer a lot of benefits, it also introduces some challenges in modern data security environments.

First, encryption is breakable. Whoever has access to the key quite literally has the key to the kingdom — and these keys are based on mathematical formulas that can be cracked over time. For that reason, encryption requires both a safe place to store the keys and the regular rotation of those keys. The overhead to maintain a secure key lifecycle can become a burden for developers.

Additionally, encryption by itself does not provide data resilience. Encrypting your data won’t make it available during a power outage, third-party provider downtime, or other disruption.

Modern hardware security modules (HSMs) and key management services can address the need for secure key material storage and secure key rotation. But other methods have to be used to achieve data resilience and high availability.

What is a digest?

A digest is the output of a cryptographic hash function that essentially creates a digital fingerprint of data. The digest can be used to check if any information has been changed and if the correct person or device has accessed the data. It is widely used in computing, communications, and messaging applications to protect or validate data integrity.

A digest can be used for digital signatures sent via unsecure channels like email. It can also be used for message authentication codes (MAC), which are digital signatures in packet-switched computer communication networks like ethernet or WiFi. And applications and systems can use the digest instead of plain text format for storing passwords.

Downsides of the digest

It’s important to understand that, while a digest can validate the integrity of data, it cannot undo an action performed on data. If a hash of data is created, there’s no computationally feasible way to revert it back to its original state. This fact by itself makes it hard to use the digest for broader data protection purposes.

What is permutation?

Permutation is another cryptographic function, one that converts a data sequence into a seemingly random series of numbers. It’s used in environments that demand high security and high performance, and it’s generally faster and easier to maintain than encryption.

With permutation, re-encryption and key management are not required, since there’s no way for unauthorized users to recover the original data. Unlike encryption, modern permutation solutions also provide additional measures of data resilience.

Permutation is widely used as a memory or key storage technique in areas of digital security like encryption and digital signatures. It has various applications in finance and beyond, and it’s frequently used for tokenization of sensitive information like credit card numbers, bank account details, and usernames. For instance, instead of storing credit card information in a plain text format, you can use permutation to store it as a unique digital fingerprint.

Permutation is also used in microsharding, an innovative real-time solution to protect data confidentiality, integrity, and availability and strengthen data resilience.

Augmenting or replacing encryption with microsharding

Many different technologies are leveraged in modern environments to protect your data.

Microsharding is one strong alternative (or supplement) to encryption for hybrid- and multi-cloud environments.

With self-healing data and virtual clusters, the right microsharding solution will support strong data resilience and high availability. Unlike encryption, microsharding will also mitigate against the impact of ransomware, outages, data compromise, and other disruptions.

For further information about how microsharding can augment or replace encryption, take a look at this FAQ and this related blog post: When to microshard, when to encrypt, and when to do both.