The Importance of Data Encryption

An Ask the Expert feature with Malte Pollmann of Utimaco

Malte Pollmann, VP Products for Utimaco, explains why encryption has a vital part to play within data security.

Advances in modern computing technology, ranging from faster processors to expanded memory to new storage devices, have brought certain applications into mainstream use. For example, non-linear digital video editing has become practical on a large scale since compression algorithms, system microprocessors and graphics processors have advanced enough to cope with the massive volumes of video data involved.

Similarly, data encryption has been available for a number of decades, but practical applications have been largely restricted to high-end systems in the banking, military and scientific sectors. In recent years, these restricted uses have been overcome by the greater availability of desktop and notebook computers that compare favorably to supercomputers of years past. Currently, state-of-the-art techniques capitalize on the features in business and personal computer systems and deliver the data security benefits of encryption to everyday users. Modern systems can routinely encrypt and decrypt data in the background using 128-bit (or larger) keys and advanced algorithms while causing minimal, nearly imperceptible effects on performance. Problems that limited the usefulness of past-generation encryption tools have been largely overcome by enhanced application designs, improved deployment processes, better maintenance tools, more efficient algorithms and standards-based architectures that simplify integration of encryption solutions with network infrastructures.

With these advances, encryption has become integral to today’s business processes, providing an effective means of ensuring the privacy of information exchanged among partners, customers, staff members or other parties. Encryption has been embraced in a variety of areas where the sensitivity of data being transferred is extremely important. This includes the banking industry (particularly automated kiosks and teller machines), business transactions conducted over the Internet, email communications where privacy is essential and mobile telephone technology.

Despite the advances in encryption techniques and vastly improved computer capabilities, many of the fallacies and outdated understandings about encryption persist. Sometimes these myths are even being perpetuated in popular technology publications where some authors and editorial staff fail to do their research thoroughly. This paper examines the common myths that exist about data encryption and discusses the most recent techniques and changes in computing environments that have elevated encryption as a data security tool and enabled practical everyday use of this valuable technology.

While the implementations differ and the tools vary widely, the fundamentals of encryption are strikingly similar for most applications. Companies collaborate more freely and more often with partners and suppliers, responding to supply chains that now stretch across the world. Web-based business processes and e-commerce have combined to create a much more open IT infrastructure and corresponding protections must be put in the place to counteract possible network vulnerabilities. The ubiquitous portable computing devices in use by employees often contain sensitive data that must be shielded from prying eyes in the event of loss or theft of the device.

Strong encryption provides a powerful mechanism that can be applied to many parts of an organization’s data security practices, offering effective, continuous protection of data. This protection can encompass a range of uses, from end-point devices in the field to the core of the central servers where vital information resides.

Malte Pollmann joined Utimaco in 2005 as business unit manager and later VP Products responsible for all SafeGuard products. Malte held previous positions as product director and business unit leader at Lycos and E.ON in Germany and France.

Three ways to encrypt

Encryption can be applied to data in any of the three following conditions:
Data at rest: Here information is stored on desktop or notebook computers, handheld computing devices, network storage devices or servers.

Data in motion: In this case information is being exchanged as a part of email communication, e-business transactions or removable media being transported from one location to another.

Data in use: W here information is being actively used in the form of an electronic payment, document management activity or e-card personalization.