Join today's leading executives online at the Data Summit on March 9th. Register here.

This article was contributed by Shaun McBrearty, cofounder of Vaultree.

Cybercrime is rampant, and each year it seems to be getting worse. 2020 was considered a banner year for cybercrime, and then 2021 set a new high. Despite heightened security efforts, data breaches continue to occur and they are becoming more expensive to mitigate. The average cost of a data breach rose 10% to $4.24 million in 2021, according to the 2021 IBM Cost of a Data Breach report, marking a record since the annual report began.

However, if a data breach occurs, but the leaked data is encrypted, it cant be used by bad actors. Essentially, cryptography is an internal barrier; if the external barrier is broken, you still have the internal barrier to protect your organization. However, when it comes to security solutions, most efforts still tend to focus more on reactive products than on proactive ones.

Cryptography and encryption offer many advantages, but adoption still isnt widespread in large part due to several lingering misconceptions. Lets examine those misguided ideas, how cryptography fits into the modern enterprise, and how to implement it.

In the context of data security, encryption is the process of converting information into unintelligible text so that it can be stored or transmitted securely. One example is the text messages people send through mobile apps like WhatsApp. In the application itself, users can usually read a statement saying the app offers end-to-end encryption.

This means that when you send a message, it is scrambled, or converted into incomprehensible information. The message leaves the app encrypted (on one end) and, when it reaches the recipient, it is unscrambled. Only at the recipients end does the information become readable again. This process prevents a third party not involved in these ends from having access to what was sent.

This is a system that works well. Though modern cryptography employs algorithms and the very latest in math and computer science making it seem complex the basic idea remains the same: transform information into something that only those who have the correct key will be able to decipher.

Encryption is one of the most fundamental tools to ensure your companys security. It guarantees that, even if there is an attack on your servers and computers, or even if by human error some information leaks, this information will not be readable by third parties.

Now comes the central question: if encryption and cryptography work so well, why arent they being employed more often? For one thing, there needs to be a lot more education about cryptography. Cryptographers typically come from a mathematical background. For software developers to use cryptography, it requires quite a bit of knowledge. The cryptographer solutions are pretty complex for developers, but cryptography solves so many problems in software development that its worth the effort to provide developers with more education.

Additionally, scalability is perceived as a barrier to adoption. Theres an idea that when you work with large amounts of data, youre limited in terms of performance as the volume of data increases. Third, people think cryptography is slow and that is true for many of these algorithms. So, again, theres concern about performance. And fourth, people mistakenly believe that you cant work with fully encrypted data, that data needs to be decrypted before you can use it.

In terms of the perceived complexity of cryptography holding back its adoption, it doesnt have to be so complicated. Cryptography can be broken down into an easily understood process that doesnt add additional friction for software developers. Some of todays emerging solutions are being designed in a way thats far more plug-and-play for developers.

When deploying encryption, you dont need to sacrifice speed for performance or vice versa.

Cryptography is a versatile tool that can be used in many different ways. It can be used at different levels of the database. You can have full desk encryption, table-level encryption, column-level encryption and row-level encryption.

There are many different options available. Some are one-touch configurations to set up a certain configuration while others require much more manual effort, and there are different levels of security which are offered as part of that.

Its true that for many legacy solutions, you sometimes did have to sacrifice some performance to obtain the level of security you needed but thats quickly changing with the introduction of new and more advanced methods of encryption.

The idea that you cant work with fully encrypted data persists, but this is very much a developing area. Technology is now at a point where you can securely process data, too. At the same time, theres the misconception that fully homomorphic encryption which allows computations to be performed on data while it is encrypted is slow, but thats not always true. Great advances are being made on this front.

Attacks on your data arent going away any time soon, and the cost to address those attacks is rising. The beauty of cryptography is that it renders data breaches almost inconsequential because criminals cant make any sense of the data; its useless to them. Cryptography might sound complex, but it doesnt have to be. Next-generation cryptography addresses most of the misconceptions people have and delivers superior data protection. Some solutions are ready to plug into your system and come with many options for deployment. Use this information as an aid to your own encryption journey.

Shaun McBrearty is the cofounder of Vaultree.

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even considercontributing an articleof your own!

Read More From DataDecisionMakers

The rest is here:
The who, what, and where of cryptography for the C-suite - VentureBeat

OPINION

BY DAVE PRICEDaily Post Editor

A year after Palo Alto Police Chief Robert Jonsen decided to encrypt police radios making it impossible for the public to monitor police activities on a real-time basis he has unveiled the Beta Police Calls for Service Interactive Map. In a press release, the police say this is a better alternative to monitoring police radio scanners.

Thats absolutely wrong.

1. With a scanner, the public knows about the incident the same time officers in the field learn about it. With this map, information about an incident is posted only after it ends. By that time, the witnesses will be gone. This makes it impossible for the press to get an independent account of the incident. Instead we have to rely solely on the police departments version of events. For a department with a documented history of covering up police brutality, this isnt a good idea.

2. The information about the police calls is vague. It doesnt say what happened, where it happened or how police responded.

3. The circles on the map that identify incidents are so large, you cant pinpoint where something happened.

4. When a user clicks on a circle, the information that comes upis meaningless. What does MedInfo mean? An ambulance run? A 5150? A kid with hiccups?

Like the decision to encrypt, the development of this map was done without any discussion with the community, especially the end-users.

Instead of this interactive map, the city should have gone back to un-encrypted police radio frequencies, and taken the same approach as the CHP, which broadcasts without encryption.

What is the CHP alternative?

In October 2020, the state Department of Justices police data operation put out a memo to all local police departments telling them to either encrypt their radios or find other means to protect personal information.

Many in law enforcement took this memo as a mandate to encrypt. That was false.

The memo gave departments a choice. Palo Alto went for the most extreme, anti-transparent choice encryption. But the CHP, which for technical reasons cant encrypt on all of its frequencies, came up with an alternative thats acceptable to the Department of Justice.

Heres how it works: When a CHP officer wants dispatchers to check someones drivers license number for information such as whether the license is suspended, the officer will give the license number over the radio and the dispatcher will read it back to make sure theyve heard it correctly.

When the dispatcher responds to the officer with the results of the drivers license check, they can give either the persons first name or last name, the drivers license number and the licenses status. That prevents transmission of someones full name and their drivers license number at the same time.

Additional information such as address, date of birth, and physical descriptors would only be provided when requested.

The CHP alternative is a simple system that doesnt cost any money to implement and is perfectly legal.

Transparency reduced

Encryption isnt the only way Jonsens department is reducing transparency. Police have decided that reporters can no longer call police to find out more about crimes all questions must go through the police information website. And, in the last couple months, the information on the police blotter has been greatly reduced.

Blotters history

The police blotter began in 1997 due to public outrage over the horrific murder of NASA scientist Bert Kay on Gilman Street. That brutal killing led to a town hall meeting where residents demanded that the police and city council provide more information to the public about crimes. Kays killers were repeatedly arrested and released, and each time their crimes became more violent. Yet the incidents werent publicly known, which angered people. At the end of the meeting, then-City Councilwoman Liz Kniss and the police chief, Lynne Johnson, asked me if Id be willing to print a police blotter. Of course I agreed. Soon other mid-Peninsula police departments began to offer their blotters to us.

Last month, Palo Alto police decided to reduce the amount of information in the blotter. And, again, the changes were made without any consultation with the community or end-users.

1. We used to get more incidents. The logs are now shorter than they used to be, and the information is a number of days old.

2. The new blotter is vague. It is difficult to tell what is being reported. For instance, the Jan. 19 log says Hit and run resulting in death or injury. Theres a big difference between the two. Did the victim go to the morgue or the hospital?

3. The new log doesnt have details about incidents like the old one did. What was stolen? A purse? A bike? A garden statue?

Talk to reporters

It used to be that reporters could call police directly and find out about a particular incident. Now if a reporter has a question, it has to be entered into a portal on the police website. Sometimes a reply will come the same day, sometimes it takes days.

In some law enforcement agencies, the boss makes it his job to talk to the press every day. An example is longtime San Mateo County District Attorney Steve Wagstaffe, who emails a memo to the media nearly every morning giving the status of various newsworthy cases. Then, in the late afternoon, he takes calls from reporters to answer their questions about what happened that day in cases they may be following.

Youd think that if Wagstaffe can do that every day, the Palo Alto police chief could do the same. It would allow the chief to keep daily tabs on ongoing cases with his officers so that he would be up-to-speed when he answers questions from the press. And getting to know the reporters by talking to them every day, he would have more comfort in dealing with the press. Sometimes Ive found that police officers, who are extraordinarily brave in most circumstances, become unusually nervous around reporters.

Palo Alto City Council should restore police transparency by taking the following actions: (1) order police to un-encrypt their radios and use the CHP alternative, (2) restore the police blotter to its pre-January 2022 level of information, (3) allow officers to speak directly to reporters again.

Chief Jonsen, a candidate for sheriff, has given the city notice of his retirement. Council shouldnt wait until hes gone to make these changes. This is a matter that has festered over a year and should be at the top of councils agenda immediately. The public has every right to know what its police department is doing.

For 70 years, people have been able to use police scanners to listen into their local police and firefighters as a way of knowing whats going on in their community. Its a check-and-balance on law enforcement.

For news organizations, it allows reporters and photographers to get to the scene of an accident, fire, explosion, shooting or other newsworthy event quickly, so they can see for themselves what happened and bring the story to you.

With encryption, police agencies tell reporters what happened long after the event has ended.

For instance, on a stormy night last year, trees were crashing down, power lines were falling and there was flooding in different parts of Palo Alto.The typical procedure in this newsroom is to send a reporter out on the road with a police scanner and a camera to document what happened. In the next mornings paper, the reader gets a report on the damage the storm did in town, such as the trees that smashed through houses or cars, the flooding and the fires.

But with encryption we werent able to do that story because our scanners were silent. Encryption eliminated the news you were able to read.

Some people have argued that criminals listen into the scanners to get the personal information of people contacted by police. Others argue that criminals will use the police radio to avoid detection.

To test those theories, we submitted requests with Palo Alto, Los Altos and Mountain View for all such cases. None of the cities had anything. It doesnt happen.

Read more from the original source:
Opinion: New map app didn't solve the problem of silencing police... - The Daily Post

Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography.

In computing, unencrypted data is also known asplaintext, and encrypted data is called ciphertext. The formulas used to encode and decode messages are called encryption algorithms, or ciphers.

To be effective, a cipher includes a variable as part of the algorithm. The variable, which is called a key, is what makes a cipher's output unique. When an encrypted message is intercepted by an unauthorized entity, the intruder has to guess which cipher the sender used to encrypt the message, as well as what keys were used as variables. The time and difficulty of guessing this information is what makes encryption such a valuable security tool.

Encryption has been a longstanding way for sensitive information to be protected. Historically, it was used by militaries and governments. In modern times, encryption is used to protect data stored on computers and storage devices, as well as data in transit over networks.

Encryption plays an important role in securing many different types of information technology (IT) assets. It provides the following:

Encryption is commonly used to protect data in transit and data at rest. Every time someone uses an ATM or buys something online with a smartphone, encryption is used to protect the information being relayed. Businesses are increasingly relying on encryption to protect applications and sensitive information from reputational damage when there is a data breach.

There are three major components to any encryption system: the data, the encryption engine and the key management. In laptop encryption, all three components are running or stored in the same place: on the laptop.

In application architectures, however, the three components usually run or are stored in separate places to reduce the chance that compromise of any single component could result in compromise of the entire system.

At the beginning of the encryption process, the sender must decide what cipher will best disguise the meaning of the message and what variable to use as a key to make the encoded message unique. The most widely used types of ciphers fall into two categories: symmetric and asymmetric.

Symmetric ciphers, also referred to as secret key encryption, use a single key. The key is sometimes referred to as a shared secret because the sender or computing system doing the encryption must share the secret key with all entities authorized to decrypt the message. Symmetric key encryption is usually much faster than asymmetric encryption. The most widely used symmetric key cipher is the Advanced Encryption Standard (AES), which was designed to protect government-classified information.

Asymmetric ciphers, also known as public key encryption, use two different -- but logically linked -- keys. This type of cryptography often uses prime numbers to create keys since it is computationally difficult to factor large prime numbers and reverse-engineer the encryption. The Rivest-Shamir-Adleman (RSA) encryption algorithm is currently the most widely used public key algorithm. With RSA, the public or the private key can be used to encrypt a message; whichever key is not used for encryption becomes the decryption key.

Today, many cryptographic processes use a symmetric algorithm to encrypt data and an asymmetric algorithm to securely exchange the secret key.

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted over the internet or any other computer network.

In addition to security, the adoption of encryption is often driven by the need to meet compliance regulations. A number of organizations and standards bodies either recommend or require sensitive data to be encrypted in order to prevent unauthorized third parties or threat actors from accessing the data. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants to encrypt customers' payment card data when it is both stored at rest and transmitted across public networks.

While encryption is designed to keep unauthorized entities from being able to understand the data they have acquired, in some situations, encryption can keep the data's owner from being able to access the data as well.

Key management is one of the biggest challenges of building an enterprise encryption strategy because the keys to decrypt the cipher text have to be living somewhere in the environment, and attackers often have a pretty good idea of where to look.

There are plenty of best practices for encryption key management. It's just that key management adds extra layers of complexity to the backup and restoration process. If a major disaster should strike, the process of retrieving the keys and adding them to a new backup server could increase the time that it takes to get started with the recovery operation.

Having a key management system in place isn't enough. Administrators must come up with a comprehensive plan for protecting the key management system. Typically, this means backing it up separately from everything else and storing those backups in a way that makes it easy to retrieve the keys in the event of a large-scale disaster.

Encryption is an effective way to secure data, but the cryptographic keys must be carefully managed to ensure data remains protected, yet accessible when needed. Access to encryption keys should be monitored and limited to those individuals who absolutely need to use them.

Strategies for managing encryption keys throughout their lifecycle and protecting them from theft, loss or misuse should begin with an audit to establish a benchmark for how the organization configures, controls, monitors and manages access to its keys.

Key management software can help centralize key management, as well as protect keys from unauthorized access, substitution or modification.

Key wrapping is a type of security feature found in some key management software suites that essentially encrypts an organization's encryption keys, either individually or in bulk. The process of decrypting keys that have been wrapped is called unwrapping. Key wrapping and unwrapping activities are usually carried out with symmetric encryption.

Hash functions provide another type of encryption. Hashing is the transformation of a string of characters into a fixed-length value or key that represents the original string. When data is protected by a cryptographic hash function, even the slightest change to the message can be detected because it will make a big change to the resulting hash.

Hash functions are considered to be a type of one-way encryption because keys are not shared and the information required to reverse the encryption does not exist in the output. To be effective, a hash function should be computationally efficient (easy to calculate), deterministic (reliably produces the same result), preimage-resistant (output does not reveal anything about input) and collision-resistant (extremely unlikely that two instances will produce the same result).

Popular hashing algorithms include the Secure Hashing Algorithm (SHA-2 and SHA-3) and Message Digest Algorithm 5 (MD5).

Encryption, which encodes and disguises the message's content, is performed by the message sender. Decryption, which is the process of decoding an obscured message, is carried out by the message receiver.

The security provided by encryption is directly tied to the type of cipher used to encrypt the data -- the strength of the decryption keys required to return ciphertext to plaintext. In the United States, cryptographic algorithms approved by the Federal Information Processing Standards (FIPS) or National Institute of Standards and Technology (NIST) should be used whenever cryptographic services are required.

For any cipher, the most basic method of attack is brute force -- trying each key until the right one is found. The length of the key determines the number of possible keys, hence the feasibility of this type of attack. Encryption strength is directly tied to key size, but as the key size increases, so too do the resources required to perform the computation.

Alternative methods of breaking encryptions include side-channel attacks, which don't attack the actual cipher but the physical side effects of its implementation. An error in system design or execution can enable such attacks to succeed.

Attackers may also attempt to break a targeted cipher through cryptanalysis, the process of attempting to find a weakness in the cipher that can be exploited with a complexity less than a brute-force attack. The challenge of successfully attacking a cipher is easier if the cipher itself is already flawed. For example, there have been suspicions that interference from the National Security Agency (NSA) weakened the DES algorithm. Following revelations from former NSA analyst and contractor Edward Snowden, many believe the NSA has attempted to subvert other cryptography standards and weaken encryption products.

An encryption backdoor is a way to get around a system's authentication or encryption. Governments and law enforcement officials around the world, particularly in the Five Eyes (FVEY) intelligence alliance, continue to push for encryption backdoors, which they claim are necessary in the interests of national safety and security as criminals and terrorists increasingly communicate via encrypted online services.

According to the FVEY governments, the widening gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is "a pressing international concern" that requires "urgent, sustained attention and informed discussion."

Opponents of encryption backdoors have said repeatedly that government-mandated weaknesses in encryption systems put the privacy and security of everyone at risk because the same backdoors can be exploited by hackers.

Recently, law enforcement agencies, such as the Federal Bureau of Investigation (FBI), have criticized technology companies that offer E2EE, arguing that such encryption prevents law enforcement from accessing data and communications even with a warrant. The FBI has referred to this issue as "going dark," while the U.S. Department of Justice (DOJ) has proclaimed the need for "responsible encryption" that can be unlocked by technology companies under a court order.

Australia passed legislation that made it mandatory for visitors to provide passwords for all digital devices when crossing the border into Australia. The penalty for noncompliance is five years in jail.

By 2019, cybersecurity threats increasingly included encryption data on IoT and on mobile computing devices. While devices on IoT often are not targets themselves, they serve as attractive conduits for the distribution of malware. According to experts, attacks on IoT devices using malware modifications tripled in the first half of 2018 compared to the entirety of 2017.

Meanwhile, NIST has encouraged the creation of cryptographic algorithms suitable for use in constrained environments, including mobile devices. In a first round of judging in April 2019, NIST chose 56 lightweight cryptographic algorithms candidates to be considered for standardization. Further discussion on cryptographic standards for mobile devices is slated to be held in November 2019.

In February 2018, researchers at MIT unveiled a new chip, hardwired to perform public key encryption, which consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster.

Because public key encryption protocols in computer networks are executed by software, they require precious energy and memory space. This is a problem in IoT, where many different sensors embedded in products such as appliances and vehicles connect to online servers. The solid-state circuitry greatly alleviates that energy and memory consumption.

The word encryption comes from the Greek word kryptos, meaning hidden or secret. The use of encryption is nearly as old as the art of communication itself. As early as 1900 B.C., an Egyptian scribe used nonstandard hieroglyphs to hide the meaning of an inscription. In a time when most people couldn't read, simply writing a message was often enough, but encryption schemes soon developed to convert messages into unreadable groups of figures to protect the message's secrecy while it was carried from one place to another. The contents of a message were reordered (transposition) or replaced (substitution) with other characters, symbols, numbers or pictures in order to conceal its meaning.

In 700 B.C., the Spartans wrote sensitive messages on strips of leather wrapped around sticks. When the tape was unwound, the characters became meaningless, but with a stick of exactly the same diameter, the recipient could recreate (decipher) the message. Later, the Romans used what's known as the Caesar Shift Cipher, a monoalphabetic cipher in which each letter is shifted by an agreed number. So, for example, if the agreed number is three, then the message, "Be at the gates at six" would become "eh dw wkh jdwhv dw vla." At first glance, this may look difficult to decipher, but juxtaposing the start of the alphabet until the letters make sense doesn't take long. Also, the vowels and other commonly used letters, like t and s, can be quickly deduced using frequency analysis, and that information, in turn, can be used to decipher the rest of the message.

The Middle Ages saw the emergence of polyalphabetic substitution, which uses multiple substitution alphabets to limit the use of frequency analysis to crack a cipher. This method of encrypting messages remained popular despite many implementations that failed to adequately conceal when the substitution changed -- also known as key progression. Possibly the most famous implementation of a polyalphabetic substitution cipher is the Enigma electromechanical rotor cipher machine used by the Germans during World War II.

It was not until the mid-1970s that encryption took a major leap forward. Until this point, all encryption schemes used the same secret for encrypting and decrypting a message: a symmetric key.

Encryption was almost exclusively used only by governments and large enterprises until the late 1970s when the Diffie-Hellman key exchange and RSA algorithms were first published and the first PCs were introduced.

In 1976, Whitfield Diffie and Martin Hellman's paper, "New Directions in Cryptography," solved one of the fundamental problems of cryptography: how to securely distribute the encryption key to those who need it. This breakthrough was followed shortly afterward by RSA, an implementation of public key cryptography using asymmetric algorithms, which ushered in a new era of encryption. By the mid-1990s, both public key and private key encryption were being routinely deployed in web browsers and servers to protect sensitive data.

Read the original:
What is Encryption and How Does it Work? - TechTarget

This week I got an email from a reader with a question:

Im curious: Where do you recommend storage of historical documents such as tax returns, etc. Should I store them locally on a hard drive with a risk of failure or online in a service like Dropbox, with the risk of hacking?

I use the latter with two-step authentication, but Im still unsure.

There are hundreds of ways to safeguard your important data, and we cant come close to talking about them all, so lets concentrate on just a few.

To be clear, we are talking about digital files here, not paper.

As I collected my tax documents this year, about half were digital and half were paper. If you have paper documents to save, you can opt to scan them into PDFs. Ill be reviewing a nice document scanner in a few weeks.

Once you start gathering your important information as digital files, you have some choices to make.

The first (and easiest) choice is to store the files on your computers hard drive.

The danger here is someone else could gain access, either in person or through the internet.

If you dont have separate login accounts for each person in your household, now is the time to create them. If you are storing sensitive files on your PC, youll want to log out when you are not using the computer.

Giving everyone else their own accounts will keep them out of your files.

You can also encrypt your hard drive so that it cant be read even if someone steals your computer and removes the drive.

Mac users can search for File Vault and Windows users can search for BitLocker to read more about whole disk encryption.

You can also search for ways to encrypt folders.

Another option is to save or back up your digital files on USB drives (either flash drives or external hard drives).

It is always a good idea to keep a backup copy of your important files on a separate (removable) drive and store it away from your home. You dont want to lose all your data if your house burns down or your computer gets stolen.

These backup USB drives should also be encrypted.

Encryption lets you open the folders and files, but anyone else needs a password.

As for cloud storage services like DropBox, Google Drive or Microsoft OneDrive, you can store your documents there, but you should think about how you use those services.

Most people log into a cloud storage service and let their browser or operating system save their credentials to make it easier to log in (or to stay logged in).

You should always log out of those services when you are finished accessing the files.

That way you must log in each time.

You should also enable two-factor authentication, which is another level of protection.

With two-factor, youll enter your cellphone number during setup. Any time you want to log into the cloud storage, youll be texted a code that youll have to enter along with your usual password.

If there is one lesson here, remember that its not enough to save your files and to back them up. You need to encrypt those files to make it almost impossible for others to open them and set up two-factor authentication wherever you can.

Read this article:
Here are the best ways to keep your digital files safe - The Dallas Morning News