The Internet is a scary place.
Between the NSA, malicious hackers, competitor spies, and even rogue employees, it’s hard to imagine how your company’s data could ever stay safe.
In 2013 alone, 63,437 data breaches occurred, and 1,367 of them resulted in data loss. You might think your company is safe because you don’t work in the government, tech, finance, or health sectors, but these breaches occurred across a wide array of industries, from education to manufacturing to mining.
Target, eBay, and Sally Beauty Supply have all been victims of highly publicized breaches.P.F. Chang’s China Bistro joined the list in June with reports that it’s investigating the theft of information from thousands of customers’ credit cards. The effects of these breaches can be catastrophic.
Target’s former CEO Gregg Steinhafel resigned from his position in part due to the severity of the breach. DigiNotar, a Dutch certificate authority, fell victim to bankruptcy due to a major hack attack during the summer of 2011. Lax security and mismanagement have led to many companies folding. According to the British Chamber of Commerce, 93 percent of businesses that suffer data loss for more than 10 days file for bankruptcy within just a year.
With so many risks, it’s important for CEOs in all industries to stay on top of encryption technology because it’s still one of the best ways to protect your customers and employees. Failing to address this issue could be a company killer.
Here are four encryption terms you should familiarize yourself with to help you know how to best protect your company’s data:
1. Hashing
Hashing is a process that creates a unique, fixed-length signature for a data set. Each hash is unique to a specific message and is comprised of a seemingly random set of letters, numbers, and special characters.
Once data is hashed, it can’t be reversed or deciphered. Although not technically an encryption method in itself, it’s useful in proving that data hasn’t been tampered with. Changing just one letter in a 1,000-word email, for example, would change the hash completely, making it a worthwhile way to keep tabs on your data. This is also a great tool for handling PII. Researching the benefits of hashing PII data can allow your marketing team the power of big data without the exposure of data privacy.
2. Symmetric (Private-Key) Encryption
Symmetric-key encryption — or private-key cryptography — is a method in which the sender and receiver of the data use the same key. This means a single key is used to encode data on one end and decode it on the other end. As long as the key isn’t compromised, symmetric encryption is an efficient way to encrypt data between two parties.
Private-key encryption systems are often faster than other types, but they can be cumbersome when more than two parties need to exchange information. A symmetric key must be kept secret and transmitted in a way that can’t be intercepted. The easiest way to guarantee this is to distribute the key in person. Once you have a key, keeping it secure is simply a matter of keeping it on a USB drive or password protecting it on your computer. Just remember that as long as the key is on a machine connected to the Internet, it’s vulnerable.
3. Asymmetric (Public-Key) Encryption
On the other hand, asymmetric-key encryption — or public-key cryptography — uses two keys for the encryption and decryption process, making it potentially more secure. With asymmetric encryption, each party has both a public and private key. Both parties exchange public keys and then use their individual private keys to decode messages or data encrypted with their public key.
This encryption method is more common, especially in e-commerce. Specifically, it’s the basis for SSL, the common tool we rely on for all Internet commerce. Based on public certification, we’re able to have a global infrastructure that allows us to be able to share private data. Public-key encryption systems are widely available on the Internet and heavily used by large companies.
Any environment that has a secret is an environment that can lose the secret. Current technologies are mixing encryption methods to create even safer environments. Asymmetric encryption is based on public certificates, but even public certificates can be compromised. By wrapping technologies like KSI around PKI, SSL, or other certification-based encryption methods, you’re adding another layer of trust. This will be critical for certification and key management as these repositories become cumbersome and difficult to manage.
4. Quantum Technology
As Dan Kaufman, of the Defense Advanced Research Projects Agency, discussed at Gigaom’s Structure conference, Homomorphic encryption is gaining ground as an even more secure method. In most cases, encrypted data needs to be decrypted at some point so that either people or systems can use it. However, homomorphic encryption allows the data to remain encrypted even as it’s being used. This would essentially make various forms of data even more difficult for a hacker to access. As the Internet of Things becomes more of a reality, this level of encryption will become more necessary for data interactions.
Quantum computing is a major encryption killer on the horizon. The ability to process a nearly infinite amount of possibilities in a mere second could render modern encryption obsolete within just a few years.
As a CEO, you have a fiduciary, and often regulatory, responsibility to manage data and risk for your company. Ignorance of the law is no longer an excuse. Data theft and tampering have disrupted every sector, and the threats to data security simply can’t be ignored.
Encryption is the first step toward protecting your customers, employees, and your company’s proprietary information. Whatever method you choose, pick one that’s tailored to your company’s unique needs. It might just prevent your company from experiencing a data disaster.
Daniel Riedel is the CEO of New Context, a systems architecture firm founded to optimize, secure, and scale enterprises. New Context provides systems automation, cloud orchestration, and data assurance through software solutions and consulting. Daniel has experience in engineering, operations, analytics, and product development. Previously, he founded a variety of ventures that worked with companies such as Disney, AT&T, and the National Science Foundation.
Image Credit: Shutterstock.com
