Today, we use encryption to secure sensitive data. It’s common to see encryption and cryptography used interchangeably, but it’s important to understand the difference between the two.
Cryptography vs. Encryption
Cryptography is the science of secret communications. Encryption, which is a form of cryptography, provides a standard and methodology for encoding and decoding data in a reliable manner.
An easy form of cryptography to decode is pig Latin: Oday ouyay understandway ethay ordsway I’mway ayingsay?
You can probably figure out the original message when hearing pig Latin. These types of hidden codes are fun in social situations and effective for internal company communication. For instance, it’s common in retail to hear codes blasted over the intercom to warn staff of possible shoplifters or for hospital personnel to use codes to communicate without alarming patients (e.g., “code blue” to indicate cardiac or respiratory arrest).
This type of cryptography wouldn’t work to encrypt your data, however. For cryptography to be effective, you need a complicated algorithm rather than a simple key. This is where encryption comes into play.
Unlike a password that you have to create and memorize, encryption algorithms are premade by some of the greatest mathematical minds in the world. The government set a FIPS 140-2 standard to help businesses dealing with sensitive data choose the encryption necessary for PCI and HIPAA HITECH compliance. This means there’s a slew of encryption algorithms available for you to encrypt your data.
Why Businesses Need Encryption
The massive recent data breaches that affected Target’s and eBay’s customers underscore the importance of encryption for all businesses that handle personal information.
While it’s possible to simply encrypt user access and rely on basic cryptography for your data, your data is still at risk. Sony, for example, didn’t encrypt each cell in its database, so once the initial encryption was broken, intruders had access to all its customer data.
Modern data security laws require that a company notify its customer when customers’ information may have been breached. That’s not just limited to a successful theft event. Simply losing a laptop containing sensitive data is enough to legally qualify as a data breach.
Part of the data breach law requirement is that you put out a press release highlighting your mistakes. In this digital age where you can easily find information about anyone, do you think new customers will come to you when the first thing they find out about your business is information about a negligent data breach?
Customer security and public perception aren’t the only reasons to encrypt your data, though. Malware, hackers, and viruses can make your systems unusable, which can disrupt your operations if they gain access.
Security Can Be Expensive
Security is a necessity, and you should be prepared to spend according to the sensitivity of your data. Some algorithms come with royalty expenses. Elliptic curve cryptography is a trusted algorithm used on some mobile phones, since it provides a high level of encryption in an efficient mathematical manner that doesn’t drain battery life. However, this algorithm comes at a price, and consumers pay this royalty fee when purchasing certain smartphone models.
There’s also the expense of deploying, managing, and training your staff on encryption products. The common person, and even many tech folks, may be intimidated by the terms and processes necessary to encrypt and decrypt data. If implemented correctly, however, few people within your organization should ever have to deal with encryption keys.
While cryptography is a fun way to fool your friends, your business should rely on more than simple tricks and static keys to secure information. You should use the most sophisticated encryption you can afford to protect your data. Your customers will thank you.