Category Archives: Encryption

What Is Encryption? Definition, How it Works, & Examples – eSecurityPlanet

Posted on by

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. This guide will provide a high level overview of encryption and how it fits into IT through the following topics:

To understand how encryption works, we need to understand how it fits into the broader realm of cryptology, how it processes data, common categories, top algorithms, and how encryption fits into IT security.

The science of cryptography studies codes, how to create them, and how to solve them. The codes created in cryptographic research are called cryptographic algorithms, or encryption algorithms, and the process of applying those algorithms to data is called encryption. Decryption describes the process of applying algorithms to return the encrypted data, or ciphertext, to readable form, or plaintext.

A visual diagram showing the relationship between cryptography and cryptanalysis.

Encryption algorithms use math to transform plaintext data into ciphertext. While the math remains the same, unique cryptographic keys generate unique ciphertext. Cryptographic keys can be random numbers, products of large prime numbers, points on an ellipse, or a password generated by a user.

In general, the more bits used and the more complex the process, the stronger the encryption will be. Encryption algorithms define the following:

Algorithms can also specify more complex techniques, such as padding blocks, key size variations, and processing a mix of encrypted and unencrypted data simultaneously.

The two main types of encryption categories are symmetric and asymmetric.

Symmetric encryption uses a single key to encrypt and decrypt data. Symmetric encryption will typically be used for local encryption (drives, files, databases, etc.) and data transmission (Wi-Fi router algorithms, transport layer security [TLS], etc.); however, to share data with another person, organization, or application, the encryption key must also be shared which exposes the key to theft.

Asymmetric cryptography uses a public key and a private key to enable more secure sharing. Data encrypted with one key cannot be decrypted using the same key, so the public key can be freely published without exposing the private key. The use cases for asymmetric encryption include:

Encryption algorithms define the transformation of data in terms of math and computer processes. These algorithms will constantly be tested to probe for weaknesses, and algorithms found weak to attack will be replaced. Currently, the top four algorithms include AES, Blowfish, ECC, and RSA.

AES or the Advanced Encryption Standard was adopted in 2001 by the US National Institute of Standards and Testing (NIST) as the standard for symmetric encryption. The algorithm allows for variable key sizes and variable rounds to increase randomness and security. AES encryption can be commonly found in communication protocols, virtual private network (VPN) encryption, full-disk encryption, and Wi-Fi transmission protocols.

Blowfish provides a public-domain alternative to AES symmetric encryption. It is commonly incorporated into open-source applications and operating systems and will commonly be used in file and folder encryption. While the more robust Twofish algorithm is available to replace Blowfish, the Twofish algorithm has not been widely adopted.

ECC, or elliptic-curve cryptography, creates an asymmetric encryption standard that uses elliptic curves to generate public and private keys. While not as popular as the RSA standard (see below), ECC can generate equivalent encryption strength with smaller key sizes, which enables faster encryption and decryption. ECC is used for email encryption, cryptocurrency digital signatures, and internet communication protocols.

RSA, or the Rivest, Shamir, and Adleman algorithm, provided the first asymmetric key adopted for use and remains very popular today. The algorithm uses very large prime numbers and key sizes of 2,048-4,096 bits. RSA remains commonly used in secure messaging, payment applications, and encryption of smaller files.

All four of these algorithms are expected to be broken by techniques that use quantum computing, so quantum-resistant algorithms are in development to provide encryption solutions for the future. For those interested in more detail, other algorithms, and other types of encryption, consider reading Types of Encryption, Methods & Use Cases.

Fundamental protocols incorporate encryption to automatically protect data and include internet protocol security (IPSec), Kerberos, Secure Shell (SSH), and the transmission control protocol (TCP). Encryption can also be found incorporated into a variety of network security and cloud security solutions, such as cloud access security brokers (CASB), next-generation firewalls (NGFW), password managers, virtual private networks (VPN), and web application firewalls (WAF).

Specialized encryption tools can be obtained (some are free or open source) to enable specific types of encryption. More complex commercial tools provide a variety of encryption solutions or even end-to-end encryption.

Key categories for encryption tools include:

Encryption can be applied to protect data but relies upon the rest of the security stack to protect the encryption keys, computers, and network equipment used to encrypt, decrypt, and send encryption-protected data. Organizations should apply encryption solutions that enhance and complement existing cybersecurity solutions and strategies.

Encryption plays many roles in protecting data within the IT environment, but all uses provide three key advantages: compliance, confidentiality, and integrity.

Many compliance standards require some form of encryption for data at rest and many also specify requirements for the transmission of data. For example,

Organizations need to select the appropriate encryption solution to protect regulated data where it resides (at rest) or flows (in transit) through the organization. This may require a robust encryption tool or a combination of specialized encryption tools and other security solutions.

Encryption protects all data:

End-to-end encryption is a term used to describe two very different types of encryption. The first is data encrypted throughout the lifecycle of use, which is currently more of a goal than a common practice. The second is data encrypted throughout a transmission from one device to another.

All types of encryption protect an organization against data breaches stemming from cyberattacks or even a lost laptop. Encryption renders data unreadable to attackers and unauthorized users to preserve the confidentiality of the information.

When receiving data, an organization needs to know if it can be trusted with regards to its origin and accuracy. Transmission protocols use encryption to protect against data tampering and interception in transit. Encryption protocols can also verify the authenticity of sources and prevent a sender from denying they were the origin of a transmission.

For example, the Hypertext Transfer Protocol Secure (HTTPS) protocol enables secure web connections that provide both security and integrity for connections. Such secured and encrypted connections protect both consumers and organizations against fraud and enable secure e-commerce transactions.

Encryption plays a critical role in security; however, constant attacks magnify errors and attackers can also turn encryption against an organization. To effectively deploy encryption, organizations must address the challenges of capacity constrained encryption, cracked encryption, human error, key management, and malicious encryption.

Encryption adds overhead to operations and can be very computational resource-intensive to execute. Yet, Internet of Things (IoT) devices tend to be designed with the minimum computing resources required to accomplish the designed task of the device (security camera, printer, TV, etc.).

While less computationally constrained than IoT, mobile devices constrain computations to avoid consuming power and draining battery life. Yet as they become more universal, both IoT and mobile devices are increasingly targeted by attackers.

NIST continues to encourage the development of lightweight cryptography that can be used in constrained environments and researchers also continue to explore new types of hardware (microchips, architecture, etc.) that can perform encryption using less power and memory.

Until these solutions become widely available, organizations will need to recognize that encryption may not be deployed equally on mobile and IoT devices. Compensating controls may need to be added to these devices (and further add operational overhead), or regulated and sensitive data will need to be blocked from access for these devices.

While mobile devices and IoT remain the current focus of research, capacity constraint can also apply to under-provisioned endpoints, servers, and containers. Processing encryption will add significant computing overhead and both security and operations need to be sure to consider current resource constraints when they select encryption solutions.

Good encryption practices can be rendered useless by flawed algorithms, brute computing force, and intentionally weakened algorithms. In each of these cases, the cracked encryption can lead to leaked data, but the nature of the risk remains distinct.

As cryptography develops, the weaknesses of older encryption algorithms become exposed. New encryption algorithms will be developed to replace the older algorithms, yet organizations and tools can lag behind the developing edge of encryption, posing a risk of future data leaks.

For example:

Although replaced and no longer intended for use, organizations with older data repositories or older equipment may discover obsolete encryption standards still in use. While discovery and elimination of obsolete and flawed encryption algorithms can be difficult, ignoring obsolete encryption leaves open back doors to the data protected by the weak algorithms.

Encryption algorithms use math to lock the data, but computers can be used to attack that math with brute force computing power. Weak passwords and short key lengths often allow quick results for brute force attacks that attempt to methodically guess the key to decrypt the data.

Modern encryption algorithms use layered keys and enormous key lengths based upon prime numbers to make most brute force attacks infeasible. Even with cloud-scale resources, it would take years of applying expensive computing power against the algorithms to produce results. However, the rise of quantum computing threatens to enable rapid breaking of our current encryption codes.

To address this challenge, organizations must first ensure that their users do not use weak passwords or short key lengths vulnerable to current brute force attacks. Second, they must explore options for quantum-resistant computing as they become available for their most sensitive data.

Lastly, data stolen today may remain uncrackable for a decade or more, but quantum computing may break those passwords in the future. Organizations must continue to harden their overall security to prevent all data breaches and avoid reliance on encryption for protection.

Learn more about cryptanalytic threats with Rainbow Table Attacks and Cryptanalytic Defenses.

Governments and law enforcement officials around the world, particularly in the Five Eyes (FVEY) intelligence alliance, push for encryption backdoors in the interests of national safety and security. The increase in encrypted online communication by criminal and terrorist organizations provides the excuse to intentionally add flaws or special decryption capabilities for governments.

Opponents of encryption backdoors repeatedly complain that government-mandated encryption flaws put all privacy and security at risk because the same backdoors can also be exploited by hackers, unethical governments, and foreign adversaries. While commercial tools officially resist and deny adding backdoors, most organizations will lack the resources to investigate their encryption tools for intentional weaknesses.

Meanwhile, law enforcement agencies, such as the Federal Bureau of Investigation (FBI), have criticized technology companies that offer end-to-end encryption, arguing that such encryption prevents law enforcement from accessing data and communications even with a warrant. The FBI has referred to this issue as going dark, while the U.S. Department of Justice (DOJ) has proclaimed the need for responsible encryption that can be unlocked by technology companies under a court order.

Pressure on both professional and personal encryption can also be seen in government legislation. In 2018, Australia passed a Telecommunications and Other Legislation Amendment that permits a five-year jail penalty to be applied to visitors that refuse to provide passwords for all digital devices when crossing the border into Australia.

Organizations can do little to defend against intentionally weakened algorithms but can attempt to use multiple types of encryption to decrease risk. However, these additional encryption steps will only prevent unauthorized access in a technical sense and will not diminish any legal risks related to government inquiries.

Human error remains a critical threat to every layer of security, including encryption. Even future quantum-resistant encryption algorithms will be vulnerable to an encryption key that is published to GitHub, attached to an email sent to the wrong recipients, or accidentally deleted.

Most errors can be classified as badly selected passwords, lost encryption keys, or poor encryption key protection.

Badly selected passwords apply primarily to symmetric encryption algorithms used to protect Wi-Fi networks or encrypt files and folders. Users tend to reuse passwords or use easy-to-remember passwords that can be easily guessed or cracked using brute force attacks.

While potentially acceptable for non-critical information, badly selected passwords need to be detected and changed before attackers can exploit them. Organizations need to apply internal brute force attacks against encryption protecting regulated and critical information to ensure their safety.

To help guard against bad passwords, an organization can centrally manage passwords and provide password manager solutions to employees. However, as the passwords become more centrally controlled, attackers will shift focus to attacking central repositories and additional layers of security should be applied to the repository defense.

Lost encryption keys simply destroy access to data. While it is technically possible to decrypt the data without possessing the lost encryption key, significant computational resources and skills would be required if the encryption system was designed properly.

The distribution of encryption tools to employees must be accompanied by training and warnings regarding lost keys. Lost keys can be mitigated by centralized controls and prevention of the download and use of unauthorized encryption software.

Poor encryption key protection causes a different problem by exposing the key to public access or leaking the key to potential attackers. Organizations need to track encryption keys to even deploy data loss protection (DLP) solutions to detect accidental key disclosure.

Centrally managed encryption can help protect against both lost and accidentally exposed keys by placing key management in the hands of experts trained to protect their integrity. Organizations should consider how key management practices can support the recovery of encrypted data if a key is lost or destroyed. Similarly, organizations should manage the distribution and availability of encryption keys to help limit the risk of disclosure.

Keys should be stored in a protected and isolated repository protected by identity and access management (IAM) tools, privileged access management (PAM) tools, multi-factor authentication (MFA), or even zero trust architecture. Some organizations will further enhance encryption key protection and management by enclosing them in an encrypted container (key wrapping) or with the use of encryption key management tools.

Over time, the regular distribution of data encrypted with a specific encryption key increases the probability of success for brute force attacks. If an attacker can gather a large number of files encrypted with the same key, they gain data points that can be used to improve the efficiency of attack. Similarly, over time, the risk of accidental disclosure of keys will steadily increase.

To counter these risks, organizations must practice effective encryption key management. Encryption key management relies primarily on effective encryption key storage (covered above) and encryption key rotation.

Key rotation, or the periodic replacement of encryption keys, reduces the likelihood of success for brute force attacks by creating moving targets for decryption. Using different keys or replacing encryption keys strengthens the capability of encryption to protect data over the long term.

However, key rotation also adds complexity. First, disaster recovery efforts will often be prolonged by key retrieval and decryption processes. Second, encryption key rotation can render data stored in backups or on removable media inaccessible. Previous keys will need to be tracked and retained to enable the decryption of older data encrypted with those keys.

While most challenges involve the organizations strategy and operational use of encryption for security, attackers also use encryption maliciously during cyberattacks. An organization must monitor and attempt to inspect encrypted traffic and the use of encryption software throughout the organization to detect malicious activity.

Two common examples of the use of malicious encryption include ransomware and encrypted communications with command and control servers. Ransomware attackers will use encryption programs to lock hard drives, folders, and data to prevent legitimate access.

Better antivirus (AV), endpoint detection and response (EDR), and extended detection and response (XDR) solutions can detect and block some attacks. However, many effective ransomware attacks use legitimate encryption tools in their attacks to impersonate authorized activity and complicate detection.

Command and control attacks similarly impersonate legitimate traffic that uses encrypted protocols such as TLS to avoid firewall inspections. Next-generation firewalls (NGFW) and secure web gateways (SWG) can inspect traffic flowing through their solution to offer some protection against this type of attack.

The use of cryptology predates computers by several thousand years. Julius Caesar used one of the earliest documented codes, the Caesar Shift Cipher, to send secret messages to Roman troops in remote locations.

The code required an alphabetic shift of a message by a separately agreed-upon number of letters. For example, attack in three days shifted by 5 letters would be written as fyyfhp ns ymwjj ifdx. Early text shift ciphers such as these proved effective until the development of text analysis techniques that could detect the use of the most commonly used letters (e, s, etc.).

Modern cryptography developed in the early 1970s with the development of the DES, Diffie-Hellman-Merkle (DHM), and Rivest-Shamir-Adleman (RSA) encryption algorithms. Initially, only governments pursued encryption, but as networks evolved and organizations adopted internet communications for critical business processes, encryption became essential for protecting data throughout all public and private sectors.

As flaws in these pioneering algorithms became known, cryptologists developed new techniques to make encryption more complicated and incorporated them into new algorithms and even new classifications of algorithms, such as asymmetric encryption. Todays standard encryption algorithms, such as AES or ECC, will be replaced by new technologies more capable of resisting the increasing power of cloud and quantum computing that can be applied to break encryption codes.

Despite many regulations that require encryption and over 50 years of availability, encryption remains sparsely adopted. A study by Encryption Consulting found that only 50% of global enterprises adopt an enterprise encryption strategy and only 47% protect cloud-hosted and sensitive data with encryption.

Enterprises represent the largest, best funded organizations, so this poor adoption rate implies the great expense or great effort required to deploy encryption. Not true! Adopting and incorporating encryption does not require a huge budget. Even the smallest organization can take advantage of low and no-cost encryption software or use built-in encryption features in operating systems and other security tools.

Adopting encryption will require some effort, but the benefits far outweigh the challenges. Todays widespread dispersion of data and intense cyberattack environment make a data breach nearly inevitable. Organizations of all sizes need encryption to provide the final safeguards to limit the financial impact of leaked data.

This article was originally written by Fred Donavan and published on May 5, 2017. It was updated by Chad Kime on December 7, 2023.

The rest is here:
What Is Encryption? Definition, How it Works, & Examples - eSecurityPlanet

What Is Encryption? – Definition, Types & More | Proofpoint US

Posted on by

Triple DES Encryption

Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm, which hackers easily defeated. At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry.

Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts say 112 bits in key strength is more like it.

Though it is slowly being phased out, Triple DES is still a dependable hardware encryption solution for financial services and other industries.

RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet. It is also one of the methods used in PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) programs.

Unlike Triple DES, RSA is considered an asymmetric encryption algorithm because it uses a pair of keys. The public key encrypts a message, and a private key decrypts it. It takes attackers quite a bit of time and processing power to break this encryption code.

The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. government and many other organizations.

Although it is extremely efficient in 128-bit form, AES encryption also uses keys of 192 and 256 bits for heavy-duty encryption.

Blowfish is a symmetric encryption algorithm used to encrypt and decrypt data. Its known for its high speed and efficiency, and it is often used in software applications that require fast encryption and decryption.

A symmetric encryption algorithm similar to Blowfish but considered more secure, Twofish is commonly used in software applications requiring high levels of security, such as financial and healthcare applications.

Also a symmetric encryption algorithm, RC4 is widely used in software applications that require fast encryption and decryption. However, RC4 is now considered insecure and is no longer recommended.

The rest is here:
What Is Encryption? - Definition, Types & More | Proofpoint US

Encryption, Its Algorithms And Its Future – GeeksforGeeks

Posted on by

Encryption in cryptography is a process by which a plain text or a piece of information is converted into cipher text or a text which can only be decoded by the receiver for whom the information was intended. The algorithm that is used for the process of encryption is known as cipher. It helps in protecting consumer information, emails and other sensitive data from unauthorized access to it as well as secures communication networks. Presently there are many options to choose and find out the most secure algorithm which meets our requirements. There are four such encryption algorithms that are highly secured and are unbreakable.

RSA is an asymmetric key algorithm which is named after its creators Rivest, Shamir and Adleman. The algorithm is based on the fact that the factors of large composite number is difficult: when the integers are prime, this method is known as Prime Factorization. It is generator of public key and private key. Using public key we convert plain text to cipher text and private key is used for converting cipher text to plain text. Public key is accessible by everyone whereas Private Key is kept secret. Public Key and Private Key are kept different.Thus making it more secure algorithm for data security.

Twofish algorithm is successor of blowfish algorithm. It was designed by Bruce Schneier, John Kesley, Dough Whiting, David Wagner, Chris Hall and Niels Ferguson. It uses block ciphering It uses a single key of length 256 bits and is said to be efficient both for software that runs in smaller processors such as those in smart cards and for embedding in hardware .It allows implementers to trade off encryption speed, key setup time, and code size to balance performance. Designed by Bruce Schneiers Counterpane Systems, Twofish is unpatented, license-free, and freely available for use.

Advance Encryption Standard also abbreviated as AES, is a symmetric block cipher which is chosen by United States government to protect significant information and is used to encrypt sensitive data of hardware and software. AES has three 128-bit fixed block ciphers of keys having sizes 128, 192 and 256 bits. Key sizes are unlimited but block size is maximum 256 bits.The AES design is based on a substitution-permutation network (SPN) and does not use the Data Encryption Standard (DES) Feistel network.

Future Work: With advancement in technology it becomes more easier to encrypt data, with neural networks it becomes easier to keep data safe. Neural Networks of Google Brain have worked out to create encryption, without teaching specifics of encryption algorithm. Data Scientist and Cryptographers are finding out ways to prevent brute force attack on encryption algorithms to avoid any unauthorized access to sensitive data.

Last Updated : 25 Jul, 2019

Like Article

Save Article

Share your thoughts in the comments

Read more:
Encryption, Its Algorithms And Its Future - GeeksforGeeks

What is Encryption and how does it work? | OpenText

Posted on by

How does encryption work?

Encryption uses a cipher (an encryption algorithm) and an encryption key to encode data into ciphertext. Once this ciphertext is transmitted to the receiving party, a key (the same key, for symmetric encryption; a different, related value, for asymmetric encryption) is used to decode the ciphertext back into the original value. Encryption keys work much like physical keys, which means that only users with the right key can unlock or decrypt the encrypted data.

Encryption vs. tokenization

Encryption andtokenizationare related data protection technologies; the distinction between them has evolved.

In common usage, tokenization typically refers to format-preserving data protection: data protection that substitutes a token a similar-looking but different value for individual sensitive values. Encryption typically means data protection that converts data one or more values, or entire data sets into gibberish that looks very different from the original.

Tokenization may be based on various technologies. Some versions useformat-preserving encryption, such as NIST FF1-mode AES; some generate random values, storing the original data and the matching token in a secure token vault; others produce tokens from a pre-generated set of random data. Following the definition of encryption above, tokenization of any sort is clearly a form of encryption; the difference is tokenizations format-preserving attribute.

Encryption plays a vital role in protecting sensitive data that is transmitted over the Internet or stored at rest in computer systems. Not only does it keep the data confidential, but it can authenticate its origin, ensure that data has not changed after it was sent, and prevent senders from denying they sent an encrypted message (also known as nonrepudiation).

In addition to the robust data privacy protection it provides, encryption is often necessary to uphold compliance regulations established by multiple organizations or standards bodies. For example, the Federal Information Processing Standards (FIPS) are a set of data security standards that U.S. government agencies or contractors must follow per theFederal Information Security Modernization Act of 2014(FISMA 2014). Within these standards,FIPS 140-2requires the secure design and implementation of a cryptographic module.

Another example is thePayment Card Industry Data Security Standard(PCI DSS). This standard requires merchants to encrypt customer card data when it is stored at rest, as well as when transmitted across public networks. Other important regulations many businesses must follow includeThe General Data Protection Regulation (GDPR)and theCalifornia Consumer Privacy Act of 2018 (CCPA).

There are two main types of encryption: symmetric and asymmetric.

Symmetric encryption

Symmetric encryption algorithms use the same key for both encryption and decryption. This means that the sender or computer system encrypting the data must share the secret key with all authorized parties so they can decrypt it. Symmetric encryption is typically used for encrypting data in bulk, as it is usually faster and easier to implement than asymmetric encryption.

One of the most widely used symmetric encryption ciphers is the Advanced Encryption Standard (AES), defined as a U.S. government standard by theNational Institute of Standards and Technology (NIST)in 2001. AES supports three different key lengths, which determine the number of possible keys: 128, 192, or 256 bits. Cracking any AES key length requires levels of computational power that are currently unrealistic and unlikely ever to become so. AES is widely used worldwide, including by government organizations like the National Security Agency (NSA).

Asymmetric encryption

Asymmetric encryption, also known as public key encryption, uses two distinct but mathematically linked keys a public key and a private key. Typically, the public key is shared publicly and is available for anyone to use, while the private key is kept secure, accessible only to the key owner. Sometimes the data is encrypted twice: once with the senders private key and once with the recipients public key, thus ensuring both that only the intended recipient can decrypt it and that the sender is who they claim to be. Asymmetric encryption is thus more flexible for some use cases, since the public key(s) can be shared easily; however, it requires more computing resources than symmetric encryption, and these resources increase with the length of data protected.

A hybrid approach is thus common: a symmetric encryption key is generated and used to protect a volume of data. That symmetric key is then encrypted using the recipients public key, and packaged with the symmetrically encrypted payload. The recipient decrypts the relatively short key using asymmetric encryption, and then decrypts the actual data using symmetric encryption.

One of the most widely used asymmetric encryption ciphers is RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman in 1977. RSA remains one of the most widely used asymmetric encryption algorithms. Like all current asymmetric encryption, the RSA cipher relies on prime factorization, which involves multiplying two large prime numbers to create an even larger number. Cracking RSA is extremely difficult when the right key length is used, as one must determine the two original prime numbers from the multiplied result, which is mathematically difficult.

Like many othercybersecurity strategies, modern encryption can have vulnerabilities. Modern encryption keys are long enough that brute-force attacks trying every possible key until the right one is found are impractical. A 128-bit key has 2128 possible values: 100 billion computers each testing 10 billion operations per second would take over a billion years to try all of these keys.

Modern cryptographic vulnerabilities typically manifest as a slight weakening of the encryption strength. For example, under certain conditions, a 128-bit key only has the strength of a 118-bit key. While the research that discovers such weaknesses are important in terms of ensuring encryption strength, they are not significant in real-world use, often requiring unrealistic assumptions such as unfettered physical access to a server. Successful attacks on modern strong encryption thus center on unauthorized access to keys.

Data encryption is a key element of a robust cybersecurity strategy, especially as more businesses move towards the cloud and are unfamiliar with cloud security best practices.

Cybersecurity, a OpenText line of business, and its Voltage Data Privacy and Protection portfolio enable organizations to accelerate to the cloud, modernize IT, and meet the demands of data privacy compliance with comprehensivedata encryption softwarelike Voltage SecureData by OpenText and Voltage SmartCipher. CyberRes Voltage portfolio solutions enable organizations to discover, analyze, and classify data of all types to automate data protection and risk reduction. Voltage SecureData provides data-centric, persistent structured data security, while Voltage SmartCipher simplifies unstructured data security and provides complete visibility and control over file usage and disposition across multiple platforms.

Email encryption

Email continues to play a fundamental role in an organizations communications and day to day business and represents a critical vulnerability in its defenses. Too often, the sensitive data being transmitted via email is susceptible to attack and inadvertent disclosure.Email encryptionrepresents a vital defense in addressing these vulnerabilities.

In highly regulated environments such ashealthcareandfinancial services,compliance is mandatory but difficult for companies to enforce. This is especially true with email because end-users strongly resist any changes to their standard email workflow. SecureMail delivers a simple user experience across all platforms including computers, tablets, and native mobile platform support with full capability to send secure, originate, read, and share messages. Within Outlook, iOS, Android, and BlackBerry, for example, senders can access their existing contacts and simply click a Send Secure button to send an encrypted email. The recipient receives secure messages in their existing inbox, just as they would with clear text email

Encrypting big data, data warehouses and cloud analytics

Unleash the power of big data security, use continuous data protection for privacy compliance, and enable high-scale secure analytics in the cloud and on-premises. Companies are increasingly shifting their workloads and sensitive data into the cloud,transforming their IT environments to hybrid or multicloud. TheCloud Analytics Market size is set to grow from USD 23.2 billion in 2020 to USD 65.4 billion by 2025v, according to a market research report published by MarketsandMarkets.

Voltage for Cloud Analyticshelps customers reduce the risk of cloud adoption by securing sensitive data in cloud migration and safely enables user access and data sharing for analytics. The encryption and tokenization technologies help customers comply with privacy requirements by discovering and protecting regulated data at rest, in motion and in use in cloud warehouses and applications. These solutions also minimize multi-cloud complexity by centralizing control with data-centric protection that secures sensitive data wherever it flows across multi-cloud environments.

Integration of with cloud data warehouses (CDWs), such asSnowflake, Amazon Redshift, Google BigQuery, and Azure Synapse, enables customers to conduct high-scale secure analytics and data science in the cloud using format-preserved, tokenized data that mitigates the risk of compromising business-sensitive information while adhering to privacy regulations.

PCI security compliance and payment security

Enterprises, merchants, and payment processors face severe, ongoing challenges securing their networks and high-value sensitive data, such as payment cardholder data, to comply with the Payment Card Industry Data Security Standard (PCI DSS)and data privacy laws. Simplify PCI security compliance and payment security in your retail point-of-sale, web, and mobile eCommerce site with our format-preserving encryption and tokenization.

Voltage Secure Stateless Tokenization (SST)is an advanced, patented, data security solution that provides enterprises, merchants, and payment processors with a new approach to help assure protection for payment card data. SST is offered as part of the SecureData Enterprise data security platform that unites market-leading Format-Preserving Encryption (FPE), SST, data masking, and Stateless Key Management to protect sensitive corporate information in a single comprehensive solution.

Protect POS payments data

Encrypt ortokenize retail point-of-sale credit card dataupon card swipe, insertion, tap, or manual entry.

SST payment technology

Our Voltage Secure Stateless Tokenization (SST)enables payments data to be used and analyzed in its protected state.

Protect web browser data

Voltage SecureData Webby OpenText encrypts or tokenizes payment data as it is entered in the browser, reducing PCI audit scope.

PCI security for mobile

Voltage SecureData Mobileby OpenText offers PCI security for data captured on a mobile endpoint throughout the payment flow.

The rest is here:
What is Encryption and how does it work? | OpenText

Cryptography | NIST – National Institute of Standards and Technology

Posted on by

Cryptography uses mathematical techniques to transform data and prevent it from being read or tampered with by unauthorized parties. That enables exchanging secure messages even in the presence of adversaries. Cryptography is a continually evolving field that drives research and innovation. The Data Encryption Standard (DES), published by NIST in 1977 as aFederal Information Processing Standard(FIPS), was groundbreaking for its time but would fall far short of the levels of protection needed today.

As our electronic networks grow increasingly open and interconnected, it is crucial to have strong, trusted cryptographic standards and guidelines, algorithms and encryption methods that provide a foundation for e-commerce transactions, mobile device conversations and other exchanges of data. NIST has fostered the development of cryptographic techniques and technology for 50 years through an open process which brings together industry, government, and academia to develop workable approaches to cryptographic protection that enable practical security.

Our work in cryptography has continually evolved to meet the needs of the changing IT landscape. Today, NIST cryptographic solutions are used in commercial applications from tablets and cellphones to ATMs, to secure global eCommcerce, to protect US federal information and even in securingtop-secret federal data. NIST looks to the future to make sure we have the right cryptographic tools ready as new technologies are brought from research into operation. For example, NIST is now working on a process to develop new kinds of cryptography to protect our data when quantum computing becomes a reality. At the other end of the spectrum, we are advancing so-called lightweight cryptography to balance security needs for circuits smaller than were dreamed of just a few years ago.

In addition to standardizing and testing cryptographic algorithms used to create virtual locks and keys, NIST also assists in their use. NISTs validation of strong algorithms and implementations builds confidence in cryptographyincreasing its use to protect the privacy and well-being of individuals and businesses.

NIST continues to lead public collaborations for developing modern cryptography, including:

NIST also promotes the use of validatedcryptographic modules and provides Federal agencies with a security metric to use in procuringequipment containing validated cryptographic modules through other efforts including: FIPS 140, Cryptographic Programs and Laboratory AccreditationCryptographic Module Validation Program (CMVP), Cryptographic Algorithm Validation Program (CAVP), and Applied Cryptography at NIST's National Cybersecurity Center of Excellence (NCCoE).

The rest is here:
Cryptography | NIST - National Institute of Standards and Technology