You hear all the time about how important it is to encrypt data. But what does encryption actually mean? Which best practices should you follow when encrypting your data? Which tools are available for data encryption? Show Keep reading for answers to these pressing data encryption questions. What is data encryption?Put simply, data encryption is a process that changes data from its original format into a new format. To translate it back, you typically need a special encryption key or code. A very simple data encryption example involves taking every letter in a word and changing it to the letter that follows it in the alphabet, so that the word “dog” becomes “eqh,” for instance. In this case, the encryption key to unlock the encrypted data would be code that switches the letters back by moving them one place lower in the alphabet. Obviously, it would not be very difficult in the example above for someone to guess how your encryption scheme works and reverse-engineer your encryption key. But if your process for encrypting your data were much more complicated – if, for example, you used a complex set of rules to move letters around, inserted random data in various places and converted the letters differently depending on where they are located as well as which letters they are – you would end up with encrypted data that would be much harder for someone to decrypt unless they had an encryption key that could reverse your encryption process. What is an encryption key?An encryption key is used both to translate data into a scrambled, unreadable form, and to transfer it back. There are different types of encryption keys and different ways to use them. If you use symmetric keys, you use the same key for both encrypting and decrypting data. Asymmetric encryption uses different keys for the encryption and decryption processes. Which data can you encrypt?Although not all data is the same, virtually all data can be encrypted. You can encrypt data while it is “at rest,” which means it is stored in a static location like a disk. You can also encrypt data “in motion,” such as when it is being transferred over the network. You can encrypt data on any type of operating system. You can encrypt data stored in file systems, as well as data stored on block data. You can encrypt data stored directly on a bare-metal server, as well as data in a virtual machine or on a virtual disk. There are certain types of data that you would probably not want to encrypt, such as the data stored in /proc on a Linux server. This type of data should be secured in other ways (such as via file-level access control, in the case of /proc). Read our eBook IBM i Encryption 101This eBook provides an introduction to encryption, including best practices for IBM i encryption. Popular data encryption algorithmsThe specific process that you use to encrypt and decrypt data is called an algorithm. Dozens of different encryption algorithms have been widely used in the last several decades, but the leading ones today include:
Although all of these data encryption algorithms can encrypt data in ways that meet most modern standards, they are not created equal. Some are better at encrypting certain types of data than others. They can also perform differently on different types of infrastructure; some algorithms might be faster if you have lots of memory but less CPU power, for instance, whereas others do better in CPU-rich environments. It is, therefore, a good idea to experiment with different encryption algorithms in order to see which ones best serve your needs. Data encryption toolsMost encryption algorithms can be implemented by many different tools. In other words, there is no single, specific program you have to use if you want to encrypt data using, say, the AES algorithm. You can choose from lots of different implementations, depending on which operating system you use. Like the different encryption algorithms, some encryption tools might be faster than others, and some are better at encrypting or decrypting certain types of data. Some excel at encrypting small volumes of data but are not as effective with large amounts of data, or vice versa. This means that when it comes to selecting specific encryption tools, you should also experiment with at least a few to see which ones best meet your needs. Data encryption best practicesA complete guide to data encryption is beyond the scope of this 101-level article, but in general, the following principles are good to follow if you want to encrypt data securely and efficiently:
|