The recommendations of the DBIR report include identifying and encrypting sensitive information. How exactly does that work? Let’s start by defining encryption.
What is Encryption?
Technically speaking, encryption converts plaintext to ciphertext. To put it more simply, encryption scrambles readable data and only authorized users can unscramble it to read it. Data is encrypted using a mathematical algorithm that relies on encryption keys that are typically randomly generated. Decrypting the data (reversing the process from ciphertext to plain text) also requires an encryption key.
Encryption protects data, securing it so that unauthorized readers can’t steal it — in the case of a data breach or malware infection — or accidentally leak it — in the case of human error.
Types of Encryption
There are two main types of encryption: symmetric (or private key) encryption and asymmetric (or public key) encryption. Symmetric encryption uses the same key to encrypt and decrypt data. Asymmetric encryption uses one key for encryption and a different key for decryption. One isn’t necessarily better than the other, they each serve different purposes and offer different advantages.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS), SSL’s successor, use asymmetric encryption. SSL and TLS both encrypt data at rest — in storage —and in transit — while it’s moving from one server to another — and SearchBlox supports both.
And while SSL and TLS protect data in transit and at rest, AES-256 protects data in use. AES stands for Advanced Encryption Standard. The 256 refers to a key length of 256 bits, which makes the key virtually unbreakable with existing computer power. AES-256 requires the same key that was used to encrypt the data to decrypt it. In other words, it uses symmetric encryption.
“Our Platinum Support data privacy module enables you to search data while it’s still protected with AES-256 encryption,” explains Timo Selvaraj, SearchBlox’s co-founder and VP of product management. This “searchable encryption” is a game changer for enterprises: Every user can search the data, but only privileged users can see the decrypted Personally Identifiable Information (PII).
“We can secure any data source when using Elasticsearch,” explains Selvaraj. “And because we support OpenSSL, TLS 1.2/13 and AES-256, we enable you to meet stringent security standards and compliance requirements.” Those include:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry (PCI) Data Security Standard
- National Institute of Standards and Technology (NIST) Security Framework