Decrypted | Insights from Virtru to Unlock New Ideas

Protect Your Data: Five Common Encryption Misconceptions Explained

Written by Editorial Team | Jul 12, 2019 7:00:57 AM

Data is arguably an organization’s most important asset and encrypting it is the most effective security measure you can take to protect it. Yet, encryption is too often an afterthought. 

In 2018, more data was stolen than ever before, with a total of 4.5 billion records compromised in the first half of the year alone. And intellectual property (IP) theft costs U.S. companies as much as $600 billion each year. What’s especially important to remember though, is that since 2013, only 4% of breaches have been “secure breaches” where encryption was used and the stolen data rendered useless. 

At a high level, the concept of encryption is simple: Plain text content—such as an email or document—needs to be protected so that only the intended recipient(s) is able to access and read it. In order to do this, a key is required to jumble plain text into indetectable ciphertext. Depending on the type of encryption used—symmetric or asymmetric— recipients will need an encryption key to convert that ciphertext back to its original plain text form.

So why are only 43% of enterprises using encryption consistently across the organization to protect their data? Despite recent regulations such as GDPR helping to boost encryption adoption, there are still skeptics. It’s time to set the record straight on five common misconceptions that prevent widespread adoption. 

Misconception #1: Encryption is only for organizations with compliance requirements.

Encryption is either recommended or required for email compliance in all major regulatory regimes that touch on data security. However, organizations without compliance requirements can still benefit from encryption. Simply put, encryption significantly reduces the impact of a data breach on an organization. 

If your organization has data on your employees, customers, market, or product that you believe to be sensitive or competitive then you should always protect it, even if not legally required to do so. If you’re not convinced, think about what would happen if a rogue employee tried to leak confidential information—such as a product roadmap to a competitor or television script to the press. Encryption can help put a stop to it.

Whether you need to meet regulatory compliance, protect intellectual property, or simply prevent third parties from accessing your content, Virtru’s encryption solution provides a secure, easy-to-use data protection foundation for your organization.

Misconception #2:  If a vendor encrypts your data, they can’t access it.

Even though most encryption vendors promise to make your data unreadable to unauthorized parties, the vast majority of technology vendors still retain access to your unencrypted content themselves.

Take SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption methods, for example. Both SSL and TLS provide an effective way to secure content as it travels from one point to another by providing an encrypted pipe through which data can be transmitted. These two encryption methods do not encrypt the actual content at rest. Instead, they ensure that unencrypted content is secure when traveling between locations. 

As a result, third-party providers typically have access to the unencrypted data that reaches their servers throughout this process. If a cloud provider stores your data in addition to transmitting it—which most providers do—this encryption method alone cannot prevent the vendor from accessing your data in unprotected form. The best way to prevent technology vendors from accessing your plain text data is to separate where keys and content are stored.

Virtru offers multiple key management options to enable easy-to-use email and file encryption that protects data wherever it is shared and prevents third parties from ever accessing unencrypted content. Distributed architecture with dual layers of protection ensures total control over who can access the keys securing your most sensitive data.

Misconception #3:  Encrypted data is inaccessible to hackers.

Even if you’re fine with vendors having access to your data, it would be a mistake to think that hackers can’t get access to it. Unfortunately, it’s virtually impossible to guarantee that. Organizations should operate under the notion that their data can and likely will be compromised at some point. However, certain encryption methods such as client-side encryption make it harder for hackers to gain access to sensitive data than others.

Many organizations fail to properly manage their encryption keys—storing them on the same server as encrypted content or allowing a tech vendor to manage them. However, good key management makes all the difference in the event of a breach since encrypted data cannot be decrypted without the key. 

Misconception #4:  Encryption slows everything down.

In the past, when computer processors were less powerful, this was true. Nowadays, computer processes are much faster and can handle encryption effectively. 

But computers aren’t the only factor impacting the speed of encryption. If encryption does not fit seamlessly into an existing workflow, it slows end-users down. In this case, usability is key. Organizations simply cannot afford to settle with a legacy approach to encryption because if usability is not prioritized, adoption slips and the strength of your data security program is weakened.

Misconception #5:  Encryption is complicated.

Legacy approaches to encryption are complicated: difficult to use, update, and securely manage keys. Modern solutions, however, address the complex demands of encryption in a simplified way.  

The secret to finding effective data encryption software is to look for a solution that protects the privacy of sensitive data while providing features—such as access control and granular audit—that help meet overall security and deployment requirements. Ease-of-use and seamless encryption key management are the two primary factors in evaluating solutions.

 

Boost the strength of your data security program and talk to a Virtru expert today about how end-to-end encryption can work for your organization.