Data encryption is a technique for protecting sensitive data. It involves the use of cryptographic ciphers, or encryption algorithms to convert clear text data into indecipherable content. Most modern data encryption methods are based on a standard called the Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES)

Data encryption based on the AES standard involves the use of what is known as a symmetric key for encrypting the data and for decrypting it. With AES encryption, data is first scrambled using a symmetric key mathematical process. The same key that is used to encrypt the data is later used to unscramble or decrypt it. The strength of the encryption is usually described in terms of the size of the symmetric key. An AES key can be 128-bit, 192-bit or 256-bits in size. For most commercial applications, 256-bit AES encryption is considered to be the strongest form of data encryption.

Protecting customer data

Encryption offers a relatively straightforward and well understood way to protect data that is stored on servers and desktop systems, laptops and notebook computers and offline storage devices. Many data compromises occur when mobile computers and storage devices are lost or stolen. According to records maintained by the Privacy Rights Clearinghouse, more than 12 million customer records were compromised in 2011 as the result of lost or stolen laptop, PDAs, smartphones, hard drives, data tapes and portable memory devices. In each of these cases, the data could have been protected with simple data encryption.

Symmetric key management

Until relatively recently, data encryption was considered a complicated and cumbersome task. One of the biggest problems had to do with managing the symmetric keys used to encrypt and decrypt the data. However, technology advances over the past few years have made it relatively easy for companies to encrypt data at rest and data in transit over networks.

Encryption made easy

Many vendors these days sell technologies which allow companies to encrypt all of the data in an entire database, or just the data in selected files and selected records. Modern encryption tools allow companies to encrypt data by rows, by columns and by specific data types. Some tools even allow companies to automatically encrypt and decrypt all sensitive data in a computer, without the user having to do anything with the data.

Mandatory data encryption requirements

The ease with which data can be encrypted these days has resulted in a growing number of states and regulatory bodies mandating the encryption of sensitive customer and financial data. States such as Massachusetts and California for instance, require all companies that store or handle customer data to protect the data using available encryption methods. Companies that fail to comply with the requirement can face heavy penalties if they suffer a data breach.

In addition, industry bodies such as the Payment Card Industry Security Council, require all companies which accept payment card transactions to protect credit and debit card data using data encryption. Many major database vendors have also begin incorporating tools which allow companies to encrypt and decrypt data in their databases without having to worry about key management issues.