Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption.
Even the strongest encryption options depend upon key best practices to support effective encryption deployment.
A strong encryption algorithm requires a strong encryption key, a strong mathematical algorithm, and a complex encryption process.
Strong encryption keys are passwords for encryption.
A complex encryption process uses a complex combination of the encryption key and the mathematical algorithms on blocks of data over multiple rounds of encryption.
In 1997, AES encryption replaced DES with stronger encryption that increased block sizes to 128 bits, used 10 to 14 rounds of encryption, and increased key sizes to a minimum of 128 bits.
Harnessing ever-more-powerful computing will challenge the effectiveness of encryption algorithms, but failed encryption processes currently expose more data than weak encryption algorithm strength.
Best practice adoption protects the encryption process to avoid stolen, revealed, or guessable encryption keys.
While equal in importance, most organizations will discover a practical hierarchy for implementing the top six encryption best practices.
Asymmetric encryption uses public encryption keys to provide superior encryption for data transmission and data sharing, but asymmetric encryption will be too operationally intense to provide efficient and usable encryption for database fields, full-disk drives, or local files.
Assess and inventory encryption use throughout to replace obsolete protections and to ensure universal application of other encryption best practices.
Just as with any other security technology, encryption requires defense in depth and multiple layers of encryption limit the damage possible from the failure of any single encryption solution - especially for the most critical data.
Use encryption experts and centralize encryption key management for improved security.
Cryptographic failures occupy second place on this list because of the poor management of encryption components, the use of weak encryption algorithms, or the improper deployment of encryption algorithms.
Weak encryption algorithms undermine security, but DevOps programmers don't always possess the encryption expertise to recognize weak encryption.
With best practices in place, select the strongest encryption options.
Good encryption algorithms such as Blowfish, Triple DES, and WPA2 provide acceptable encryption, assuming that the organization also observes encryption best practices.
Better encryption such as AES, ECC, RSA, Twofish, and WPA3 provide the current best-practice encryption options widely available and are superior to the good encryption algorithms listed above.
Effective deployment of best practices creates a security environment that enables continuous management and evaluation of encryption processes.
Upgrading encryption tools will usually be sufficient to maintain encryption as a fundamental layer in any security stack, but continue to evaluate encryption options regularly to remain secure.
This Cyber News was published on www.esecurityplanet.com. Publication date: Fri, 05 Jan 2024 17:43:05 +0000