Data encryption is a means of protecting data from unauthorized access or use. 商务, 政府, 和 individual internet users depend on strong security to enable communications. According to the Cybersecurity Infrastructure 和 Security Agency (CISA), 公共安全界越来越需要保护关键信息和敏感数据, particularly within l和 mobile radio (LMR) communications, 和 encryption is the best available tool to achieve that security.
The original Data Encryption St和ard (DES) was first developed in the early 1970s, 由于发展中国家越来越渴望获得这类信息,美国政府认识到有必要保护和保护更敏感的数据.
数据加密既可以保护传输中的关键信息,也可以激发用户或数据发送者的信心, if bad actors were to steal/exfiltrate that information, there is a small likelihood they would actually be able to read or interpret it.
As Generative AI (GenAI) adoption becomes more widespread 和 manipulatable by bad actors, 对于那些希望保护专有数据的人来说,在利用GenAI方面变得更优秀将变得势在必行. 那些不采用这种技术来加速其加密方法的公司将不可避免地成为数据盗窃和加密破解的更有吸引力的目标.
Data encryption works by – primarily – utilizing an identical, or symmetric, key to encrypt 和 decrypt a message, so that the sender 和 receiver should know 和 utilize the identical private key. In more technical terms, “plaintext” is converted into “ciphertext.”
According to the National Institute of St和ards 和 Technology (NIST), the plaintext, after being transformed into ciphertext, appears r和om 和 does not reveal anything about the content of the original data. Once encrypted, 没有人(或机器)可以通过读取其加密形式来辨别原始数据的内容.
Decryption is the process of reversing encryption so that it is readable. The symmetric key must be present for both the encryption 和 解密 process. 然而,加密不仅仅适用于进出不同环境和云的数据.
If data is encrypted 和 a threat actor is not in possession of the key, then the data – even though it was technically stolen – is considered useless. Data loss prevention (DLP) 技术和工具实际上可以搜索网络上未加密的数据,以便内部人员可以快速加密它. This way, if exfiltrated, the data will be of no use to those looking to leverage it.
As noted above, a symmetric key is but one way to ensure decoding of encrypted data. Let's take a deeper look at that method as well as another:
This type of encryption will use the same key at the encryption stage 和 解密 stage. In that way, 这种类型的加密有一个固有的漏洞:如果威胁行为者要识别或窃取密钥——特别是在原始用户不知道的情况下——那么该密钥可能被用来解密信息,并可能被利用来进行其他攻击.
This type of encryption addresses the issue stated above, employing two types of keys: one “public” 和 one “private.” The sender of the data must ensure encryption with the public key, while the receiver must be in possession of the private key in order to perform 解密.
Asymmetric encryption is obviously a higher-complexity scenario to leverage, 然而,重要的是要记住为什么加密被放在首位:维护 data security 机密性是指信息在安全组织或企业的内部和外部流动. In today’s climate, encryption is used frequently in many applications.
There are several formats – or st和ards – of data encryption. 实现一个对特定组织及其工作流最有意义的标准是很重要的.
We defined data at rest 和 in transit above, but how do the specific encryption protocols function for data in these different states?
Once a connection has been established 和 data is ready to be transmitted, 让数据远离窥探,并在移动过程中尽可能保持安全,这一点至关重要. According to Google Cloud documentation在连接建立并通过认证后,传输加密对数据进行保护:
Data at rest refers to data stored on some sort of medium, such as a laptop, cloud storage, USB驱动器, 等等....... 任何发送到云服务的数据都应该加密,因为它只是“坐在”云环境中, 因为在理论上对公众互联网开放的短暂环境中,它本身就面临着更大的风险.
对静态数据进行加密是一种最佳实践,通过确保数据在不使用时不可读,可以保护数据免受潜在的系统危害或泄露. This could also refer to archived data that has been deemed no longer useful.
Encryption has come a long way since its twentieth-century roots, 和 much of it can now be automated. 但是,随着生成式人工智能(GenAI)成为威胁行为者的流行工具,并且随着他们在能力方面的进步 brute-force 它们通过加密协议的方式——很明显,有新的和旧的挑战需要克服.
According to CISA, vulnerabilities in key transmission procedures is a critical challenge. 该机构规定,在进行加密密钥传输时,最好禁用Wi-Fi功能. It goes on to say that, “禁用Wi-Fi功能”的传输目的地被称为“硬化”.“加固确保了加密密钥不会在无意中‘泄露’到无线网络上,这样未经授权的人员就可以访问它们。.
任何希望加密敏感数据的人面临的另一个挑战可能是缺乏WEP/WAP接入点加密. 弱加密机制可以让攻击者强行进入网络并开始攻击 man-in-the-middle attacking. The stronger the encryption implementation, the safer.
数据加密的另一个主要挑战是对云服务提供商(CSP)的固有信任。. 通常, a CSP will maintain control over keys, thus an organization will never retain 100% control of the encryption process.
信任CSP的员工——以及他们可能利用的任何合作伙伴——对加密过程施加控制,总是会对使用CSP服务和信任他们的数据加密过程的公司承担一些责任. This is why the shared responsibility model is so critical to safeguarding an organization's data.
Benefits of data encryption may seem obvious, 但是,让我们更深入地看看企业可能从采用强大的加密策略中受益的方式.