TDWI Articles

Why Encryption Holds the Secret to Data Security

Does your data need to be encrypted?

Those of us who use WhatsApp will have likely seen a seemingly comforting message over the past year: "Messages you send to this chat are secured with end-to-end encryption."

For Further Reading:

Keep Your Data Secure with a Layered Approach

5 Steps to Securing Your Big Data Infrastructure

How Next-Generation Hardware Security Modules Can Help You Prepare for GDPR

Cool.

Wait. Is that really cool? How many of us have actually taken the time to pause and wonder what end-to-end encryption is, exactly, and whether you need it?

In this age of big data, enterprises collect more types of valuable data via more channels than ever before. Today's data management practices must include responsible security measures, not just to ensure compliance with new regulations regarding privacy-sensitive data but also to protect valuable intellectual property.

Is encryption really key to keeping our data (including our messages) safe?

At its most basic, encryption scrambles messages before they are sent, then allows intended viewers to un-scramble them. That means that only the sender and receiver can view messages, making it extremely difficult for third parties to get their hands on the data. That's why many users particularly concerned about keeping their communications safe favor WhatsApp -- it's one of a handful of such services offering end-to-end encryption.

Can encryption really be trusted to ensure data privacy and security? To answer that question, let's look at the four primary areas most crucial to protecting data:

  • Data confidentiality ensures that information can't be obtained by an unauthorized or rogue party, either inside or outside the enterprise

  • Data integrity focuses on preventing adversarial parties from tampering with or corrupting data

  • Availability ensures that all who should have access to data do

  • Access control encompasses an organization's efforts to constantly and effectively manage, enforce, and update rules surrounding data access.

Does encryption answer all of these crucial aspects of data protection?

The answer is yes. Encryption is a key arrow in the quiver of tools that enable data protection. Mathematically transforming information into something indistinguishable from gibberish, encryption guarantees that only approved users can reverse the transformation. The transformation's mathematical complexity underpins encryption's robust security. Unapproved users can only reverse the transformation and reveal the data if they can break an exceedingly hard computational problem. Encryption, therefore, makes it extremely difficult for an adversary to steal or tamper with information without being noticed.

This gives encryption a significant leg up over alternative privacy protection strategies such as de-identification. De-identification is the process used to prevent someone's personal identity from being connected with other identifying information. For example, data produced during clinical trials can be de-identified to maintain the privacy of participants.

However, the inadequacy of traditional de-identification mechanisms became starkly clear in 2017 when University of Melbourne researchers released a study finding that de-identified patient data released by the Australian government in 2016 could easily be re-identified simply by cross-referencing the data with other public information. A recent investigative report in the New York Times about the proliferation of individual location data illustrated how remarkably easy it is to identify and track a person without their consent, despite longstanding privacy protocols such as de-identification and anonymization.

Encryption, by contrast, safeguards confidentiality, restricting data access to authorized users while enabling data integrity with inherent mechanisms for access control. Traditionally, encryption is used to protect data at rest and in transit. Recent advances in cryptography in conjunction with data science paved the way to practical implementations of homomorphic encryption to protect data in use. This allows us, for example, to analyze sensitive data while it is encrypted in untrusted environments.

The proof seems to be in the pudding. According to the 2018 Global Encryption Trends Study, 43 percent of respondents have adopted consistent, enterprisewide encryption strategies. Although use cases span industries, encryption solutions are most prevalent in the financial services industry (60 percent adoption) and healthcare and pharmaceutical industries (55 percent adoption). That is particularly significant because these industries tend to handle highly sensitive data. Encryption is also the cornerstone of secure e-commerce, making it integral to the Internet as we know it today. []

Encryption Not Perfect

Does such widespread adoption mean that encryption is a panacea for all our data sharing and privacy challenges? Absolutely not. Encryption's computational intensity often leads to implementation difficulties, including securely sharing encryption keys. In addition, with the advent of super powerful quantum computing, cracking today's unbreakable encryption will seem like child's play.

For now, the benefits of encryption far outweigh the challenges. Unlike other data privacy and security approaches, encryption is mathematically guaranteed, and encryption software implementations can be "proven" correct to a better degree than other techniques. Encryption also provides far better protection Moreover, encryption software can be more easily updated and replaced as flaws are identified and techniques undergo continued improvement, especially as compared to hardware solutions.

A Final Word

The bottom line: with big data transforming operations and unlocking new innovations and discoveries across industries, encryption will become more and more essential to our digital economy.

About the Author

Prof. Kurt Rohloff is the CTO and co-founder of Duality Technologies. Prior to Duality he was an associate professor of computer science at NJIT and senior scientist at Raytheon BBN Technologies. Rohloff has led multiple DARPA-funded projects, including one of the earliest homomorphic encryption implementation projects. He is a co-founder of the open-source PALISADE homomorphic encryption library that is widely used in the U.S. defense industry. You can reach the author via email or LinkedIn.


TDWI Membership

Accelerate Your Projects,
and Your Career

TDWI Members have access to exclusive research reports, publications, communities and training.

Individual, Student, and Team memberships available.