What is Data Encryption?
Encryption is a method of encoding data (messages or files) so that only authorized parties can read or access that data. Encryption software uses complex algorithms to scramble the data being sent. Once received, the data can be decrypted using a key provided by the originator of the message. The effectiveness of encryption technology is determined by the strength of the algorithm, the length of the key, and the appropriateness of the encryption system selected.
Because encryption renders information unreadable to an unauthorized party, the information remains private and confidential, whether being transmitted or stored on a system. Unauthorized parties will see nothing but an unorganized assembly of bytes. Furthermore, encryption technology can provide assurance of data integrity as some algorithms offer protection against forgery and tampering. The ability of the technology to protect the information requires that the encryption and decryption keys be properly managed by authorized parties.
To get an idea of how you can use data encryption within your organization, it’s helpful to first answer the question “what is data encryption," as well as learn what types of encryption are available to you and your organization.
Webinar: How to Automate Your PGP Encryption
Important Encryption Software Terms
- Algorithm – Also known as ciphers, algorithms are the rules or instructions for the encryption process. Triple DES, RSA, and AES are examples of encryption algorithms, or ciphers.
- Decryption – The process of converting unreadable cipher text to readable information.
- Key – A randomized string of bits used to encrypt and/or decrypt data. Each key is unique, and longer keys are harder to break. Common key lengths are 128 and 256 bits for private keys and 2048 bits for public keys. With GoAnywhere Open PGP Studio, you get full control over your PGP keys and can quickly and easily choose which algorithms you want to support with your keys.
Symmetric vs Asymmetric Keys
There are two types of cryptographic key systems, symmetric and asymmetric.
With a symmetric key system (also known as secret key system), all parties have the same key. The keys can be used to encrypt and decrypt messages and must be kept secret or the security is compromised. For the parties to get the same key, there must be a way to securely distribute the keys. While this can be done, the security controls needed can make this system impractical for widespread and commercial use on an open network like the Internet. Asymmetric key systems can solve this problem.
In an asymmetric key system (also known as a public/private key system), two keys are used. One key is kept secret, and therefore is referred to as the "private key." The other key is made widely available to anyone that needs it and is referred to as the "public key." The private and public keys are mathematically related so that information encrypted with the public key can only be decrypted by the corresponding private key.
Data Encryption Options in GoAnywhere
GoAnywhere, a managed file transfer (MFT) solution, provides several different features with a variety of encryption standards for protecting the privacy and integrity of your organization’s data. With GoAnywhere, sensitive encrypted files are protected both while in transit and at rest.
Choosing the Right Encryption Software and Method
There are several factors to consider when choosing the encryption standards to implement. The flexibility in GoAnywhere encryption software allows you to choose the encryption standard for each individual transfer. Before choosing an encryption standard to use, ask the following questions:
- What data encryption option best fits my organization’s need?
- How sensitive is the data being exchanged?
- How will the data be transported (for example, FTP, Email, HTTP)?
- Are large files being exchanged (which should be compressed)?
- Should the files be encrypted (before transmission) or should the connection be encrypted?
- What encryption standards does your trading partner support?
A trading partner may dictate the encryption standards which they support. For instance, many banking institutions require that their customers encrypt files using the Open PGP encryption standard.
MFT Software Solutions by Encryption Need
Scenario: Low sensitivity, password protection needed
You need to send your price list file to your customers over email. You want to make it simple for the customers to open the file. The price list information is not extremely sensitive, but you would like to at least password-protect it.
Recommendation: ZIP with AES encryption
Scenario: Highly sensitive banking information, FTP connection
You need to send your payroll direct deposit information to the bank. This is considered as highly sensitive information. The bank wants you to send this information over a standard FTP connection.
Recommendation: Open PGP
Scenario: Authentication with password or public key, FTP connection
Your trading partner wants to exchange information with you over a secure FTP connection. This trading partner wants to authenticate your company with a password or public key.
Recommendation: SFTP (SSH File Transfer Protocol)
Scenario: Authentication with signed certificate, FTP connection
Your trading partner wants to exchange information with you over a secure FTP connection. This trading partner wants to authenticate your company with a signed certificate.
Recommendation: FTPS (FTP over SSL)
Scenario: Large, sensitive files, FTP or email distribution
You need to send purchase orders to your vendors, which you consider as fairly sensitive. The files can be rather large in size and should be compressed. The purchase orders could be sent over standard FTP connections or via Email.
Recommendation: ZIP with AES Encryption, Secure Mail, or OpenPGP
Scenario: EDI files requiring confirmation
You need to send EDI information securely to a trading partner and you need confirmation that they received the exact document(s) you sent them.
Recommendation: AS2 (S/MIME over HTTP/S) or AS4
Scenario: Sensitive files sent via email
You need to send sensitive information in the message body of an email.
Recommendation: Secure Email
