Online Tutoring on Data Encryption
Explain the advantages of encrypting the data
Data encryption refers to the process of converting the data into the form which is not understandable by humans and can only be read using the decryption key or password. This process has many advantages according to ClearCrypt (n.d) and Matthews (2019) such as:
- Maintains integrity which is to maintain accuracy, completeness, and data security by avoiding hackers to steal and commit fraud to the information. If by chance they access it so it is immediately reported cyber-attack.
- Security of data at all times is maintained such as while at transaction or stored at a specific device.
- Privacy is protected such as the client’s sensitive information which is crucial to avoid misuse of information by surveillance.
- Supported by multiple platforms or devices such as laptops, desktop, smartphones, and even IoT (Internet of thing).
- The necessity to run a successful business such as with encryption clients can trust to give their personal information.
- Part of law regulation to avoid fines such as misuse of a customer or employee information may cause a company to pay a hectic fine.
- Remote work is also secured as when business runners are working remotely that’s when the data is most vulnerable as stated by 86% of C-Suite executives and 60% of SME’s owners.
Number of storage system needs to be encrypted
ABC company has database, web, and email servers and multiple storage devices so encryption is needed in all of the mentioned systems they use. Database servers hold sensitive data such as employees, clients, and other business entities information that needs to be encrypted by using a key to avoid security breaches. According to Loshin (2019), securing web content has also now become a virtual necessity to show authenticity and also to maintain data integrity between servers and browsers. Hence having an SSL certificate and securing HTTP over Transport layer security is a proper encrypting strategy for the webserver.
Email server encryption requires a certificate. You leave yourself vulnerable to a man-in-the-middle (MITM) attack without a certificate, whereby malicious parties may insert themselves between you and your mail server to intercept and manipulate your emails. It will certainly not be a successful situation and it is clear that it is important to use a certificate on your mail server (Olenski, 2016).
Store encryption requires encrypting data before transferring to storage machines, such as actual hard disk drives, tape drives, or the libraries and collections containing them to avoid falling it into the wrong hands.
Data-at-rest and Data-at-motion strategy
Data-at-motion refers to the data that is currently in transit either from one network to another network or from a local storage device to the cloud (uploading data). This is the stage where data is vulnerable to cyber-attacks. While data-at-rest refers to the data stored at local devices such as hard drives, laptops, etc. at times these data are usually of value to the individual or company (Lord, 2019).
According to Lord (2019), both data-at-motion and data-at-rest should be protected for a modern enterprise because nowadays hackers found innovative ways to get access to data. For data-at-motion strategies such as encrypted protocols like SSL, TLS, etc. should be used and for data-at-rest encryption key should be applied before storing it to devices.
Activity 2
The disadvantage of implementing encryption technologies
According to Spam Law (n.d), these are the following drawbacks in a system containing encryption technologies:
- Encryption keys are essential for any encryption technology but managing such keys require professional and trained administration else it could lead to mishap and if any key is lost you have lost that data.
- The hectic cost that comes with the technology such as system upgrades to make it capable and also an additional cost to keep it running.
- When an organization does not understand any of the restrictions imposed by data encryption technology, it is possible to set unreasonable expectations and condition which could jeopardize data encryption protection.
- Compatible issues can arise as this requires a change in the current system which may disrupt system routines.
- As there will be an additional step of encryption and decryption which compromises performance as additional computation is required.
Effects of encryption on network traffic and bandwidth
Encryption effects on network threshold have been an increasing concern this imposes traffic on the network as encryption such as SSL is CPU intensive tasks. According to NSS lab studies, the statistics shared are that the encryption deep packet inspection is about 60% which drops the network performance by 92% and increases the response time to 672% – this is a huge lag on network performance (Maddison, 2018).
Figure 1: TCP Delay
According to the study by Ahmed & Mustafa (2015), the above figure shows that the light HTTP and Database light technology causes encryption/decryption delay along with TCP delay in the stimulation that lowers the performance. This is the reason why problems such as packet-loss, latency, and out of order packets occur due to encryption hence algorithms such as blowfish or RC4 can be applied to less important data on the internet.
Activity 3
The total cost of encryption technology
The initial cost of upgrade over the system usually depends on the quality of information, generally the higher the quality of data the harder the encryption will take. Other factors contributing are the type of data, the volume of data, and overall system computational power as it will affect the compatibility of the system to adapt to the encryption technology.
For example, for encryption of web servers, there is an SSL certificate that is required and many companies offer it. Enterprises purchase this certificate license on an annual base. According to Solomon (2020), here are some companies that offer a certificate with a cost:
Company | Offers | Cost ($/year) |
Thawte | Thawte SSL | 149 |
Web Server SSL | 249 | |
Web Server EV SSL | 599 | |
SGC Super Certs | 699 | |
Wildcard SSL | 639 | |
VeriSign | Secure Site | 399 |
Wildcard | 1999 | |
EV Site | 995 | |
Pro EV Site | 1500 | |
Geo Trust | True Business ID with EV | 299 |
True Business ID | 199 | |
True Business ID Wildcard | 499 | |
Quick SSL Premium | 149 |
The deployment and maintenance costs of encryption through different contexts, use cases, and implementations will add up rapidly. It’s not only the issue of licensing but the operationalization of it, as well. Another chief technology strategist concluded that it would cost about $2.4 million in licenses and more 24 months to incorporate cryptography into only another custom program (Cates, 2014).
This is the estimated cost of just data-at-motion encryption while the data-at-rest for example on a hard disk. It is estimated that for each storage device the average annual cost is $232 in the USA and $264 in Japan ( Kingsley-Hughes , 2012).
Importance of cyber-security
According to the report by Hiscox (2019), there was an increase of 15% (from 40% to 55%) in 2019 on the information breaches which in turn has also increased the company losses from $229,000 to $369,000 (61% increase). The big enterprises in the world spend on average $1.46 million on cyber-security across the globe.
Enterprises, the costliest form of cyber-attack was attributed to ransomware, at an estimated cost of $2.6 m per company, up 11 percent from the previous year. Web-based attacks and denial of service attacks both rated strongly, coming in at the second and third most expensive, but the fastest increase at 15 percent, was due to malicious insider attacks, suggesting that internal factors still present a risk (DFLabs, 2019). Hence for companies to invest upon their cyber-security is more cost-effective as it can save them from fines and information breaches and also keep the company name publicly reputational.
Activity 4
In this modern digital age, where most of our daily interactions and work are moving online, the concern of security is very real. Therefore, there lies a great need for encryption to maintain our privacy. Encryption can help in protecting information by transforming data to “for your eyes only” – which means that the information will only be given to the one intended and not to anyone else.
Furthermore, one of the key tactics that some businesses use to flourish or increase their reach on the market is by breaching data (personal information). This is done by employing the use of cybercrime (hacking) which is not right to do. However, if one is not careful and leaves vulnerable information online, this information or data can be part of the data breaches done by these multinational companies out for their gain (Norton, n.d).
Moreover, according to some regulations such as the Health Insurance Portability and Accountability Act (HIPAA), it requires for the healthcare providers to place certain security to protect the patient’s sensitive health information online. As well as institutions of higher learning must take similar steps under the Family Education Rights and Privacy Act (FERPA) to keep student records safe. Another example is of customers where the Retailers are required to keep check of the Fair Credit Practices (FCPA) and similar regulations to protect them (Norton, n.d).
According to some sources, they report that there has been a rise in cyber-attacks over the past years and most of the targeted victims do not have any system to detect any data breaches. 43% of the cyber-attacks are targeted towards SMEs. Hackers are also targeting the android platform now to execute these attacks increasing their reach a lot more. Hence it is advised that whether the person is a business owner or just an individual who wants to protect their credentials online, encryption is the way to go about it. (ClearCrypt, n.d)
References
Ahmed, E. S., & Mustafa, A. B. (2015). The effect of Encryption algorithms Delay on TCP Traffic over data networks. IOSR Journal of Computer Engineering, 17(1), 85-91. Retrieved from https://pdfs.semanticscholar.org/5b8f/ef7646086366ddb1d959190bc2a4af638dfd.pdf
Cates, S. (2014). FAQ: Understanding The True Price of Encryption. Dark Reading. Retrieved from https://www.darkreading.com/endpoint/privacy/faq-understanding-the-true-price-of-encryption/d/d-id/1204593
ClearCrypt. (n.d). he Advantages of Using Encryption to Protect Your Data. Clear Crypt. Retrieved from https://clearcrypt.eu/the-advantages-of-using-encryption-to-protect-your-data/#:~:text=Usually%2C%20data%20is%20most%20vulnerable,ensures%20protection%20during%20this%20process.&text=Encryption%20is%20used%20to%20protect,including%20personal%20information
DFLabs. (2019). The Cost of Cybersecurity Solutions vs. The Cost of Cyber Attacks. DFLabs. Retrieved from https://www.dflabs.com/resources/blog/the-cost-of-cybersecurity-solutions-vs-the-cost-of-cyber-attacks/
Hiscox. (2019). More than half of British firms ‘report cyber-attacks in 2019’. BBC. Retrieved from https://www.bbc.com/news/business-48017943
Kingsley-Hughes , A. (2012). The price of full disk encryption: $232 per user, per year. ZD Net. Retrieved from https://www.zdnet.com/article/the-price-of-full-disk-encryption-232-per-user-per-year/
Lord, N. (2019). Data Protection: Data In transit vs. Data At Rest. Digital Guardian. Retrieved from https://digitalguardian.com/blog/data-protection-data-in-transit-vs-data-at-rest
Loshin, P. (2019). How to encrypt and secure a website using HTTPS. Tech Target. Retrieved from https://searchsecurity.techtarget.com/tip/How-to-encrypt-and-secure-a-website-using-HTTPS
Matthews, K. (2019). 7 Advantages of Using Encryption Technology for Data Protection. SmartData Collective. Retrieved from https://www.smartdatacollective.com/5-advantages-using-encryption-technology-data-protection/
Maddison, J. (2018). Encrypted Traffic Reaches A New Threshold. Network Computing. Retrieved from https://www.networkcomputing.com/network-security/encrypted-traffic-reaches-new-threshold
Norton. (n.d). What is encryption and how does it protect your data? Norton. Retrieved from https://us.norton.com/internetsecurity-privacy-what-is-encryption.html
Olenski, J. (2016). Encrypting Emails vs Encrypting Mail Servers – What’s the Difference? Global Sign. Retrieved from https://www.globalsign.com/en/blog/encrypting-emails-vs-encrypting-servers
Solomon , J. (2020). SSL Certificate Options with Features and Costs? Chargebee. Retrieved from https://www.chargebee.com/blog/options-ssl-certificate-cost/
Spam Law. (n.d). Data Encryption Pros And Cons. Spam Law. Retrieved from https://www.spamlaws.com/pros_cons_data_encryption.html
[citationic]