In short, encryption is any technique used to transform information into a form that others cannot read or interpret without knowledge of how it was transformed. The simplest example is the classic “secret decoder ring” which substituted each letter for another (i.e. buffalo might become vyddlki) and you needed to have your own decoder ring to translate the information back to its original form. Naturally, modern encryption techniques are much more advanced than secret decoder rings and usually employ complex mathematics.
Public key, private key, symmetrical, asymmetrical, cipher, AES, DES, triple-DES, 128-bit, 256-bit, blowfish, PGP, token, certificate
Encryption is employed when information that you wish to keep private might be exposed to prying eyes. This includes when sensitive information is transferred over a network, stored on a device that could be easily lost or stolen, or stored on a computer to which an unauthorized person might gain access.
The top places departments should be using encryption are:
Many departments use sensitive data in different ways. Please contact the IT Security Office for additional information about protecting sensitive data.
The biggest problem with encryption is usually losing the keys and losing the ability to decrypt the information. This is typically not a problem for network forms of encryption like an encrypted website communication, but is often an issue with encrypted files or disks. Whenever the only, or primary, copy of information is encrypted, one needs to think carefully about how the data can be accessed if a password is forgotten or a key file is lost. Many encryption programs provide options to address this issue, so make sure you have a “plan B” for getting to your encrypted information.
Encryption generally isn’t free and will likely require purchasing software, devoting time of IT staff and purchasing training for IT staff.
Depending on the situation, encrypting information may complicate other IT management functions and departments should review the potential impact to their IT processes and technologies.