While on work experience, Jack Bassett from John Hampden Grammar School explored a hot topic of public debate – encryption.
Data security, more specifically encryption, is as old as the art of communication itself. The word encryption derives from the Greek word kryptos, meaning hidden or secret and has been used throughout history, with applications from the Egyptians through to the Second World War, and is becoming an ever more pervasive theme in modern day society.
Data security
Data security is about keeping data safe. In the digital world this is achieved by preventing unauthorised access to computers, databases and websites, as well as protecting data from corruption. With data now the new oil for most businesses, data security should be one of the main priorities for organisations of every size and type. However too often it is found to be an afterthought following a security breach. Such breaches can be hugely damaging, carrying both reputational and financial risk. The safeguarding of data is also a legal requirement, under the Data Protection Act. The ICO in the UK advises information to be encrypted where the loss of the data could lead to those affected suffering damage and distress.
Data encryption
Encryption is considered one of the most effective ways to implement data security. Encryption is the conversion of electronic data from plain text into a secret code, referred to as cipher text. A secret key is needed in order to decrypt the code, which is only known by the authorised parties and therefore prevents others from accessing.
There is broad use of encryption in the commercial and consumer domains to protect data both while it is being sent across a network (data in transit), and stored, such as on a hard drive (data at rest). One of the common forms of encryption is seen when web pages use https as part of their URL. This involves adding a security layer which encrypts data in motion, such as credit card details being sent when making an online purchase.
Security vs privacy - the encryption debate
There is ongoing global debate about the use of encryption on digital communications and the threat this may pose to national security. Some governments including the UK, argue they need to have the ability to unlock encryption, to enable them to look at the communications of those who pose a threat to national security. Those opposed argue citizens should have the right to privacy, without the feeling of living in a big brother style society.
Is encryption enough?
Encryption adds significant strength as part of a security offering, but it may not provide 100% assurance of keeping data safe. It serves as just one layer of the security process. Governments, businesses and individuals should have a range of security measures in place to protect against threats.
Encryption nowadays is far more sophisticated than the methods used by the ancient Greeks, but with more sensitive data online than ever, it has arguably never been so important.
Sources
http://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-03.pdf
https://www.gov.uk/data-protection/the-data-protection-act
http://www.techopedia.com/definition/26464/data-security
http://searchsecurity.techtarget.com/definition/encryption
https://ist.mit.edu/security/data_risks
https://iconewsblog.wordpress.com/2013/08/28/ico-blog-why-encryption-is-important-to-data-security/
http://certmag.com/exploring-encryption-know-basics-important-security-standard/
www.linuxandubuntu.com [image credit]