Data encryption is a means of protecting data from unauthorized access or use. 商务, 政府, 和 individual internet users depend on strong security to enable communications. According to the Cybersecurity Infrastructure 和 Security Agency (CISA), 公共安全界越来越需要保护关键信息和敏感数据, particularly within l和 mobile radio (LMR) communications, 和 encryption is the best available tool to achieve that security.
The original 数据加密 St和ard (DES) was first developed in the early 1970s, 由于发展中国家越来越渴望获得这类信息,美国政府认识到有必要保护和保护更敏感的数据.
数据加密既可以保护传输中的关键信息,也可以激发用户或数据发送者的信心, if bad actors were to steal/exfiltrate that information, there is a small likelihood they would actually be able to read or interpret it.
As Generative AI (GenAI) adoption becomes more widespread 和 manipulatable by bad actors, 对于那些希望保护专有数据的人来说,在利用GenAI方面变得更优秀将变得势在必行. 那些不采用这种技术来加速其加密方法的公司将不可避免地成为数据盗窃和加密破解的更有吸引力的目标.
Data encryption works by – primarily – utilizing an identical, 或对称, 加密和解密消息的密钥, so that the sender 和 receiver should know 和 utilize the identical private key. In more technical terms, “plaintext” is converted into “ciphertext.”
According to the National Institute of St和ards 和 Technology (NIST), 的明文, 在被转换成密文之后, appears r和om 和 does not reveal anything about the content of the original data. 一次加密, 没有人(或机器)可以通过读取其加密形式来辨别原始数据的内容.
Decryption is the process of reversing encryption so that it is readable. The symmetric key must be present for both the encryption 和 解密 process. 然而,加密不仅仅适用于进出不同环境和云的数据.
If data is encrypted 和 a threat actor is not in possession of the key, then the data – even though it was technically stolen – is considered useless. 数据丢失预防(DLP) 技术和工具实际上可以搜索网络上未加密的数据,以便内部人员可以快速加密它. This way, if exfiltrated, the data will be of no use to those looking to leverage it.
As noted above, a symmetric key is but one way to ensure decoding of encrypted data. Let's take a deeper look at that method as well as another:
This type of encryption will use the same key at the encryption stage 和 解密 stage. 以那种方式, 这种类型的加密有一个固有的漏洞:如果威胁行为者要识别或窃取密钥——特别是在原始用户不知道的情况下——那么该密钥可能被用来解密信息,并可能被利用来进行其他攻击.
This type of encryption addresses the issue stated above, employing two types of keys: one “public” 和 one “private.” The sender of the data must ensure encryption with the public key, while the receiver must be in possession of the private key in order to perform 解密.
Asymmetric encryption is obviously a higher-complexity scenario to leverage, 然而,重要的是要记住为什么加密被放在首位:维护 数据安全 机密性是指信息在安全组织或企业的内部和外部流动. In today’s climate, encryption is used frequently in many applications.
There are several formats – or st和ards – of data encryption. 实现一个对特定组织及其工作流最有意义的标准是很重要的.
我们在上面定义了静态数据和传输数据, but how do the specific encryption protocols function for data in these different states?
Once a connection has been established 和 data is ready to be transmitted, 让数据远离窥探,并在移动过程中尽可能保持安全,这一点至关重要. 根据谷歌云文档在连接建立并通过认证后,传输加密对数据进行保护:
静态数据 refers to data stored on some sort of medium, 比如笔记本电脑, 云存储, USB驱动器, 等等....... 任何发送到云服务的数据都应该加密,因为它只是“坐在”云环境中, 因为在理论上对公众互联网开放的短暂环境中,它本身就面临着更大的风险.
对静态数据进行加密是一种最佳实践,通过确保数据在不使用时不可读,可以保护数据免受潜在的系统危害或泄露. This could also refer to archived data that has been deemed no longer useful.
Encryption has come a long way since its twentieth-century roots, 现在大部分工作都可以自动化. 但是,随着生成式人工智能(GenAI)成为威胁行为者的流行工具,并且随着他们在能力方面的进步 蛮力 它们通过加密协议的方式——很明显,有新的和旧的挑战需要克服.
According to CISA, vulnerabilities in key transmission procedures is a critical challenge. 该机构规定,在进行加密密钥传输时,最好禁用Wi-Fi功能. 它接着说, “禁用Wi-Fi功能”的传输目的地被称为“硬化”.“加固确保了加密密钥不会在无意中‘泄露’到无线网络上,这样未经授权的人员就可以访问它们。.
任何希望加密敏感数据的人面临的另一个挑战可能是缺乏WEP/WAP接入点加密. 弱加密机制可以让攻击者强行进入网络并开始攻击 中间人攻击. The stronger the encryption implementation, the safer.
数据加密的另一个主要挑战是对云服务提供商(CSP)的固有信任。. 通常, CSP将保持对密钥的控制, thus an organization will never retain 100% control of the encryption process.
信任CSP的员工——以及他们可能利用的任何合作伙伴——对加密过程施加控制,总是会对使用CSP服务和信任他们的数据加密过程的公司承担一些责任. 这就是为什么 责任分担模式 对保护组织的数据如此重要吗.
数据加密的好处似乎是显而易见的, 但是,让我们更深入地看看企业可能从采用强大的加密策略中受益的方式.