Cybersecurity best practice states that organisations should incorporate encryption into their cybersecurity practices in order to protect user data. However, traditional encryption technology has only provided coverage for data when it is in transit or at rest, and there have been limited tools available for encryption of data in use.
The lack of encryption of data in use technology has increased risk for organisations, especially as evolving attack tools and techniques take advantage of any moment of weakness in systems, including when data is decrypted in order to process it.
What is encryption at rest, in transit, and in use? And why is it important?
So, what is encryption? Data encryption transforms data into a code (or cipher text) making it unreadable to anyone who doesn’t have the authorisation to read it (usually with a decryption key).
Encryption for data in transit: Data is vulnerable to interception as it travels across the internet. Encrypting data before it is sent over the internet will ensure that even if it is intercepted, the interceptor will not be able to use it unless they have a way to turn it back into plain text.
Encryption methods for data in transit include encrypting emails using encryption software, using a VPN to connect to the internet, or protecting websites and connections with HTTPS and TLS.
Encryption for data at rest: Data saved or archived on the network is vulnerable to attacks once an attacker is within the network. Encrypting data at rest ensures that it can be left sitting there quietly secure in the knowledge that if all other protections fail, an attacker who steals it will be unable to sell it as it is unreadable without the key.
Data at rest is usually encrypted using file-level encryption which locks down individual files, or whole-disk encryption which protects the entire hard drive of a laptop.
Encryption for data in use: Data is in use when it is accessed or consumed by a user or application. Data in use is the most vulnerable form of data as it is stored in clear text in the memory for the duration of its usage.
Traditionally, the advice for organisations in the battle against ransomware and other forms of cyber attack has focussed on encryption in transit and at rest, because the technology existed while effective technology for encrypting data in use was not yet available.
But that is about to change with new encryption technologies and encryption as a service providers such as Vaultree.
Achieving ultimate protection of data: encryption of data in use
As encryption protections for data in transit and data at rest improve and are adopted widely, attackers will look to exploit the weakest element of data, data in use, instead. This has increased the need for that final defence, encryption of data in use.
However, the question of how to encrypt data in use has been challenging for security professionals. By its nature, data in use is data that is changing, and the problem has been how to ensure that the changed data will show the desired outputs when it is decrypted. In addition, early data in use encryption tools were too slow to use.
But that is changing with searchable symmetric encryption technologies devised by companies such as Vaultree, that are finally able to address these challenges and process encrypted data at nearly the same speed as processing plain text (unencrypted) data.
Homomorphic encryption allows data to be used as though it is in plain text while keeping it in cipher text. In homomorphic encryption, the text is never decrypted even while it is being worked with.
Searchable symmetric encryption enables users to search through encrypted data selectively identifying specific required information, and moving it on to the next use. In turn, this then enables organisations to share or process just the relevant pieces of data without decrypting an entire dataset exposing it to potential attack.
The future of encryption is here, and it is focussed on supporting organisations to protect their data as completely as possible. Adding encryption of data in use to the wider cybersecurity programme ensures that when all else fails, and access is gained to data, attackers still can’t use it. But it is definitely preferable that it doesn’t get tested.