The Pros and Cons of Using Encryption
Buy custom The Pros and Cons of Using Encryption essay
Introduction to encryption
To ensure that the computing environment is completely secure, encryption technology then should be fully embraced. Encryption is the practice of concealing a piece of information through encoding it in a manner that can only be decoded by the intended end user without any intermediate person understanding it (Westermeier, et al. 2007). Therefore, this is a process whereby the data is encoded to ensure that it is prevented from being viewed from unauthorized parties to ensure that they do not modify it either.
The simple coding of information can be tracked back to the fifth century BC. Otherwise, with the progress of the time, the data security has become a little bit more complex and more secure. Therefore, encryption has of late been used to provide high levels of security to network communication, files storage on hard drives, emails and other information that requires security (Rodin, 1998).
When encryption does occur
This occurs when the data is passed through a series of mathematical operations generating an alternate of that data in a sequence known as algorithm. Therefore, to ensure that this is distinguished from each other, unencrypted data is called plaintext while the encrypted data is called cipher text (Westermeier, et al. 2007). Therefore, the security of encryption depends with the ability of algorithm to produce cipher text that cannot easily be converted to plain text.
To ensure that the information is completely protected, the introduction of key provides another level of security. A key is a piece of information that ensure that only those who hold it re able to encode and decode a message (Randleman, 2001). Keys are available in many different forms like passwords; algorithms generated number, digital fingerprints and electronic devices that work similar to doors key. These are series of numbers that are held by the owner to ensure that he/she accesses the information.
A key ensure that both the sender and the recipient understand how the message is encrypted and ensures that no other person knows how this message can be encrypted. Therefore, this key ensures that the recipient is the only person capable of decoding the encoded message.
Symmetric and asymmetric encryption
Encryption is categorized in to two general ways. These categories are asymmetric and symmetric encryption. In the symmetric encryption, a single key is used in the process to encrypt and decrypt the message. Therefore, this implies that the person encrypting the message offer the key to the person required to decrypt it. Through symmetric encryption, the sender encrypt the message and send it to the recipient who if do not have a key is send a key or cipher text separately to the recipient (Martin, 2007). Therefore, the recipient uses the key send to decrypt the message.
Asymmetric encryption, which is also known as public key encryption, uses two different key to encrypt the message and a private key to decrypt it (Rodin, 1998). The public key can only be used to encrypt the message, while the private key can only be used to decrypt the massage. This endures that the public are offered access to offer their message without any compromise to the key as only the private key is capable of encrypting the message (Westermeier, et al. 2007). The privacy and confidentiality of the message is guaranteed, as the private key that is used to decrypt the information is never distributed making it impossible for the attacker not able to intercept the key that s used to decrypt the message.
Pros and cons of encryption
Pros of end-to-end encryption
In a financial service industry set up, there has been a lot of debate that involves the areas of security and compliance that involves the encryption for the data storage and its transit. With compliance such as Payment Card Industry Data Security Standard (PCI DSS) and FFIEC information security examination requirements that include extensive section and data protection. Therefore, due to this organizations are not taking chances in the process of protection of the information. Therefore, through encryption especially tokenization, Virtual Private Network and end-to-end encryption has been embraced by different organization (Rodin, 1998). Otherwise, these security issues have their advantages and disadvantages.
Therefore, let as look at the end-to-end encryption. This is where the data is encrypted at rest and ensured that it remain that way while in transits until it gets into its final destination where it is supposed to be decrypted. When this method is well adopted, it offers the best data confidentiality though it requires proper use of trusted algorithms.
Good example of this can be payment of card PIN that can be used by the card-processing firm where they are encrypted and decrypted trough the use of a special hardware security module (HSM) with 3DES or other algorithms (Randleman, 2001). These modules are physically kept under look where the parties with shared administration duties only access their keys. This makes the chance of data compromise to be rare. In other cases, credit card is encrypted in the point of sales. Terminal using the 3DES, AES or other algorithms where it is not decrypted until getting to the bank required. Encryption solution is also of very great advantage during the time of integrating the point of sale that exist, network and database solutions that also include financial applications that has been use for a long time (Rodin, 1998).
Cons of end-to-end encryption
This encryption is hard to implement. In the initial stages, there is a lot of confusion about end-to-end encryption and what it constitutes. If for example, financial data has been processed at multiple stages during the time of transit through different operating systems and applications, there might be several encryption and re-encryption of that data that is not exactly then end-to-end encryption. The reason being, the data will be vulnerable during these operations.
In other cases, data or a section of it is required by through the business reasons. A good example can be the retention of payment card data that has recurring charges and refunds. This in addition with management of centralized encryption key storage is very complex and very expensive. Through these scenarios, the only thing that can be of greater use is the tokenization technology.
Pros of tokenization technology in encryption
Tokenization technology that is an also encryption replaces payment cards data and or financial accounting record with a unique value after the process has taken place. This has solved many encryption problems offering solutions to encryption inherent implementation and management complexity (Randleman, 2001). Through this technology, solutions tend to be simpler and simple to set up. With this in the encryption 9of the information, the actual financial data is not transmitted. In many cases this excludes original transaction or uses in many cases.
This tokenization technology ensures that the encryption of information token can be kept in the store indefinitely. This allows the value to be retained and leverage for the ongoing use in the transactions or to access the actual data that was a stored elsewhere at a later date. In most scenarios, the tokenization technology can be outsourced to ensure that the processing of data by a firm reduces operational burden of managing security in the same respect.
Cons of tokenization in encryption
Otherwise outsourcing this service may be double edged. The reason being, organization management will be reluctant to out source security management of this kind. Therefore, they may in any case not be in a position to out source due to specific policies, technological requirements that are no compatible with the tokenization and difficulty in locating all the financial data within the environment (Randleman, 2001).
In other cases, wherever a bog organization is involved in the encryption, they may encrypt the whole database in the spirit of keeping their financial data protected to an extent of encrypting data that the administrator do not know if they ever exist (Rendleman, 2001).
Tokenization relies on changing of data for it to exist. This requires explicit modification of the data at work and removing these types of the encryption controls that may lead to the exposure of the data. Therefore, through these problem, tokenization is rarely used by the big companies as they have more complex requirements in their data protection that tokenization cannot handle.
Looking at the days to come, it is very hard to advocate that a company be required to use one type of technology in its encrypting of information. Despite the strength and their weaknesses, encryption poses a lot of opportunity in the protection of the data. Therefore, each technology that will be opted by any company to protect their data requires the other to ensure that the aim of the company is protection to the company is realized according to Valance, 2003. For example, if in-house tokenization is used, the tokenizing server as well as storage areas requires application of encryption to ensure that effective security is offered. Finally, all the technologies that will be used for security purposes require management and maintenance whether in house or outsourced.