Data Encryption Blog Post Image

Safety in Numbers

October 04, 2019 Scott Evangelist

In 2016, data encryption became a divisive subject in the United States. Encryption is the process of converting data from a readable format (plaintext) to a coded format that requires a key to view the plaintext format. Encryption uses complex math to convert data and is a widely-used method of keeping data secure at rest or in transit.

Several criminal cases that made national headlines revolved around data encryption and personal privacy vs national security. The most prominent case, of course, was the workplace shooting in San Bernardino, CA perpetrated by Syed Farook and Tashfeen Malik. After which, the FBI obtained a court order for Apple to crack into the operating system of Farook’s iPhone 5c, which was set to disable the phone after 10 incorrect passcode entries. This would have made any data in the phone useless if the FBI tried to brute force their way into the phone. Apple refused, knowing that complying with the court order would have created a dangerous precedent for the tech industry. Most, if not all tech insiders supported Apple’s decision to defy the US government.

In the public sector, it was not quite seen the same way. Many, including President Trump, called for a boycott of Apple. People saw the refusal as an affront to the security of the American people. Though, those people possibly failed to recognize the serious implications of requiring companies to create software with backdoors into their encryption technology. This would mean making technology deliberately unsecure.

Others in the government, such as former NSA Director Michael Hayden, knew what the FBI was actually aiming for—the precedent. He stated that opening a backdoor, creating a vulnerability on purpose, would make it possible for the government, foreign agents, businesses, and lone hackers alike, to attain encrypted data for less than savory reasons. Hayden said, “Jim [FBI Director Jim Comey] would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim’s job a bit easier in some specific circumstances.” Eventually, it was reported that the FBI paid hackers to crack the phone. They obtained data from the phone, and kept the details of the hacking to themselves.

Data encryption is already a part of our everyday lives in the 21st century. Encryption is not a public enemy. It keeps your information safe during financial transactions and even sending messages with an iPhone. Most credit and debit cards issued in the last few years are equipped with a small EMV chip. These chips send a unique encrypted signature each time the card is used. Unlike cards without chips that send the same information every time. Chips make card fraud harder to pull off now, as fraudsters install skimmers on devices like gas pumps to steal information and create a fraudulent card with the magnetic strip information. They can replicate a strip, but not the chip, thus the chip helps prevent card fraud.

“No matter what side of the fence you’re on regarding data encryption—the tech world as it stands is moving towards privacy and the security of data rather than the will of the government.”

Even more widely used in everyday life, iMessage, an app native to iPhones, encrypts user’s messages—making it impossible for anyone, even Apple, to read the messages since the key for decrypting messages is stored privately on the iPhone. This keeps information private, safe from prying eyes, whether they be Uncle Sam’s or anyone else’s.

Businesses (like hospitals and clinics) with confidential client information, are also turning to encryption to protect their data at rest. Healthcare businesses have become popular targets for hackers in recent years. Either by using ransomware to exploit their possibly urgent needs for patient information, or by hacking into systems and stealing the information (SSN, contact info, payment info). Though data encryption does not reduce a company’s susceptibility to phishing or hacking, encryption would make any stolen information entirely useless and keep private information private. 

A common workstation encryption solution is the Windows integrated drive encryption software, Bitlocker. Bitlocker is included in Windows Pro series operating systems, and is easy to use and configure. Sophos Safeguard is a similar product that can be used in Apple workstations for those of us using Macbooks, but is not standard in the operating system. But for encrypting large amounts of data at rest for backup and retention purposes, NetApp SAN products can utilize NetApp Storage Encryption software—full disk encryption on self-encrypting disks with deduplication and compression technology.

Atomic Data, as a NetApp partner, knows the importance of security and compliance as we work with several healthcare providers. NetApp Storage Encryption offers great protection against unauthorized access to data while being as nondisruptive as possible. This means storage performance isn’t slowed down much, so as not to impact business workflow.

If 2016 was any indication of what’s to come in 2017, as far as hacking and cybersecurity are concerned, then 2017 will only be worse. More hacks, bigger hacks, further integrating botnets into hacks, more hacks revealed to the public (it took Yahoo almost three years to understand and release the magnitude of their 1 billion user breach to the public). So, data encryption will likely become more common for individuals and businesses alike. And advances in encryption technology, without government interference, will continue to make it harder to gain access to encrypted information. And that’s a good thing for entities that need to maintain compliance with HIPAA or other business standards, like some of our Clients.

No matter what side of the fence you’re on regarding data encryption—the tech world as it stands is moving towards privacy and the security of data rather than the will of the government. We believe the security of data is paramount. Our SOC 3 attested facilities provide the ultimate privacy and security measures for data in motion and at rest. Get in touch with us to learn more about protecting your data from unauthorized access.