Encryption - Now You Don't - Now You See It!

Our cryptic title is fitting since this topic is focused on Encryption.

Various consultants and government agencies have assessed the level of risk regarding the interception of electronically transmitted information by someone other than the intended recipient. And, the bottom line is that the risk is considerably higher than just a few years ago.

How do you protect the contents of messages being sent on a public network where the data may be either private or sensitive? Encrypting the message is one possible method.

Encryption of data results in an encoded message that no longer appears meaningful. Decryption is just the reverse process. Encoding techniques may be as simple as using character substitution or transposition. More sophisticated methods employ the use of one or two keys as part of the encoding algorithm. A key can be thought of as being similar to a password.

With the single key method, the same key is used to both encrypt and decrypt the message. Probably the best known single key encryption process is the Data Encryption Standard (DES). With the dual or public key method, two matched keys are calculated; one is used to encrypt and the other to decrypt. One of the keys is private and is kept under high security. The other key, however, is public and is posted for use by all. A sender of a message would obtain the receiver's public key and use it to encrypt the message. Upon receipt of the message, the receiver would use his private key to decode it.

Usually, the sensitivity of information in electronic form is the determining factor for the need of encryption for storage or transmission. This applies to both company and client information. There are also cost and performance considerations in processing and transmitting information to be considered as well.

The sources of the risk threat are the intelligence gathering agencies of foreign governments and private U.S. or foreign organizations. If encryption is used to counter the threat, the ability to decipher the message or file content has grown as well. This is due to the increased availability of cost-effective computer power. Therefore, given the current state of affairs, use due care in deciding whether or not to transmit ANY information electronically via telephone, fax, video, computer networks, etc. Since encryption provides some level of protection, the decision to use it should be based on business needs.

Confidential information with a low business impact if it were compromised, may be sent electronically. In general, distribute sensitive or classified information by alternate means.