Skip to content

Everything You Need to Know About Encryption

encryption

Think about how much of your personal information lives online. You probably have your address and payment information stored in the online accounts for your go-to favorite stores. If you’re like eight in 10 Americans, you use digital banking, as well. And you may also keep sensitive information and documents in a cloud-based storage system.

So, is your information safe? Can you trust third parties to protect your information and prevent data security failures? After all, in 2019 there were 1,473 data breaches in the U.S. that compromised more than 164.68 million sensitive records.

Encryption protects your information from being read by hackers and other hostile digital threats. Most people think of this as password protection, but what does encrypted mean?

This essential part of digital life has, for the most part, successfully kept the bulk of online thieves at bay for a few decades. But despite the integral role encryption plays in each of our lives, few people truly understand how encryption works, the different types of encryption and the devices encryption protects—or even if encryption has any vulnerabilities.

What does encrypted mean?

Encryption is the process of locking information from those who don’t have a key. When data is encrypted, the restricted information is unreadable to anyone without a key. The key, or parameter, controls the encryption process and contains information needed to transform the data from plain text to encrypted.

Within the key is a cipher dictating how the data is encrypted. The cipher consists of an algorithm used to encrypt and decrypt, or unlock, the data. There are several types of encryption ciphers, but the two most popular are symmetric key algorithms and asymmetric key algorithms.

Obviously, the key is an important piece of information, and most encryption solutions allow you to create an “emergency disk” containing the key. Without the key, even high-level data professionals can’t decrypt the data.

What are the types of encryption?

The types of encryption vary based on the level of security needed. There are many, many kinds, but here are a few of the most popular.

Full-disk encryption

Full-disk encryption locks all user files on the disk, not just the ones you want protected. This method of encryption works well because the entire operating system is secure, which inevitably means the system’s data is secure, too.

This is a relatively simple method of encryption, because full-disk encryption is transparent to applications, databases and users. And it works great for laptops because of full-disk encryption’s hardware-based high performance and a laptop’s susceptibility to theft.

File-level encryption

Just like it sounds, file-level encryption only secures selected user files or directories, not system files. This means the operating system itself isn’t secure, but the data should be—if encryption was performed properly.

File-level encryption is typically reserved for databases because of the security controls available to installed software agents. These agents quickly analyze disk reads and writes to determine if the data should be encrypted or decrypted.

This type of security is effective because of its transparency. When employing file-level encryption, organizations aren’t forced to customize their applications or change their business processes. File-level encryption offers strong controls over structured and unstructured data that effectively prevent abuse by privileged users, as well.

DB encryption

DB encryption allows administrators to secure data on a more granular level than file by file. This type of encryption makes it possible for you to secure a small subset of data within a database, without encrypting the database in its entirety.  DB encryption is also known as transparent data encryption.

This encryption method is an effective database security solution offering protection against many types of threats, including malicious insiders or administrators.

What can you encrypt?

The short answer: everything.

Any data, or device containing the data, can be encrypted. So, if you’ve ever seen the option to add more security to your phone and asked, what does encrypt phone mean? This is it!

Encrypting your phone or other smart device adds the highest level of security to your data. When your phone is locked, or simply not in use, all the data contained within the device is encrypted. The only way someone can pick up and use the phone, or even access the information on it, is with the encryption key.

This is a very high level of security and isn’t necessary for most people. But for those frequently working with a great deal of sensitive information, encrypting your device may be something to consider.

Data storage devices, like SD cards, can also be encrypted. So, if you’ve ever wondered what does encrypt SD card mean, you’re talking about fully securing the information contained within the SD card, so that only someone with the correct key credentials can access the SD’s data.

What does reset encrypted data mean?

Backups of the data stored on your phone, SD cards and other devices can be encrypted, too. To access the backup, you need the encryption key you set up when you created it. Unfortunately, too many of us set up backup encryption without bothering to save the encryption password. So, if you’re asking what does reset encrypted data mean, listen up!

If you’ve encrypted your backups, but can’t remember your password, you can reset your encrypted data. This lets you continue to backup and provides access to any new backups that happen after the reset. However, any backups occurring before the reset was performed will be lost forever.

Once you reset, be sure to keep a record of the encryption password so you don’t have to reset again and lose your old backups.

What are the vulnerabilities of encryption?

Each type of encryption comes with unique vulnerabilities. So here’s what you should look out for when you encrypt.

Full-disk encryption

When you perform full-disk encryption, you have to rely on the boot disk to properly provide the encryption key so the operating system can boot. This means the key has to be available before the user interface prompts for a password. As a result, a hacker could easily identify the key in advance of booting the OS, compromising your entire system and the data contained therein.

Full-disk encryption is really only effective at preventing physical loss of hardware and won’t really protect your data from advanced persistent threats, malicious insiders or external attackers.

File-level encryption

File-level encryption doesn’t secure the system in its entirety. As a result, the OS is vulnerable to outside threats. This is also a very system-specific type of encryption, so if you’re using file-level encryption be certain you’ve selected a solution compatible with their system (Windows, Linux, Unix, etc.)

DB encryption

DB encryption is a customized solution, made-to-order based on the requirements of your database. So just because you have DB encryption setup for one database, it doesn’t mean the same security solution will work well for another database.

This type of security is also limited in administrative capabilities. DB encryption doesn’t work with central administration across multiple vendor databases. And it doesn’t secure configuration files, system logs or reports.

Encryption is a great way to protect your data, but keep in mind that this security method isn’t perfect. If you’re struggling to access important data, hope is not lost! 

As we mentioned, data recovery professionals aren’t able to decrypt encrypted information without a key. But they can help you regain access to your information if there is corruption or physical problems with your storage media that are preventing your password from working. If you think this may be the case, contact a data recovery service today to get your information back.

 

Mike Cobb, Director of Engineering and CISO
As Director of Engineering, Mike Cobb manages the day-to-day operations of the Engineering Department, including the physical and logical recoveries of rotational media, SSDs, smart devices and flash media. He also oversees the R&D efforts for past, present, and future storage technologies. Mike encourages growth and ensures that each of the departments and their engineers continues to gain knowledge in their field. Each DriveSavers engineer has been trained to ensure the successful and complete recovery of data is their top priority.

As Chief Information Security Officer (CISO), Mike oversees cybersecurity at DriveSavers, including maintaining and updating security certifications such as SOC 2 Type II compliance, coordinating company security policy, and employee cybersecurity education.

Mike joined DriveSavers in 1994 and has a B.S. degree in Computer Science from the University of California, Riverside.

Back To Top
Search