August 3, 2020 By Rick Robinson 3 min read

Human history is full of examples of encryption playing pivotal roles in war, competition and transitions of power. Throughout recorded time, people have employed encryption as a tactical tool to keep information private. That data could involve military campaigns, plots to overthrow political leaders or political dealings. In some cases, the use of encryption actually resulted in a false sense of security, because the encryption method itself was not secure enough.

With the advent of encryption, history set itself on a new course. The confidentiality, integrity and availability of information (or lack thereof) changed the outcome of events. In hindsight, the basic tools of data protection influenced people long before the invention of modern computing.

Encryption Basics

In today’s world, unlike the bulk of human history, information crosses the planet in real-time. When we make decisions based on that information, it is key that information is not only available when we need it, but is reliable and, often, confidential.

Encryption offers three pillars of value: confidentiality, reliability and control. These map nicely to the information security triad of confidentiality, integrity and availability.

Confidentiality

We all know that encrypting data makes the data confidential and hides it from the prying eyes of thieves, eavesdroppers and other threat actors. For a historical example, look at the highly classified plans of the Enola Gay bomber to drop the first atomic bomb. These plans were only communicated by way of encrypted channels. If they had been discovered by the Japanese military or their allies, the outcome of World War II could have been much different.

Integrity and Reliability Through Encryption

The other pillars provide just as much value and have just as much importance in history. Data encryption is a proactive step in adding reliability (or integrity) to the data. Reliability is an inherent characteristic of the algorithms used to encrypt data. If one bit is changed, the entire ciphertext may not be able to be decrypted, much less verified.

Specific algorithms called hash algorithms (and by extension, digital signatures) provide the mathematical anchors of reliability and integrity. They are important even though they do not specifically encrypt the data itself. The reliability pillar provides data protection against accidental (or intentional) changes.

Business, economic and military decisions are based on the availability of reliable data. If data is not reliable, then those decisions may do more damage than good. Critical data, such as the location of an aircraft approaching an airport, the temperature of a nuclear reactor or the earnings of a public company, influences how professionals respond. If that information is not reliable, bad things can happen.

Taking another chapter from the history of encryption, Mary Queen of Scots suffered the wrath of Queen Elizabeth I because of a weak cipher. Mary and Anthony Babington, her co-conspirator, used a cipher in in their plot to take over the English throne. This weak cipher not only could be broken, but it could also be forged.

Queen Elizabeth’s spymaster, Sir Francis Walsingham, oversaw the forgery of an encrypted message that resulted in the unintentional disclosure of the names of Babington’s accomplices to Walsingham along with the plot to overthrow Queen Elizabeth. The lack of reliability in the cipher used by the conspirators resulted in their executions.

The History of Data Control

Often data professionals acknowledge the third value pillar of encryption, data control, least. Whether that data consists of financial information on your organization’s performance, a photo of you from college, a letter between you and a previous business or a personal relationship, you generally want to keep this information confidential.

How does enterprise manage the risk to confidential data that could potentially live forever on the internet? We may not be able to control the bits of data or where they are located on the internet, but we can control the value of those bits. Data encryption requires robust encryption key management. As long as the data owners control the keys, they also control the data, regardless of where the data is located.

Whether we discard a key to a treasure chest by throwing it overboard or we encrypt data and destroy the encryption key, the effect is the same. The data (the treasure) is no longer recoverable, regardless of where it is located. This is a powerful concept that shows the control value of proper encryption key management. This is exemplified by the legendary Blitz Ciphers and the D-Day pigeon cipher from World War II. No one has yet encrypted those encoded messages. The authors of these messages, although long gone, are still in control of the information kept by their ciphers.

What would happen if all data were encrypted? Remember the three pillars of value for encryption and that confidentiality is only one of those pillars. Enterprise would find data to be more reliable and controllable if it was thoroughly encrypted. We would avoid inadvertent disclosure of data, and we would be able to make better and more reliable decisions. So, take a page from history, and know there is power in employing data encryption.

More from Data Protection

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today