top of page
  • Writer's pictureA&P

Data At Rest Encryption

Updated: Nov 3, 2023


I was at a public event years ago covering a cybersecurity booth. Someone approached and said she had to meet encryption requirements for her data but didn't know how. No matter what I said, she was convinced encrypting data was something super hard and beyond her technical skill. However, using encryption should not be that difficult even if you don't have a lot of IT experience. You don't have to know all the math behind it. You just have to have a grasp of where to look for the current standards and make sure whatever product your using matches it. Using encryption as a user can be as simple as setting a complex password and letting a drive encrypt.


I mention the understanding of current standards because computing is constantly improving. As computing power increases you need longer and longer keys. This is because the more powerful computers become the bigger keys need to be to make it prohibitive for an attacker to spend time trying to break it. There is also an algorithm. That is the formula the computer follows to do the encryption. You need to make sure your using a modern algorithm. The math on some older algorithms has eventually been comprised. For example DES has been broken. One of the most commonly used algorithms today is AES. However, there are fears with the quantum computing gains that it will become compromised in the future. There are efforts under the cryptographic modernization program to mitigate the threats posed by quantum computing. The best practice is to do a quick google search and make sure whatever encryption is being offered is up to modern standards. You can also look here to find more information about encryption- https://csrc.nist.gov/Projects/Cryptographic-Standards-and-Guidelines


There are different types of encryption. The one that will most affect individual users is Data at Rest (DAR) Encryption. Some versions of Windows offer Bitlocker. This is an example of DAR encryption. DAR encryption is used to encrypt drives so that if someone else tries to physically access they will not be able to get at the data. This is important for all computers, but especially important for mobile devices which are at higher risk of getting lost or misplaced. You can also do DAR encryption by saving data to an encrypted hard drive. In the instance of the person who approached me at the public event all she would have had to do was purchase a drive readily available at BestBuy or other IT vendor, set a password and let it encrypt. If she had Windows with BitLocker it would have been similarly simple and straight forward. Then she could have truthfully answered she was storing her data encrypted. DAR Encryption does not have to be difficult to implement.


8 views0 comments

Recent Posts

See All

Comments


bottom of page