Security: Everyone’s (not) doing it: what do teenagers have in common with data encryption?

Encryption has to be one of the most frequently cited words when it comes to discussions of data security.

It’s thrown into articles, product descriptions and conversations with barely a second thought, referenced vaguely by people who want to sound like they’ve got their IT security under control.

And because it crops up so often, many of us fail to interrogate whether we actually understand what encryption is. To say nothing of why, in an emerging world of the Internet of Things (IoT) it’s becoming increasingly important. So here’s a quick primer…

Encryption is the ‘translation of data into a secret code’ according to this definition, which is one of the most succinct we’ve found.

In other words, data that can be widely understood, like the text you’re reading right now, is converted into a far less universally-understood form, called ciphertext. This is achieved by scrambling it with an extremely large digital number, called a ‘key’. Only a recipient (or rather, a computer) with access to the original key can unscramble the ciphertext.

Encryption, then, is a way of ensuring data is safe and secure in transit. It’s particularly important for ecommerce websites, because they handle information like credit card numbers, full names, addresses and dates of birth that most customers wouldn’t appreciate being public knowledge – and that information is continually transmitted between customers, banks and the ecommerce site in question.

Encryption can also be a mechanism for ensuring data is safe in storage. Sensitive files can be protected by encryption with a key that only the data owner has access to.

It’s not a huge leap from these discussions to the Internet of Things. A mature IoT ecosystem, in which billions of devices are connected via the internet and transmitting billions upon billions of piece of data to each other, presents a massive IT security challenge, in terms of both data storage (on those individual devices), and transmission (between them).

Encryption at the point of data creation, prior to transmission, is the most comprehensive way of ensuring data security in this IoT landscape.

But what’s all this got to do with teenagers?

The more discussions we have with businesses starting to consider the impact of the Internet of Things on their operations, the more we wonder whether encryption has a lot in common with teenage sex.

That is – everyone’s talking about it. Everyone’s claiming to be doing it. Everyone likes to seem like an authority, experienced in the different forms it can take and the different ways it can be applied.

But the real numbers are much, much lower.

For most organisations, encryption is still an add-on process, rather than the foundation of their IT practice. Sure, businesses in fields like ecommerce are subject to data protection regulations and required to use encryption in certain contexts by law, but those regulations don’t apply to everyone. Even those ecommerce sites will often go to specialist payment gateways to run the necessary secure servers for them.

This is because encryption is all too often seen as laborious and time-consuming. While the basics are easy for most people to get their heads around, the intricacies of it are highly complex.

So, time for another natural leap. In order to truly harness the potential of the IoT, it’s going to be vital for organisations in all sectors, not just those currently subject to stringent data protection regulations, to get on board with encryption. Which in turn means seeking out truly end-to-end encryption solutions, which protect data from the point of creation, in storage and transit.

It’s with these challenges, and this philosophy in mind, that Device Authority has developed its Data Encryption Security Platform, which works across any device and any existing platform. If you’d like to become a business that’s not just talking about encryption, but actually doing it, get in touch with us today.